yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
21734 commits 89 branches 205 tags 114 MiB
Commit graph

2262 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque 
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
 2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard 67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx 
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
 2022-04-29 10:47:16 +02:00
Neil Armstrong 94e371af91 Update mbedtls_pk_wrap_as_opaque() usage in SSL client2 & server2 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-28 13:27:59 +02:00
Gilles Peskine 72b99edf31
Merge pull request #5381 from mpg/benchmark-ecc-heap 
Improve benchmarking of ECC heap usage
 2022-04-22 16:43:11 +02:00
Przemek Stekiel cb322eac6b Enable support for psa opaque DHE-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:33 +02:00
Przemek Stekiel b293aaa61b Enable support for psa opaque DHE-PSK key exchange on the client side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:33 +02:00
Przemek Stekiel 14d11b0877 Enable support for psa opaque ECDHE-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:53:55 +02:00
Przemek Stekiel 19b80f8151 Enable support for psa opaque ECDHE-PSK key exchange on the client side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel aeb710fec5 Enable support for psa opaque RSA-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel fc72e428ed ssl_client2: Enable support for TLS 1.2 RSA-PSK opaque ciphersuite 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Ronald Cron 38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server 
Add client hello into server side
 2022-04-22 10:26:00 +02:00
Manuel Pégourié-Gonnard 21f82c7510
Merge pull request #5709 from superna9999/5625-pk-opaque-rsa-tls12 
RSA sign 3b: TLS 1.2 integration testing
 2022-04-22 10:05:43 +02:00
Gilles Peskine afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk 
Run ssl-opt.sh in more reduced configurations
 2022-04-21 12:03:53 +02:00
XiaokangQian 318dc763a6 Fix test failure issue and update code styles 
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 09:43:51 +00:00
Paul Elliott a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers 
Unify internal/external TLS protocol version enums
 2022-04-19 17:05:26 +01:00
Glenn Strauss e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version 
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss 60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version 
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:12 -04:00
Neil Armstrong f0b1271a42 Support RSA Opaque PK keys in ssl_server2 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-13 10:49:25 +02:00
Thomas Daubney 88fed8e700 Rewrite ecdh_curve25519 program 
Rewrite the example ECDH x25519 program using the
high-level ECDH API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-04-12 14:37:16 +01:00
Dave Rodgman ed35887fc8
Merge pull request #2104 from hanno-arm/iotssl-2071 
Check that integer types don't use padding bits in selftest
 2022-04-11 17:26:08 +01:00
Dave Rodgman 8f5a29ae40 Improve fix for printf specifier 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-11 12:59:45 +01:00
Dave Rodgman eaba723139 Fix printf specifier 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-11 10:07:38 +01:00
Dave Rodgman e2e7e9400b Fail for types not of size 2, 4 or 8 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:46:30 +01:00
Hanno Becker baae59cd49 Improve documentation of absence-of-padding check 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:46:29 +01:00
Hanno Becker 0d7dd3cd43 Check that size_t and ptrdiff_t don't have padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:46:26 +01:00
Hanno Becker 4ab3850605 Check that integer types don't use padding bits in selftest 
This commit modifies programs/test/selftest to include a check that
none of the standard integer types (unsigned) [short, int, long, long]
uses padding bits, which we currently don't support.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:45:05 +01:00
Gilles Peskine e756f642cd Seed the PRNG even if time() isn't available 
time() is only needed to seed the PRNG non-deterministically. If it isn't
available, do seed it, but pick a static seed.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-08 04:46:41 -04:00
Gilles Peskine 99a732bf0c Fix off-by-one in buffer_size usage 
The added null byte was accounted for twice, once by taking
opt.buffer_size+1 when allocating the buffer and once by taking opt.buffer-1
when filling the buffer. Make opt.buffer_size the size that is actually
read, it's less confusing that way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-06 23:34:36 +02:00
Gilles Peskine 8bb96d96cd Fix buffer size calculation 
Make sure that buf always has enough room for what it will contain. Before,
this was not the case if the buffer was smaller than the default response,
leading to memory corruption in ssl_server2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-06 23:31:05 +02:00
Dave Rodgman 017a19997a Update references to old Github organisation 
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-03-31 14:43:16 +01:00
Jerry Yu 79c004148d Add PSA && TLS1_3 check_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu 3a58b462b6 add pss_rsae_sha{384,512} 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Dave Rodgman 2cecd8aaad
Merge pull request #3624 from daxtens/timeless 
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
 2022-03-15 16:43:19 +00:00
Manuel Pégourié-Gonnard 10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data 
server certificate selection callback
 2022-03-10 11:51:42 +01:00
Manuel Pégourié-Gonnard d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c 
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
 2022-03-08 11:43:45 +01:00
Andrzej Kurek 541318ad70 Refactor ssl_context_info time printing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Andrzej Kurek 554b820747 Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Andrzej Kurek 6056e7af4f Fix benchmark and udp_proxy dependency on MBEDTLS_HAVE_TIME 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Andrzej Kurek 06a00afeec Fix requirement mismatch in fuzz/common.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
David Horstmann ca53459bed programs/fuzz: Remove superfluous MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME_ALT implies MBEDTLS_HAVE_TIME, so an extra
check for MBEDTLS_HAVE_TIME is not needed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-03-04 05:07:45 -05:00
David Horstmann 4e0cc40d0f programs/fuzz: Use build_info.h in common.h 
Remove direct inclusion of mbedtls_config.h and replace with
build_info.h, as is the convention in Mbed TLS 3.0.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-03-04 05:07:45 -05:00
David Horstmann 5b9cb9e8ca programs/test: fix build without MBEDTLS_HAVE_TIME 
Allow programs/test/udp_proxy.c to build when MBEDTLS_HAVE_TIME is
not defined. In this case, do not attempt to seed the pseudo-random
number generator used to sometimes produce corrupt packets and other
erroneous data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-03-04 05:07:45 -05:00
Raoul Strackx 9ed9bc9377 programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined 
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 05:07:45 -05:00
Daniel Axtens f071024bf8 Do not include time.h without MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 05:07:45 -05:00
Przemek Stekiel 3f076dfb6d Fix comments for conditional compilation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-04 09:36:46 +01:00
Glenn Strauss 48a37f01b3 Add cert_cb use to programs/ssl/ssl_server2.c 
(for use by some tests/)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Gilles Peskine fd222da2e9 Fix the build when MBEDTLS_PLATFORM_C is unset 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 15:26:40 +01:00
Manuel Pégourié-Gonnard 6d2479516c
Merge pull request #5533 from paul-elliott-arm/fix_fuzz_privkey_null_ctx 
Fix null context when using dummy_rand with mbedtls_pk_parse_key()
 2022-02-16 09:55:01 +01:00
Paul Elliott 5d7e61fb61 Fix uninitialised return value. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-15 16:05:17 +00:00
Manuel Pégourié-Gonnard a1b506996d
Merge pull request #5526 from paul-elliott-arm/fix_fuzzer_null_ref 
Ensure ctr_drbg is initialised every time in fuzz_server
 2022-02-15 10:31:03 +01:00
Paul Elliott a1dc3e5a60 Add safety to dummy_random in case of NULL context 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-14 18:26:21 +00:00
Przemyslaw Stekiel 169f115bf0 ssl_client2: init psa crypto for TLS 1.3 build 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 17:15:04 +01:00
Paul Elliott bb0168144e Ensure valid context is used in fuzz_dtlsserver 
A valid ctr_drbg context is now a prerequisite for using dummy_random()

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-14 15:57:11 +00:00
Paul Elliott 51a7679a8e Ensure context is passed in to dummy_rand 
In fuzz_privkey, we switched over to using dummy_rand(), which uses
ctr_drbg internally, and thus requires an initialised ctr_drbg_context
to be passed in via p_rng when calling mbedtls_pk_parse_key().

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-11 19:10:14 +00:00
Paul Elliott 00738bf65e Ensure ctr_drbg is initialised every time 
ctr_drbg is a local variable and thus needs initialisation every time
LLVMFuzzerTestOneInput() is called, the rest of the variables inside the
if(initialised) block are all static.

Add extra validation to attempt to catch this issue in future.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-10 18:38:53 +00:00
Glenn Strauss a941b62985 Create public macros for ssl_ticket key,name sizes 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 15:28:28 -05:00
Glenn Strauss e328245618 Add test case use of mbedtls_ssl_ticket_rotate 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 14:33:16 -05:00
Manuel Pégourié-Gonnard 9193f7d836
Merge pull request #5436 from mpg/prog-hmac-cipher-psa 
PSA: example programs for HMAC and AEAD vs legacy
 2022-02-09 10:53:49 +01:00
Manuel Pégourié-Gonnard ae1bae8412 Give a magic constant a name 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:36:28 +01:00
Manuel Pégourié-Gonnard c82504e22c Clean up output from cipher_aead_demo 
Used to print "cipher:" when it was the cipher part of a program that
had both cipher and PSA. Now it doesn't really make sense. Align the
output to match the PSA version of this program.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:31:36 +01:00
Manuel Pégourié-Gonnard 5e6c884315 Improve info() function in cipher_aead_demo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:29:59 +01:00
Manuel Pégourié-Gonnard 64754e1b8d Wrap long lines 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:21:14 +01:00
Manuel Pégourié-Gonnard 340808ca67 Add comments on error codes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:15:26 +01:00
Manuel Pégourié-Gonnard 48bae0295c Avoid hardcoding a size 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:14:58 +01:00
Manuel Pégourié-Gonnard cf99beb8fe Improve naming consistency 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 10:54:26 +01:00
Manuel Pégourié-Gonnard 6f20595b6e
Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity 
Clarify key types message from ssl_client2 and ssl_server2
 2022-02-03 11:33:03 +01:00
Manuel Pégourié-Gonnard 1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs 
Resolve problems with reduced configs using USE_PSA_CRYPTO
 2022-02-02 10:20:26 +01:00
Manuel Pégourié-Gonnard f6ea19c66c Work around bug in PSA_MAC_LENGTH() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 13:08:21 +01:00
Manuel Pégourié-Gonnard 12ec5719e7 Fix bug in md_hmac_demo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 09:47:46 +01:00
Manuel Pégourié-Gonnard 29088a4146 Avoid duplicate program names 
Visual Studio and CMake didn't like having targets with the same name,
albeit in different directories.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 09:38:26 +01:00
Manuel Pégourié-Gonnard 6fdc9e8df1 Move aead_non_psa out of the psa/ directory 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 09:29:13 +01:00
Gilles Peskine cc50f1be43 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-31 22:53:30 +01:00
Manuel Pégourié-Gonnard 69bb3f5332 Move hmac_non_psa out of psa/ directory 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-31 13:09:47 +01:00
Manuel Pégourié-Gonnard 248b385f1b Add comments to AEAD (non-PSA) examples 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-31 12:56:39 +01:00
Manuel Pégourié-Gonnard 6349794648 Demonstrate better practices in HMAC examples 
- avoid hardcoded sizes when there's a macro for that
- avoid mutable global variables
- zeroize potentially-sensitive local buffer on exit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-31 12:30:02 +01:00
Manuel Pégourié-Gonnard f392a02c50 Add comments to the HMAC (non-)PSA examples 
Also clean up / align the structure on existing examples.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-31 12:06:07 +01:00
Manuel Pégourié-Gonnard fd1d13c8bd Avoid requiring too much C99 support 
MSVC 2013, still supported and used in our CI, did not support that.

   aead_psa.c(78): error C2099: initializer is not a constant
   aead_psa.c(168): error C2057: expected constant expression
   aead_psa.c(168): error C2466: cannot allocate an array of constant size 0
   aead_psa.c(168): error C2133: 'out' : unknown size
   aead_psa.c(169): warning C4034: sizeof returns 0

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-28 12:52:35 +01:00
Manuel Pégourié-Gonnard 7d5ef1731b Split aead_cipher_psa 
Same as previous commit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-28 12:49:37 +01:00
Manuel Pégourié-Gonnard edf6e83cbc Split hmac_md_psa.c 
Having two programs might make comparison easier, and will make it
easier to people to use just the PSA one as an example.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-27 12:36:39 +01:00
Manuel Pégourié-Gonnard 1a45c713f0 Fix cleanup code 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-27 12:22:28 +01:00
Manuel Pégourié-Gonnard 3aae30c224 Use PSA macros for buffer sizes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-27 12:11:49 +01:00
Manuel Pégourié-Gonnard beef9c231c Use better names for dummy data 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-27 12:11:49 +01:00
Manuel Pégourié-Gonnard 428a97ed47 Improve option names 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-27 11:36:03 +01:00
Manuel Pégourié-Gonnard 0e725c33d4 Improve introductory comments. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-27 11:35:05 +01:00
Gilles Peskine 05bf89da34 Clarify key types message from ssl_client2 and ssl_server2 
If no key is loaded in a slot, say "none", not "invalid PK".

When listing two key types, use punctuation that's visibly a sequence
separator (",").

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 17:50:25 +01:00
Jerry Yu 11f0a9c2c4 fix deprecated-declarations error 
replace sig_hashes with sig_alg

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Manuel Pégourié-Gonnard fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite 
Add accessors for ciphersuite info
 2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard ff743a7f38
Merge pull request #5425 from gabor-mezei-arm/5181_tls_cipher_extend_testing_of_tickets 
TLS Cipher 1a: extend testing of tickets
 2022-01-24 10:25:29 +01:00
Glenn Strauss 6eef56392a Add tests for accessors for ciphersuite info 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-01-23 08:37:02 -05:00
Andrzej Kurek 7a58d5283b Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED 
Fix dependencies across test ssl programs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:34:02 -05:00
Manuel Pégourié-Gonnard aab5258b7a Avoid using %zu, not supported everywhere yet. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-19 10:28:32 +01:00
Manuel Pégourié-Gonnard 24e82ded79 Fix type of temporary variable 
Both functions use int. Using size_t results is a warning from MSVC.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:29:41 +01:00
Manuel Pégourié-Gonnard 763641a3f5 Rm use of non-standard __func__ in example programs 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-17 11:58:54 +01:00
Manuel Pégourié-Gonnard 9efbf53f0e Declare incompatibility in new programs 
Existing example programs in this directory are already incompatible
with that option, so this is probably acceptable here too.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-17 11:57:44 +01:00
Manuel Pégourié-Gonnard ecffd96910 Silence compiler warning in example program 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-14 13:23:54 +01:00
Manuel Pégourié-Gonnard 398d45985b Add example program psa/aead_cipher_psa 
This is meant to highlight similarities and differences in the APIs.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-14 12:48:13 +01:00
Gabor Mezei d4bea1efd5
Add ticket_aead option for ssl_server2 
The ticket_aead option allows to specify the session ticket protection.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-01-12 16:21:15 +01:00
Manuel Pégourié-Gonnard 667b556dbc Add example program psa/hmac_md_psa 
This is meant to highlight similarities and differences in the
multi-part HMAC APIs.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-07 12:20:54 +01:00
Manuel Pégourié-Gonnard bf5b46c1ee Fix alignment in benchmark output 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-05 10:34:17 +01:00
Manuel Pégourié-Gonnard 6ced002a69 Count allocs without side-effects 
At the end of the benchmark program, heap stats are printed, and these
stats will be wrong if we reset counters in the middle.

Also remove the function to reset counters, in order to encourage other
programs to behave correctly as well.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-05 10:08:59 +01:00
Manuel Pégourié-Gonnard cd4ad0c67a No need to call a function to avoid a warning. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-05 09:54:37 +01:00
Manuel Pégourié-Gonnard 68322c4594 Remove old useless function from benchmark 
This no longer makes sense since pre-computed multiples of the base
point are now static. The function was not doing anything since `grp.T`
was set to `NULL` when exiting `ecp_mul_comb()` anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-04 11:14:42 +01:00
Manuel Pégourié-Gonnard c4055446c4 Use alloc counters in memory benchmarking 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-04 10:24:01 +01:00
Manuel Pégourié-Gonnard a93aa580dc Fix build failure in benchmark in reduced configs 
The "proper" fix would be to define the function only when it's needed,
but the condition for that would be tedious to write (enumeration of all
symmetric crypto modules) and since this is a utility program, not the
core library, I think it's OK to keep unused functions.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-04 09:47:54 +01:00
Andrzej Kurek 03e01461ad Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO 
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-03 12:53:24 +01:00
paul-elliott-arm f434994d83
Merge pull request #5303 from yuhaoth/pr/add_list_config_function 
Add list config function
 2021-12-10 18:30:06 +00:00
Ronald Cron 2331fdb280
Merge pull request #5293 from ronald-cron-arm/tls13-mvp-misc 
Miscellaneous final changes for TLS 1.3 MVP release
 2021-12-10 17:46:47 +01:00
Jerry Yu 29ceb564f8 fix help message issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 23:38:57 +08:00
Gilles Peskine f1c30b2a94 Check return values in more places 
Selective replacement of
```
^\( *\)\(mbedtls_\(md\|cipher\)_[A-Z_a-z0-9]+\)\((.*)\);
```
by
```
\1if( \2\4 != 0 )
\1{
\1    mbedtls_fprintf( stderr, "\2() returned error\\n" );
\1    goto exit;
\1}
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 14:25:45 +01:00
Ronald Cron 6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:47:55 +01:00
Jerry Yu a15f3cc350 Add list_config into query_comile_time_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 16:31:01 +08:00
Jerry Yu 84e63a73cd Add list_config generation 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 16:30:57 +08:00
Gilles Peskine 1dc3c4553d
Merge pull request #5295 from paul-elliott-arm/crypt_and_hash_prog 
Add checks for return values to md functions in crypt and hash
 2021-12-09 23:32:59 +01:00
Paul Elliott ef9cccaf3c Fix printf format specifier 
Also mark function as printf variant so compiler will pickup any future
issues.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 17:25:04 +00:00
Paul Elliott d79d3eb736 Add checks for return values to md functions 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 17:18:10 +00:00
Paul Elliott 3820c150d1 Prevent resource leak 
If -f was used as an argument twice to the program, then it would leak
the file resource, due to overwriting it on the second pass

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 12:48:51 +00:00
Dave Rodgman 351c71b7f2 Fix builds when config.h only defines MBEDTLS_BIGNUM_C 
Fixes #4929

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-06 17:50:53 +00:00
Xiaofei Bai d25fab6f79 Update based on comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-12-02 06:36:27 +00:00
Xiaofei Bai 6dc90da740 Rebased on 74217ee and add fixes 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:12:43 +00:00
Xiaofei Bai 9539501120 Rebase and add fixes 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:09:26 +00:00
Xiaofei Bai 746f9481ea Fix 1_3/13 usages in macros and function names 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Ronald Cron 74217ee03c
Merge pull request #5202 from xkqian/pr/add_rsa_pkcsv15 
Pr/add rsa pkcsv15
 2021-11-26 08:07:11 +01:00
Gilles Peskine a0e57ef84f
Merge pull request #5131 from gilles-peskine-arm/dlopen-test 
dlopen test
 2021-11-25 22:03:27 +01:00
XiaokangQian 4d2329fd8a Change code based on reviews 
Remove support signature PKCS1 v1.5 in CertificateVerify.
Remove useless server states in test script

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-25 02:21:16 +00:00
XiaokangQian 25476a48b9 Change code based on review 
Remove useless component in all.sh
Remove use server logs in ssh-opt.sh
Remove useless guards in ssl_client2.c

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-23 14:01:21 +00:00
XiaokangQian ff5f6c8bb0 Refine test code and test scripts 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-23 08:49:51 +00:00
XiaokangQian f977e9af6d Add componet test and rsa signature options 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-23 07:19:23 +00:00
XiaokangQian bdf26de384 Fix test failure and remove useless code 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 09:52:56 +00:00
XiaokangQian 4b82ca1b70 Refine test code and test scripts 
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 05:50:12 +00:00
paul-elliott-arm 61f797adfd
Merge pull request #5111 from mprse/aps_mem_leak 
ssl_client2, ssl_server2: add check for psa memory leaks
 2021-11-17 11:54:44 +00:00
Gilles Peskine 834d229117 Fix dynamic library extension on macOS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-12 14:30:22 +01:00
Gilles Peskine 7fb54c5674 More explicit output for the test program 
Without that, the logs were a bit hard to understand if you didn't know what
to expect.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 21:08:28 +01:00
Gilles Peskine b6a0299708 Avoid undefined variable warning without MBEDTLS_MD_C 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 19:11:32 +01:00
Gilles Peskine 88e3e70df5 Use CMake's knowledge of what system library has dlopen() 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 19:10:27 +01:00
Gilles Peskine f80a029f28 Don't build dlopen when building for Windows 
Windows doesn't have dlopen, not even Linux emulation environments such as
MinGW.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 19:05:20 +01:00
Gilles Peskine 5dbee582a3 Only link with libdl on Linux 
Requiring an extra library for dlopen is a Linux non-POSIX-compliance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 19:05:20 +01:00
Gilles Peskine ca144597e8 Run the dlopen test in shared library builds 
Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126:
libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509
and libmbedcrypto when built with make.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 19:05:20 +01:00
Gilles Peskine a7c247e87d New test app for dynamic loading of libmbed* with dlopen 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 19:05:20 +01:00
Przemyslaw Stekiel d6914e3196 ssl_client2/ssl_server2: Rework ordering of cleanup 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-10 10:46:11 +01:00
Przemyslaw Stekiel 505712338e ssl_client2: move memory leak check before rng_free() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-03 14:19:52 +01:00
Przemyslaw Stekiel 53de2622f3 Move psa_crypto_slot_management.h out from psa_crypto_helpers.h 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-03 09:35:35 +01:00
Przemyslaw Stekiel bbb22bbd9e ssl_client2/ssl_server2: Move is_psa_leaking() before mbedtls_psa_crypto_free() (and rng_free()) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-03 09:06:09 +01:00
Manuel Pégourié-Gonnard 0dbe1dfa1c
Merge pull request #4859 from brett-warren-arm/supported_groups 
Add mbedtls_ssl_conf_groups to API
 2021-11-02 10:49:09 +01:00
Brett Warren 25386b7652 Refactor ssl_{server2,client2} for NamedGroup IDs 
Signed-off-by: Brett Warren <brett.warren@arm.com>
 2021-10-29 14:07:46 +01:00
Przemyslaw Stekiel fed825a9aa ssl_client2, ssl_server2: add check for psa memory leaks 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-10-29 12:32:26 +02:00
Manuel Pégourié-Gonnard 4c9313fcd9
Merge pull request #4514 from mpg/generated-files-cmake 
Generated files cmake
 2021-10-28 09:23:41 +02:00
Manuel Pégourié-Gonnard 475bfe626e
Merge pull request #5108 from gilles-peskine-arm/base64-no-table-3.0 
range-based constant-flow base64
 2021-10-27 12:18:21 +02:00
Manuel Pégourié-Gonnard 9317e09d15
Merge pull request #5007 from mprse/pk_opaque 
Add key_opaque option to ssl_server2.c + test
 2021-10-27 10:52:13 +02:00
Przemyslaw Stekiel c2d2f217fb ssl_client2/ssl_server_2: use PSA_ALG_ANY_HASH as algorithm for opaque key 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-10-26 12:24:34 +02:00
Gilles Peskine 680747b868 Fix the build of sample programs without mbedtls_strerror 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 22:09:12 +02:00