mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-25 13:43:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
31,198 Commits 173 Branches 267 Tags
Commit Graph

1229 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
aa80f5380c Use libary default in ssl_client2 for new_session_tickets 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-06 10:06:38 +02:00
David Horstmann
9f10979853 Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.1rc0-pr 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-08-28 20:48:27 +01:00
Ronald Cron
9f44c883f4 Rename some "new_session_tickets" symbols 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-08-28 17:47:46 +02:00
Ronald Cron
d67f801c63 Do not add a new field in the SSL config 
We cannot add a new field in SSL config in
an LTS. Use `session_tickets` field instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-08-28 10:41:54 +02:00
Ronald Cron
57ad182644 ssl_client2: Fix new_session_tickets option parsing 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-08-28 10:30:24 +02:00
Ronald Cron
23303a47f4 Enable TLS 1.3 ticket handling in resumption tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-08-27 16:20:40 +02:00
Gilles Peskine
cd4da16eea Don't call psa_crypto_init in test programs when not required for TLS 1.3 
For backward compatibility with Mbed TLS <=3.5.x, applications must be able
to make a TLS connection with a peer that supports both TLS 1.2 and TLS 1.3,
regardless of whether they call psa_crypto_init(). Since Mbed TLS 3.6.0,
we enable TLS 1.3 in the default configuration, so we must take care of
calling psa_crypto_init() if needed. This is a change from TLS 1.3 in
previous versions, where enabling MBEDTLS_SSL_PROTO_TLS1_3 was a user
choice and could have additional requirement.

This commit changes our test programs to validate that the library
does not have the compatibility-breaking requirement.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-08-25 10:44:39 +02:00
Gilles Peskine
4002e6fdee Merge remote-tracking branch 'mbedtls-3.6' into mbedtls-3.6-restricted 2024-08-23 11:15:11 +02:00
Manuel Pégourié-Gonnard
013d0798c0 Always print detailed cert errors in test programs 
Previously the client was only printing them on handshake success, and
the server was printing them on success and some but not all failures.

This makes ssl-opt.sh more consistent as we can always check for the
presence of the expected message in the output, regardless of whether
the failure is hard or soft.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-08 12:34:56 +02:00
Michael Schuster
ff4d6aea04 Use correct conditionals in programs/ssl (fix unused-function errors) 
Signed-off-by: Michael Schuster <michael@schuster.ms>
 2024-08-06 12:09:13 +01:00
Michael Schuster
82984bc1be Adjust spacing in sample programs 
Signed-off-by: Michael Schuster <michael@schuster.ms>
 2024-08-06 12:09:13 +01:00
Michael Schuster
6fa32fd12d Fix missing-prototype errors in sample programs 
Signed-off-by: Michael Schuster <michael@schuster.ms>
 2024-08-06 12:09:13 +01:00
David Horstmann
9c4dd4ee6f Update paths pointing to tests/data_files 
These now point to framework/data_files instead.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-08 15:36:46 +01:00
Mingjie Shen
41995bec9a ssl_mail_client: Fix code style issue 
Signed-off-by: Mingjie Shen <shen497@purdue.edu>
 2024-04-30 13:00:35 +02:00
Mingjie Shen
623812887a ssl_mail_client: Check return value of mbedtls_snprintf 
The return value of snprintf() is the number of characters (excluding
the null terminator) which would have been written to the buffer if
enough space had been available. Thus, a return value of size or more
means the output was truncated.

Signed-off-by: Mingjie Shen <shen497@purdue.edu>
 2024-04-30 13:00:35 +02:00
Mingjie Shen
6f216e4a73 ssl_mail_client: Replace snprintf with mbedtls_snprintf 
Signed-off-by: Mingjie Shen <shen497@purdue.edu>
 2024-04-30 13:00:34 +02:00
Mingjie Shen
73d649e089 ssl_mail_client: Fix unbounded write of sprintf() 
These calls to sprintf may overflow buf because opt.mail_from and opt.mail_to
are controlled by users. Fix by replacing sprintf with snprintf.

Signed-off-by: Mingjie Shen <shen497@purdue.edu>
 2024-04-30 13:00:33 +02:00
Ronald Cron
74191a56e8 ssl_server2: Split early data enablement from max_early_data_size setting 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:00:42 +01:00
Ronald Cron
7201bc6b05 ssl_client2: Fix early data log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 16:03:09 +01:00
Manuel Pégourié-Gonnard
e33b349c90
Merge pull request #8864 from valeriosetti/issue8848 
Deprecate or remove mbedtls_pk_wrap_as_opaque
 2024-03-01 15:54:32 +00:00
Ronald Cron
9b4e964c2c
Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data 
TLS 1.3: Add mbedtls_ssl_write_early_data() API
 2024-02-29 14:31:55 +00:00
Valerio Setti
90eca2adb0 ssl_test_lib: add guards for pk_wrap_as_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-28 10:45:43 +01:00
Valerio Setti
7541ebea52 programs: remove usage of mbedtls_pk_wrap_as_opaque() from tests 
This is replaced with: mbedtls_pk_get_psa_attributes() +
mbedtls_pk_import_into_psa() + mbedtls_pk_setup_opaque().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-27 10:44:33 +01:00
Gilles Peskine
7f72a06e02 Remove cruft 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 18:41:25 +01:00
Gilles Peskine
74589ba31c ssl_context_info: explicitly note accesses to private fields 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:12:01 +01:00
Gilles Peskine
72da8b3521 Don't authorize private access to fields where not actually needed 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:07:29 +01:00
Ronald Cron
0aead12706 ssl_client2: Improve loop writing early data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-21 17:37:33 +01:00
Ronald Cron
b4fd47e897 ssl_client2: Default to library default for early data enablement 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-21 17:37:33 +01:00
Manuel Pégourié-Gonnard
0ecb5fd6f5
Merge pull request #8574 from ronald-cron-arm/ssl-tickets 
Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3
 2024-02-21 09:38:46 +00:00
Janos Follath
028a38b7cb
Merge pull request #8661 from BensonLiou/use_init_api 
use mbedtls_ssl_session_init() to init session variable
 2024-02-19 15:49:34 +00:00
Paul Elliott
54ad01efed Merge remote-tracking branch 'upstream/development' into make_tests_thread_safe 2024-02-09 14:33:58 +00:00
Janos Follath
7a28738205
Merge pull request #8636 from paul-elliott-arm/new_test_thread_interface 
New test thread interface
 2024-02-08 12:35:40 +00:00
Manuel Pégourié-Gonnard
1d7bc1ecdf
Merge pull request #8717 from valeriosetti/issue8030 
PSA FFDH: feature macros for parameters
 2024-02-07 10:06:03 +00:00
Ronald Cron
a5561893e7 ssl_client2: Add support for early data writing 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
2fe0ec8c31 ssl_client2: Add buffer overflow check 
Add buffer overflow check to build_http_request().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
ccfaefa361 ssl_client2: Switch from int to size_t 
Switch from int to size_t for some
data lengths and counter local
variables.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
4e1bd470fb ssl_client2: Move code to build http request 
Move code to build http request into a
dedicated function.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
54a3829453 ssl_client2: Simplify early_data option 
No need to define specific early data,
the idea is rather to just send the
usual request data as early data
instead of standard application data.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Jerry Yu
192e0f9b1d ssl_server2: Add read early data support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 16:40:47 +01:00
Paul Elliott
7fd162ec26 Refactor common PThreads CMake code 
Move the flags and find of Threads to root CMakeLists.txt, rather
than duplicate these everywhere. Make explicit linking of library with
PThreads use the same mechanism.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-01-24 18:05:53 +00:00
Paul Elliott
85ea3e623b Set preferences before finding Threads in CMake 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-01-19 15:57:22 +00:00
Valerio Setti
e8683ce9ef ssl_test_lib: add guards for enabled DH groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:56:30 +01:00
Ronald Cron
d1c106c787 Define ticket creation time in TLS 1.2 case as well 
The purpose of this change is to eventually base
the calculation in ssl_ticket.c of the ticket age
when parsing a ticket on the ticket creation time
both in TLS 1.2 and TLS 1.3 case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Tom Cosgrove
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit 
Comply with the received Record Size Limit extension
 2024-01-09 15:22:17 +00:00
Paul Elliott
4068c7e47c Link programs with pthread via cmake 
All programs are now linked directly with all test code, thus adding a
pthread abstraction into the test code means having to link the programs
with pthread (if the library is found under cmake).

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-01-05 21:04:52 +00:00
Paul Elliott
17c119a5e3 Migrate to threading_helpers.h 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-01-05 21:04:52 +00:00
Paul Elliott
4580d4d829 Add accessor helpers for mbedtls_test_info 
Step one of being able to control access to mbedtls_test_info with
a mutex.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-01-05 19:13:43 +00:00
Benson Liou
6d0a093582 use mbedtls_ssl_session_init() to init session variable 
Use mbedtls_ssl_session_init() to init variable just like
session-family APIs described

Signed-off-by: Benson Liou <benson.liou@sony.com>
 2023-12-27 22:03:24 +08:00
Gilles Peskine
a211bb7f01
Merge pull request #8596 from xkqian/tls13_early_data_input_file 
Change early data flag to input file
 2023-12-11 21:14:57 +00:00
Xiaokang Qian
a9581d2d5f Fix CI failure of uninitialized fp 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-11 01:50:34 +00:00