yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
23193 commits 89 branches 205 tags 114 MiB
Commit graph

2340 commits

Author SHA1 Message Date
Andrzej Kurek 0bc834b27f Enable signature algorithms in ssl programs with PSA based hashes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:37:46 -04:00
Dave Rodgman 1577c548d1 Use NULL instead of 0 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-09 10:22:15 +01:00
Nayna Jain 106a0afc5a pkcs7: provide fuzz harness 
This allows for pkcs7 fuzz testing with OSS-Fuzz.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
 2022-09-01 19:45:41 -05:00
Jerry Yu 0203534c64 Add session save after got new session ticket 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Ronald Cron e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation 
TLS 1.3: SRV: Finalize external PSK negotiation
 2022-08-31 17:21:57 +02:00
Andrzej Kurek dcce505a08 Add a missing guard in an example program 
MD variable is not used in builds without MD.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-30 17:56:08 -04:00
Manuel Pégourié-Gonnard bf22a2500b
Merge pull request #6208 from AndrzejKurek/tls-tests-no-md-structured 
Remove the dependency on MD from TLS 1.2 tests
 2022-08-30 12:34:37 +02:00
Manuel Pégourié-Gonnard a84ce3fa81
Merge pull request #6111 from superna9999/6101-programs-dont-build-with-libtestdriver-and-use-psa 
Programs don't build with libtestdriver and USE_PSA
 2022-08-30 12:29:01 +02:00
Dave Rodgman c5e0a8a890 Add missing error message 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:25:45 +01:00
Dave Rodgman 64937856e0 Correct order of extended key usage attributes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:25:45 +01:00
Dave Rodgman 18b02d35d6 Remove redundant sig_alg argument 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:25:45 +01:00
Dave Rodgman 2ee7bbd10a Replace some constant values with sizeof 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:25:45 +01:00
Dave Rodgman 5f3f0d06e6 Address minor review comments 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:25:45 +01:00
Dave Rodgman ec9f6b4de1 Fix minor compile errors 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:25:45 +01:00
Nicholas Wilson 99a96b1c22 Improve programs/cert_write with a way to set the signature digest 
This is useful for generating SHA-1 and MD5 certificates for test
purposes.  I guess RSA-PSS could be added too, but I don't need that
now.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:08:43 +01:00
Nicholas Wilson 8e5bdfbbcf Improve programs/cert_write with a way to set extended key usages 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:08:43 +01:00
Jerry Yu c5a23a0f12 fix various issues 
- code style
- variable initialize
- update comments


Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-25 11:09:35 +08:00
Andrzej Kurek cccb044804 Style & formatting fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-23 05:26:02 -04:00
Andrzej Kurek 8c95ac4500 Add missing dependencies / alternatives 
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate, 
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-22 17:46:50 -04:00
Jerry Yu 5d01c05d93 fix various issues 
- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:55:01 +08:00
Jerry Yu 2b7a51ba8f Add psk_or_ephemeral mode and tests 
psk_or_ephemeral exists in theory. This change is for
improving test coverage.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:51:53 +08:00
Jerry Yu 62c8763de7 Improve macro expansion help message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 10:18:36 +08:00
Jerry Yu 08dccc1f75 Improve help message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-10 10:02:04 +08:00
Neil Armstrong 9bb8e0d3c5 Fix fuzz_privkey build without MBEDTLS_ENTROPY_C defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-08 13:56:13 +02:00
Jerry Yu 2fcb056ea9 Add requires_{any,all}_configs_enabled functions 
- requires_any_configs_enabled
- requires_all_configs_enabled
- requires_any_configs_disabled
- requires_all_configs_disabled

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-31 12:23:39 +08:00
Jan Bruckner 25fdc2addb Fix minor typos 
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2022-07-26 10:52:46 +02:00
Jerry Yu 2b4f02d7fb Add new_session_ticket err handler 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Paul Elliott 7adb8cbc0e Revert "Add generated files for 3.2.0 release" 
This reverts commit cb21f2eab3.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-11 18:18:30 +01:00
Paul Elliott cb21f2eab3 Add generated files for 3.2.0 release 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-11 13:56:01 +01:00
Ronald Cron ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Paul Elliott 41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf 
Turn off stdio buffering with setbuf()
 2022-07-04 10:12:22 +01:00
Ronald Cron 0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk 
Refactor signature algorithm chooser
 2022-07-04 09:10:08 +02:00
Paul Elliott bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints 
Add accessors to config DN hints for cert request
 2022-07-01 17:23:14 +01:00
Paul Elliott ff15dbab4c Make definition order a bit neater 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-01 16:30:08 +01:00
Gilles Peskine 6d576c9646 Call setbuf when reading or writing files: programs 
After opening a file containing sensitive data, call mbedtls_setbuf() to
disable buffering. This way, we don't expose sensitive data to a memory
disclosure vulnerability in a buffer outside our control.

This commit adds a call to mbedtls_setbuf() after each call to fopen(),
but only in sample programs that were calling mbedtls_platform_zeroize().
Don't bother protecting stdio buffers in programs where application buffers
weren't protected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 17:06:11 +02:00
Jerry Yu cc5391048e fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:18:30 +08:00
Jerry Yu 202919c23d refine supported sig alg print 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:18:29 +08:00
Jerry Yu 64f410c246 Add tls13 sig alg parameters 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:09 +08:00
Jerry Yu a1255e6b8c fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:09 +08:00
Jerry Yu 9bb3ee436b Revert rsa_pss_rsae_* support for tls12 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:08 +08:00
Jerry Yu 3896ac6e5b fix ordered sig algs fail for openssl 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:06 +08:00
Jerry Yu 9f4cc5ff65 Add pss_rsae sig algs into test conf 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:41 +08:00
Glenn Strauss bd10c4e2af Test accessors to config DN hints for cert request 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-06-29 02:54:28 -04:00
Gilles Peskine 0ff241a1ea Remove largely useless bit of test log to silence GCC 12 
GCC 12 emits a warning because it thinks `buffer1` is used after having been
freed. The code is correct C because we're only using the value of
`(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for
anything useful: it doesn't really matter if an alloc-free-alloc sequence
returns the same address twice. So don't print that bit of information, and
this way we don't need to save the old address.

Fixes #5974.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-25 14:29:23 +02:00
Ronald Cron ba65fbbe30 Fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-22 17:36:12 +02:00
Ronald Cron 903c979376 programs: ssl: Add one RSA PSS signature algorithm 
Add one RSA PSS signature algorithm to the
test list of signature algorithms. This allows
certificate chains exposing an RSA key with
signatures using SHA-1 to be used in tests
where an TLS 1.3 handshake is performed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-17 08:45:30 +02:00
Ronald Cron 4ccd226cbf
Merge pull request #5864 from xkqian/tls13_add_comprehensive_cases 
Tls13 add comprehensive cases
 2022-06-15 09:18:11 +02:00
Gilles Peskine f940693960
Merge pull request #5725 from tom-daubney-arm/x25519_program 
Rewrite x25519 example program
 2022-05-31 11:27:22 +02:00
XiaokangQian d5d5b60c07 Add comprehensive test cases for TLS1.3 server side 
Change-Id: I544cb12b3ffe5edd7d59fa54342ca7db5b5c8a2a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-31 02:51:26 +00:00
Thomas Daubney 413550c529 Change memcmp call 
Previous call used sizeof() function which is not needed.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-05-23 16:11:31 +01:00
Thomas Daubney 70c0088239 Change use of olen variables 
Removed olen variable in favour of storing olens for
client and server separately.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-05-20 18:46:10 +01:00
bootstrap-prime 6dbbf44d78
Fix typos in documentation and constants with typo finding tool 
Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>
 2022-05-18 14:15:33 -04:00
Thomas Daubney 306a89094a Add additional error checking 
Initialise client and server secret buffers and check their
lengths.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-05-18 15:26:39 +01:00
Thomas Daubney ec2ec42828 Fix formatting 
Line up function parameters.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-05-18 10:23:20 +01:00
Thomas Daubney 64042b8d3d Fix typo 
Fix typo that was caught during review.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-05-18 09:59:55 +01:00
Dave Rodgman d87e46f3de
Merge pull request #3641 from okhowang/c99 
Pass c99 to compiler
 2022-05-12 14:01:10 +01:00
Manuel Pégourié-Gonnard 9bc53a2e84
Merge pull request #5806 from josesimoes/fix-3031 
Remove prompt to exit in all programs
 2022-05-12 10:50:31 +02:00
Andrzej Kurek 5c65c5781f Fix additional misspellings found by codespell 
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-05-11 21:25:54 +01:00
Shaun Case 8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. 
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:51 +01:00
Dave Rodgman faef649dec Fix Ubuntu compile error in udp_proxy.c 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 19:55:45 +01:00
josesimoes 23419560c9 Remove prompt to exit in all programs 
Signed-off-by: José Simões <jose.simoes@eclo.solutions>
 2022-05-06 17:11:22 +01:00
Przemek Stekiel cb20d202d2 Further code optimization 
- key_opaque_set_alg_usage(): set alg/usage in loop
- key_opaque_set_alg_usage(): add key paramteter to set default alg/usage if it is not specified by command line parameters
- unify default alg/usage for client and server
- optimize opaque code on client and server side

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-06 09:34:30 +02:00
Przemek Stekiel 296bfba924 ssl_server2: add key_opaque_algs2 usage info 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 11:08:34 +02:00
Przemek Stekiel 1d25e076f3 ssl_client2: fix default key opaque algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 11:05:10 +02:00
Przemek Stekiel 488efa05b6 Fix compiler warnings: initialize local variables: psa_alg, psa_alg2, psa_usage 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel 134eb8b6e2 Fix style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel 092128324f ssl_client2/ss_server2: optimize code for opaque key 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel 76a41f5a52 ssl_test_lib: fix compilation flags for default config 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel e5e9ba920f ssl_server2: refactor opaque code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel 89132a6ab0 Fix call to mbedtls_pk_wrap_as_opaque(): use usage variable instead PSA_KEY_USAGE_SIGN_HASH 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel b58c47a666 ssl_server2: use key opaque algs given from command line 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel 344c561292 ssl_server2: Add support for key_opaque_algs2 command line paramtere 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel a17b5c6ba2 ssl_client: use key opaque algs given from command line 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel 01396a16da ssl_test_lib: add function translate given opaque algoritms to psa 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel 77fc9ab1ba Fix typos and code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel 4ca0d72c3b ssl server: add key_opaque_algs command line option 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel f1822febc4 ssl client: add key_opaque_algs command line option 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel 85d692d1c4 ssl client/server: add parsing function for key_opaque_algs command line option 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Manuel Pégourié-Gonnard 068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque 
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
 2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard 67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx 
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
 2022-04-29 10:47:16 +02:00
Neil Armstrong 94e371af91 Update mbedtls_pk_wrap_as_opaque() usage in SSL client2 & server2 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-28 13:27:59 +02:00
Gilles Peskine 72b99edf31
Merge pull request #5381 from mpg/benchmark-ecc-heap 
Improve benchmarking of ECC heap usage
 2022-04-22 16:43:11 +02:00
Przemek Stekiel cb322eac6b Enable support for psa opaque DHE-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:33 +02:00
Przemek Stekiel b293aaa61b Enable support for psa opaque DHE-PSK key exchange on the client side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:33 +02:00
Przemek Stekiel 14d11b0877 Enable support for psa opaque ECDHE-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:53:55 +02:00
Przemek Stekiel 19b80f8151 Enable support for psa opaque ECDHE-PSK key exchange on the client side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel aeb710fec5 Enable support for psa opaque RSA-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel fc72e428ed ssl_client2: Enable support for TLS 1.2 RSA-PSK opaque ciphersuite 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Ronald Cron 38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server 
Add client hello into server side
 2022-04-22 10:26:00 +02:00
Manuel Pégourié-Gonnard 21f82c7510
Merge pull request #5709 from superna9999/5625-pk-opaque-rsa-tls12 
RSA sign 3b: TLS 1.2 integration testing
 2022-04-22 10:05:43 +02:00
Gilles Peskine afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk 
Run ssl-opt.sh in more reduced configurations
 2022-04-21 12:03:53 +02:00
XiaokangQian 318dc763a6 Fix test failure issue and update code styles 
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 09:43:51 +00:00
Paul Elliott a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers 
Unify internal/external TLS protocol version enums
 2022-04-19 17:05:26 +01:00
Glenn Strauss e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version 
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss 60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version 
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:12 -04:00
Neil Armstrong f0b1271a42 Support RSA Opaque PK keys in ssl_server2 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-13 10:49:25 +02:00
Thomas Daubney 88fed8e700 Rewrite ecdh_curve25519 program 
Rewrite the example ECDH x25519 program using the
high-level ECDH API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-04-12 14:37:16 +01:00
Dave Rodgman ed35887fc8
Merge pull request #2104 from hanno-arm/iotssl-2071 
Check that integer types don't use padding bits in selftest
 2022-04-11 17:26:08 +01:00
Dave Rodgman 8f5a29ae40 Improve fix for printf specifier 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-11 12:59:45 +01:00
Dave Rodgman eaba723139 Fix printf specifier 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-11 10:07:38 +01:00
Dave Rodgman e2e7e9400b Fail for types not of size 2, 4 or 8 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:46:30 +01:00
Hanno Becker baae59cd49 Improve documentation of absence-of-padding check 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:46:29 +01:00
Hanno Becker 0d7dd3cd43 Check that size_t and ptrdiff_t don't have padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:46:26 +01:00
Hanno Becker 4ab3850605 Check that integer types don't use padding bits in selftest 
This commit modifies programs/test/selftest to include a check that
none of the standard integer types (unsigned) [short, int, long, long]
uses padding bits, which we currently don't support.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:45:05 +01:00
Gilles Peskine e756f642cd Seed the PRNG even if time() isn't available 
time() is only needed to seed the PRNG non-deterministically. If it isn't
available, do seed it, but pick a static seed.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-08 04:46:41 -04:00
Gilles Peskine 99a732bf0c Fix off-by-one in buffer_size usage 
The added null byte was accounted for twice, once by taking
opt.buffer_size+1 when allocating the buffer and once by taking opt.buffer-1
when filling the buffer. Make opt.buffer_size the size that is actually
read, it's less confusing that way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-06 23:34:36 +02:00
Gilles Peskine 8bb96d96cd Fix buffer size calculation 
Make sure that buf always has enough room for what it will contain. Before,
this was not the case if the buffer was smaller than the default response,
leading to memory corruption in ssl_server2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-06 23:31:05 +02:00
Dave Rodgman 017a19997a Update references to old Github organisation 
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-03-31 14:43:16 +01:00
Jerry Yu 79c004148d Add PSA && TLS1_3 check_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu 3a58b462b6 add pss_rsae_sha{384,512} 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Dave Rodgman 2cecd8aaad
Merge pull request #3624 from daxtens/timeless 
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
 2022-03-15 16:43:19 +00:00
Manuel Pégourié-Gonnard 10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data 
server certificate selection callback
 2022-03-10 11:51:42 +01:00
Manuel Pégourié-Gonnard d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c 
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
 2022-03-08 11:43:45 +01:00
Andrzej Kurek 541318ad70 Refactor ssl_context_info time printing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Andrzej Kurek 554b820747 Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Andrzej Kurek 6056e7af4f Fix benchmark and udp_proxy dependency on MBEDTLS_HAVE_TIME 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Andrzej Kurek 06a00afeec Fix requirement mismatch in fuzz/common.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
David Horstmann ca53459bed programs/fuzz: Remove superfluous MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME_ALT implies MBEDTLS_HAVE_TIME, so an extra
check for MBEDTLS_HAVE_TIME is not needed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-03-04 05:07:45 -05:00
David Horstmann 4e0cc40d0f programs/fuzz: Use build_info.h in common.h 
Remove direct inclusion of mbedtls_config.h and replace with
build_info.h, as is the convention in Mbed TLS 3.0.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-03-04 05:07:45 -05:00
David Horstmann 5b9cb9e8ca programs/test: fix build without MBEDTLS_HAVE_TIME 
Allow programs/test/udp_proxy.c to build when MBEDTLS_HAVE_TIME is
not defined. In this case, do not attempt to seed the pseudo-random
number generator used to sometimes produce corrupt packets and other
erroneous data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-03-04 05:07:45 -05:00
Raoul Strackx 9ed9bc9377 programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined 
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 05:07:45 -05:00
Daniel Axtens f071024bf8 Do not include time.h without MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 05:07:45 -05:00
Przemek Stekiel 3f076dfb6d Fix comments for conditional compilation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-04 09:36:46 +01:00
Glenn Strauss 48a37f01b3 Add cert_cb use to programs/ssl/ssl_server2.c 
(for use by some tests/)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Gilles Peskine fd222da2e9 Fix the build when MBEDTLS_PLATFORM_C is unset 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 15:26:40 +01:00
Manuel Pégourié-Gonnard 6d2479516c
Merge pull request #5533 from paul-elliott-arm/fix_fuzz_privkey_null_ctx 
Fix null context when using dummy_rand with mbedtls_pk_parse_key()
 2022-02-16 09:55:01 +01:00
Paul Elliott 5d7e61fb61 Fix uninitialised return value. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-15 16:05:17 +00:00
Manuel Pégourié-Gonnard a1b506996d
Merge pull request #5526 from paul-elliott-arm/fix_fuzzer_null_ref 
Ensure ctr_drbg is initialised every time in fuzz_server
 2022-02-15 10:31:03 +01:00
Paul Elliott a1dc3e5a60 Add safety to dummy_random in case of NULL context 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-14 18:26:21 +00:00
Przemyslaw Stekiel 169f115bf0 ssl_client2: init psa crypto for TLS 1.3 build 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 17:15:04 +01:00
Paul Elliott bb0168144e Ensure valid context is used in fuzz_dtlsserver 
A valid ctr_drbg context is now a prerequisite for using dummy_random()

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-14 15:57:11 +00:00
Paul Elliott 51a7679a8e Ensure context is passed in to dummy_rand 
In fuzz_privkey, we switched over to using dummy_rand(), which uses
ctr_drbg internally, and thus requires an initialised ctr_drbg_context
to be passed in via p_rng when calling mbedtls_pk_parse_key().

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-11 19:10:14 +00:00
Paul Elliott 00738bf65e Ensure ctr_drbg is initialised every time 
ctr_drbg is a local variable and thus needs initialisation every time
LLVMFuzzerTestOneInput() is called, the rest of the variables inside the
if(initialised) block are all static.

Add extra validation to attempt to catch this issue in future.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-10 18:38:53 +00:00
Glenn Strauss a941b62985 Create public macros for ssl_ticket key,name sizes 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 15:28:28 -05:00
Glenn Strauss e328245618 Add test case use of mbedtls_ssl_ticket_rotate 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 14:33:16 -05:00
Manuel Pégourié-Gonnard 9193f7d836
Merge pull request #5436 from mpg/prog-hmac-cipher-psa 
PSA: example programs for HMAC and AEAD vs legacy
 2022-02-09 10:53:49 +01:00
Manuel Pégourié-Gonnard ae1bae8412 Give a magic constant a name 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:36:28 +01:00
Manuel Pégourié-Gonnard c82504e22c Clean up output from cipher_aead_demo 
Used to print "cipher:" when it was the cipher part of a program that
had both cipher and PSA. Now it doesn't really make sense. Align the
output to match the PSA version of this program.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:31:36 +01:00
Manuel Pégourié-Gonnard 5e6c884315 Improve info() function in cipher_aead_demo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:29:59 +01:00
Manuel Pégourié-Gonnard 64754e1b8d Wrap long lines 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:21:14 +01:00
Manuel Pégourié-Gonnard 340808ca67 Add comments on error codes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:15:26 +01:00
Manuel Pégourié-Gonnard 48bae0295c Avoid hardcoding a size 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:14:58 +01:00
Manuel Pégourié-Gonnard cf99beb8fe Improve naming consistency 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 10:54:26 +01:00
Manuel Pégourié-Gonnard 6f20595b6e
Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity 
Clarify key types message from ssl_client2 and ssl_server2
 2022-02-03 11:33:03 +01:00
Manuel Pégourié-Gonnard 1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs 
Resolve problems with reduced configs using USE_PSA_CRYPTO
 2022-02-02 10:20:26 +01:00
Manuel Pégourié-Gonnard f6ea19c66c Work around bug in PSA_MAC_LENGTH() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 13:08:21 +01:00
Manuel Pégourié-Gonnard 12ec5719e7 Fix bug in md_hmac_demo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 09:47:46 +01:00
Manuel Pégourié-Gonnard 29088a4146 Avoid duplicate program names 
Visual Studio and CMake didn't like having targets with the same name,
albeit in different directories.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 09:38:26 +01:00
Manuel Pégourié-Gonnard 6fdc9e8df1 Move aead_non_psa out of the psa/ directory 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 09:29:13 +01:00
Gilles Peskine cc50f1be43 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-31 22:53:30 +01:00