mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-11 09:40:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,866 Commits 170 Branches 263 Tags
Commit Graph

30866 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Valerio Setti
1c7f5dea8b pk: fix documentation of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-04 09:39:12 +02:00
Valerio Setti
ab38fc7c11 test_suite_pk: minor code fixes and comments improvements 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-03 14:10:36 +02:00
Valerio Setti
3e22bf2a31 generate_test_keys.py: minor improvements 
- remove BEGIN_FILE/END_FILE lines from output header file.
- add single disclaimer at the beginning of the file instead
  of having it repeated for every array.
- improved exception message for missing key generation program.

This commits also regenerates "test_keys.h" in order to fully
comply with the new format.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-03 14:10:36 +02:00
Ronald Cron
cf47a15e96 ssl_msg.c: Rename _check_new_session_ticket to _is_new_session_ticket 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-02 17:46:52 +02:00
Ronald Cron
dd96c0a2df all.sh: Use full instead of default as the base for the new component 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-02 17:46:44 +02:00
Ronald Cron
3d0f182a41 ssl-opt.sh: Fix some test dependencies 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-02 17:05:00 +02:00
Tom Cosgrove
a2c45dc713 Fix compilation of ssl_tls13_generic.c when memcpy() is a function-like macro 
Fixes #8994

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2024-04-02 14:51:47 +01:00
Valerio Setti
26bc9c2fb8 test_suite_pk: fix guards 
Now that key generation has been replaced with parsing predefined
keys, guards for MBEDTLS_PK_PARSE_C need to be added in test
code.
This commits also removes remaining usage of GENPRIME.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-02 15:27:50 +02:00
Ronald Cron
c5e81d2e64 Use latest installed OpenSSL 3 as OPENSSL_NEXT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-02 15:20:41 +02:00
Ronald Cron
ceea3e26c6 ssl-opt.sh: Adapt tests to OpenSSL 3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-02 14:30:26 +02:00
Ronald Cron
9785cf1821 Add RSA key certificates 
Add RSA key certificates using SHA256
instead of SHA1 for the signature
algorithm. Those are needed for some
TLS 1.3 compatibility tests with OpenSSL 3
to avoid having to enable in OpenSSL 3
the support for the deprecated SHA-1 based
signature algorithms.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-02 14:28:35 +02:00
Ronald Cron
d64fcee58c tests: ssl: Fix dependencies of SRV TLS 1.3 session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-02 12:25:56 +02:00
Valerio Setti
390f276822 pk: fix unused variable in copy_from_psa() 
key_bits is unused when neither MBEDTLS_RSA_C or MBEDTLS_PK_HAVE_ECC_KEYS
are defined.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-02 11:31:33 +02:00
Valerio Setti
7126ba52e0 test_suite_pk: add python script to generate predefined keys 
This commit adds "generate_test_keys.py" script to generate
predefined keys used in test_suite_pk. Keys are generated with
"programs/pkey/gen_key" tool and converted to C array using
the python script.

tests/src/test_keys.h is automatically generated using the
above mentioned script.

test_suite_pk is updated in order to use the new format.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-02 10:11:34 +02:00
Paul Elliott
30978ec650
Merge pull request #8874 from stevenwdv/development 
Fix compilation on macOS without apple-clang
 2024-03-29 13:59:36 +00:00
Valerio Setti
28c41ad2e9 test_suite_pk: simplify pk_psa_genkey() 
Instead of using PK module to import/export the key in a PSA friendly
format:

- for RSA keys we use the DER input data directly;
- for EC keys we extract the private key manually.

This helps avoiding dependencies from PK_WRITE and PK_PARSE.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-29 12:47:33 +01:00
Valerio Setti
d8896d650f test_suite_pk: simplify pk_genkey() 
Add pk_info parameter in order to ease the requirements on the provided
PK context. Now it can simply be initialized, but not setup.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-29 09:50:20 +01:00
Valerio Setti
fdef82c9de test_suite_pk: fix key_id initialization value 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-28 16:10:34 +01:00
Valerio Setti
56708133ea test_suite_pk: use look-up table instead of file for the predefined keys 
This helps dropping dependency on FS_IO.
This commit also removes DER files that were previusly added and which
are not more needed/used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-28 16:10:13 +01:00
minosgalanakis
e146940714
Merge pull request #1216 from Mbed-TLS/mbedtls-3.6.0_mergeback 
Mbedtls 3.6.0 mergeback
 2024-03-28 14:31:03 +00:00
Minos Galanakis
9860056006 Revert "Autogenerated files for 3.6.0" 
This reverts commit e8a6833b2878f1c08b8f96fe35e2812367e32ef3.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-27 17:36:15 +00:00
Valerio Setti
5b94a02535 test_suite_pk: remove PSA_WANT_KEY_TYPE_[ECC/RSA]_KEY_PAIR_GENERATE dependencies 
EC and RSA keys are now loaded from a file so there is no need
to generate them at runtime.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-27 12:37:41 +01:00
Valerio Setti
d44f99a8a5 test_suite_pk: modify pk_psa_genkey() in order to use predefined keys 
Use predefined keys instead of generating them at runtime as already
done for pk_genkey().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-27 12:37:40 +01:00
Valerio Setti
c43a7a522e test_suite_pk: use a single helper function to generate PSA keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-27 12:36:15 +01:00
Valerio Setti
414daf1d07 test_suite_pk: modify pk_genkey() in order to use predefined keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-27 12:36:14 +01:00
Valerio Setti
561e29e5da test-data: add predefined RSA and EC keys 
Automatically generated with the following bash script:

```
LIST="secp521r1 brainpoolP512r1 secp384r1 brainpoolP384r1 secp256r1 secp256k1
    brainpoolP256r1 secp224r1 secp224k1 secp192r1 secp192k1 x25519 x448"

for item in $LIST; do
    ./programs/pkey/gen_key type=ec ec_curve=$item filename="tests/data_files/ec_$item.der" format=der
done

LIST="1024 1026 1028 1030 2048 4096"

for item in $LIST; do
    ./programs/pkey/gen_key type=rsa rsa_keysize=$item filename="tests/data_files/rsa_$item.der" format=der
done
```

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-27 12:33:30 +01:00
Ronald Cron
ceae4f85ea ssl-opt.sh: Add tests where tickets are ignored 
Add tests where we explicitely check that
tickets are ignored on client side when
the support is not enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Ronald Cron
7df18bc210 tls13: cli: Ignore tickets if not supported 
If a TLS 1.3 client receives a ticket and
the feature is not enabled, ignore it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Norbert Fabritius
4f1c9278cc ssl-opt.sh: Add missing MBEDTLS_SSL_SESSION_TICKETS dependencies 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Norbert Fabritius
d30e91150e all.sh: Add component testing default minus session tickets 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Ronald Cron
161e14faf6 tests: ssl: Fix dependencies of TLS 1.3 session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Ronald Cron
8d15e0114b tests: ssl: Add hostname checks in session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:31 +01:00
Ronald Cron
ad0ee1a7c4 tests: ssl: Remove redundant test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:18:04 +01:00
Ronald Cron
18b92a1aec tests: ssl: Fix session field guards 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:07:50 +01:00
Norbert Fabritius
d36913a58f Constify parameter of ssl_tls13_session_load 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Norbert Fabritius
8ceeff95e9 Enable ssl_tls13_get_ciphersuite_hash_alg only if macro is active 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Norbert Fabritius
d60aef0f1b Unconditionally define session variable 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Ronald Cron
1f045f3a0c tls13: srv: Fix guards of _is_psk_(ephemeral_)available 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 08:22:53 +01:00
Norbert Fabritius
96eed725e1 Guard ticket specific TLS 1.3 function with macro 
Guard ssl_tls13_write_new_session_ticket_coordinate with
MBEDTLS_SSL_SESSION_TICKETS macro.

Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
minosgalanakis
2ca6c285a0
Merge pull request #1215 from Mbed-TLS/mbedtls-3.6.0rc1-pr 
Mbedtls 3.6.0rc1
v3.6.0 mbedtls-3.6.0 		2024-03-26 14:58:02 +00:00
Minos Galanakis
078f823843 Merge pull request #8990 from tom-cosgrove-arm:record-size-limit-support-is-now-released 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-26 12:32:00 +00:00
Minos Galanakis
a11b9d69dd Merge pull request #8989 from tom-cosgrove-arm:fix-typo-in-psa_key_production_parameters_t-doc 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-26 12:31:38 +00:00
Tom Cosgrove
f02c6ef86d Fix typo in psa_key_production_parameters_t doc: 65535 should be 65537 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2024-03-26 12:25:07 +00:00
Tom Cosgrove
1b3b1743f5 Record size limit support is released, so remove warning about only for testing 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2024-03-26 12:23:49 +00:00
Valerio Setti
ec2cfb042c test_suite_pk: test check_pair() also with opaque RSA keys 
check_pair() is not supported by opaque RSA keys, but we want
to be sure that calling this functions fails nicely instead
for crashing.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-25 14:46:45 +01:00
Valerio Setti
f9f63edbe4 pk: fix typos in description of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-25 09:38:05 +01:00
minosgalanakis
7424296082
Merge pull request #1213 from Mbed-TLS/mbedtls-3.6.0rc0-pr 
Mbedtls 3.6.0 Release Candidate
 2024-03-22 22:50:33 +00:00
Minos Galanakis
e8a6833b28 Autogenerated files for 3.6.0 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 16:00:55 +00:00
Minos Galanakis
8d94aec75c Fix some Changelog typos 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 16:00:55 +00:00
Valerio Setti
ac81e23c33 pk: add check_pair info to mbedtls_pk_setup_opaque() documentation 
This also updates use-psa-crypto.md accordingly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-22 14:36:41 +01:00