yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
27537 commits 89 branches 205 tags 114 MiB
Commit graph

1072 commits

Author SHA1 Message Date
Valerio Setti cf29c5d9d5 ssl: don't require MBEDTLS_ECP_DP with TLS1.3 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti 482a0b957f test: fix remaining disparities and remove debug leftovers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Gilles Peskine eda1b1f744
Merge pull request #7921 from valeriosetti/issue7613 
TLS: Clean up ECDSA dependencies
 2023-09-20 12:47:55 +00:00
Manuel Pégourié-Gonnard f299efdb96 Improve a comment 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-18 11:19:04 +02:00
Valerio Setti 36344cecbd ssl-opt: remove redundant requirement for RSA_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-11 09:37:14 +02:00
Valerio Setti 4f577f3e51 ssl-opt: add RSA_C requirement when RSA encryption is used in certificate 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-11 06:35:23 +02:00
Valerio Setti 726ffbf642 ssl-opt: don't assume TLS 1.3 usage for external tool that don't have support 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-03 09:15:34 +02:00
Gilles Peskine b387fcf59b Adapt names (curves -> groups) in a separately added test case 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-11 09:19:13 +02:00
Dave Rodgman e183ecef3d
Merge pull request #7136 from yanrayw/5692-record-compatsh-test-cases 
Record the outcome of each test case in compat.sh
 2023-07-10 12:08:32 +01:00
Manuel Pégourié-Gonnard 5c41ae867b
Merge pull request #7887 from ronald-cron-arm/fix-hrr-in-psk-kem 
tls13: server: Fix spurious HRR
 2023-07-10 09:58:13 +02:00
Ronald Cron 8a74f07c2a tls13: server: Fix spurious HRR 
If the server during a TLS 1.3 handshake selects
the PSK key exchange mode, it does not matter
if it did not find in the key share extension
a key share for a group it supports. Such a
key share is used and necessary only in the
case of the ephemeral or PSK ephemeral key
exchange mode. This is a possible scenario in
the case of a server that supports only the PSK
key exchange mode and a client that also
supports a key exchange mode with ephemeral keys.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-07 15:53:12 +02:00
Przemek Stekiel 45255e4c71 Adapt names (curves -> groups) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:26:26 +02:00
Przemek Stekiel 3484db4ce7 Change ffdh testing strategy 
- Full tests generated by script only for ffdhe2048 group
- Single G->m and m->G exchange test for each other group

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-28 13:31:38 +02:00
Przemek Stekiel 7dda271c1d Fix description of functions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-28 09:16:08 +02:00
Przemek Stekiel c31a798f45 Replace MBEDTLS_ECDH_C dependency in ssl-opt tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-27 10:58:50 +02:00
Przemek Stekiel 8bfe897ab0 Add ssl-opt functions to check openssl with ffdh support and openssl ephemeral key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-26 16:33:00 +02:00
Przemek Stekiel 1f5c2ba495 Add missing ECDH dependencies in ssl-opt tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-15 17:07:16 +02:00
Przemek Stekiel a53dca125e Limit number ffdh test cases (ffdhe2048, ffdhe8192) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-14 20:53:09 +02:00
Przemek Stekiel 422ab1f835 Add FFDH tests to ssl-opt 
Add FFDH support to the test case generator script: generate_tls13_compat_tests.py.
Add dependency for openssl as FFDH is supported from version 3.0.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-14 11:04:28 +02:00
Przemek Stekiel 75a5a9c205 Code cleanup 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-13 09:57:23 +02:00
Przemek Stekiel 316c19ef93 Adapt guards, dependencies + optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel 5e2f816c39 Fix test configs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel 250b9fde75 ssl-opt.sh: Add FFDH tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Tom Cosgrove ef468ea2ba
Merge pull request #6740 from xkqian/tls13_fix_unkown_pk_type 
Remove useless debug log of pk type from test cases
 2023-05-05 16:14:59 +01:00
Valerio Setti a9aafd4807 test: revert undesired debug change in ssl-opt 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 12:30:45 +02:00
Valerio Setti 6c496a1553 solve disparities for ECP_LIGHT between ref/accel 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Ronald Cron c564938180 Add downgrade protection mechanism 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:05 +02:00
Ronald Cron 1a353ea4b8 ssl-opt.sh: Improve description of server negotiation tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron d120bd646c ssl-opt.sh: Add version selection by the server tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron 50ae84ed97 ssl-opt.sh: Remove some unnecessary forcing of TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron 097ba146e7 tls: srv: Set hybrid TLS 1.2/1.3 as default configuration 
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron f95d169d60 ssl-opt.sh: Force TLS 1.2 on TLS 1.2 specific tests 
Force TLS 1.2 on TLS 1.2 specific tests in
preparation of TLS 1.3 being the default
protocol version when both TLS 1.2 and
TLS 1.3 are enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron fd4c6afcb4 ssl-opt.sh: Force TLS 1.2 version 
Force TLS 1.2 version on tests related to
MBEDTLS_SSL_ASYNC_PRIVATE, CA callback and
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH. Those
SSL options are not supported in TLS 1.3
for the time being. Thus force TLS 1.2
version in preparation of TLS 1.3 being
the default protocol version when both
TLS 1.2 and TLS 1.3 are enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron 92dca39196 ssl-opt.sh: Extend scope of some tests to TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron 0aa1b8843f ssl-opt.sh: Remove unnecessary explicit MBEDTLS_SSL_PROTO_TLS1_2 dep 
Remove unnecessary explicit MBEDTLS_SSL_PROTO_TLS1_2
dependency if TLS 1.2 version is forced or a TLS 1.2
cipher suite is forced (as TLS 1.2 cipher suites are
available if and only if TLS 1.2 is enabled and
cipher suite availability is check automatically).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron 65f9029741 ssl-opt.sh: Remove unnecessary TLS 1.3 forcing on client side 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron c341ad717e ssl-opt.sh: Remove dummy TLS 1.3 kex modes tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Paul Elliott d01a3bca05 Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback 
Mbed TLS 3.4.0
 2023-03-27 18:09:49 +01:00
Paul Elliott f1eb5e2a04 Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-21 15:35:17 +00:00
Valerio Setti 2f8eb62946 ssl-opt: remove leftover debug commands and fix comment 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-20 14:02:07 +01:00
Valerio Setti 6ba247c236 ssl-opt: solve errors in ECDH reference tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-20 14:00:51 +01:00
Dave Rodgman 0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing 
Add parsing for Record Size Limit extension in TLS 1.3
 2023-03-17 10:18:34 +00:00
Paul Elliott 646ee7ec2e Fix CI build after repo merge conflict 
After merging the driver only ECDSA work, a conflict arose between that and
the previous work re-ordering the ciphersuite preference list. We can remove
the breaking requirement on this test, as this requirement is now auto-detected
when the server5 crt is used in the server's command line.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-16 17:10:34 +00:00
Gilles Peskine 2a44ac245f
Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api 
ssl_cache: Add cache entry removal api
 2023-03-15 15:38:06 +01:00
Jan Bruckner 151f64283f Add parsing for Record Size Limit extension in TLS 1.3 
Fixes #7007

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-03-14 08:41:25 +01:00
Paul Elliott e4622a3436 Merge remote-tracking branch 'development/development' into development-restricted 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-13 17:49:32 +00:00
Valerio Setti e7f896d73f fix extra whitespaces 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-13 13:55:28 +01:00
Valerio Setti 80318d2775 ssl-opt: automatically detect requirements when using certs in dir-maxpath 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-13 12:26:42 +01:00
Valerio Setti 77588e9451 ssl-opt: uniformize requirements in tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-13 12:00:10 +01:00
Pengyu Lv 62ed1aa316 ssl-opt: Add test for cache entry removal 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-13 09:28:17 +08:00