mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-03 11:54:02 +00:00

Author	SHA1	Message	Date
Ronald Cron	a1b8f6e914	ssl-opt.sh: Do not force TLS 1.3 on client For TLS 1.3 tests, do not force TLS 1.3 version on client to play the negotiation game whenever possible. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	f3b425bbde	ssl-opt.sh: Force TLS 1.2 on server To maximize the number of tests where MbedTLS client proposes both TLS 1.2 and TLS 1.3 to the server, force the TLS 1.2 version on the server side rather than on the client side in TLS 1.2 specific tests. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	f660655b84	TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	e1d3f06399	Allow hybrid TLS 1.3 + TLS 1.2 configuration Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	7320e6436b	ssl_tls12_client.c: Switch to generic Client Hello state handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	27c85e743f	ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Paul Elliott	571f1187b6	Merge pull request #5642 from mprse/ecp_export Add ECP keypair export function	2022-03-29 17:19:04 +01:00
Dave Rodgman	1c41501949	Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal SECLIB-667: Accelerate SHA-512 with A64 crypto extensions	2022-03-29 15:34:12 +01:00
Ronald Cron	086ee0be0e	ssl_tls.c: Reject TLS 1.3 version configuration for server Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	de1adee51a	Rename ssl_cli/srv.c Rename ssl_cli.c and ssl_srv.c to reflect the fact that they are TLS 1.2 specific now. Align there new names with the TLS 1.3 ones. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	63d97ad0bb	Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512 Add rsae sha384 sha512	2022-03-29 14:01:51 +02:00
Manuel Pégourié-Gonnard	39f2f73e69	Merge pull request #5630 from ronald-cron-arm/restore-full-compat-testing Restore full TLS compatibility testing	2022-03-28 18:31:17 +02:00
Ronald Cron	e44d8e7eea	Merge pull request #5369 from xkqian/add_2nd_client_hello Add 2nd client hello	2022-03-28 12:18:41 +02:00
XiaokangQian	5c252620c5	Move MAC-ALL to self._ciphs in ssl-opt.sh Change-Id: I60d29560f8937a0001ab4a30086bac255fc4b1eb Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-28 08:53:45 +00:00
Przemek Stekiel	6a478ef054	mbedtls_ecp_group_cmp: change names of parameters to more suitable Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-28 07:25:12 +02:00
XiaokangQian	2e17fb8c93	Change code base on comments Add all of the group pairs for hrr cases Re-order some parameters Change-Id: Id7e131d1ed4279bbd586613800df7bd87dfa4c54 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-28 03:30:05 +00:00
Gabor Mezei	ed6d6589b3	Use hash algoritm for parameter instead of HMAC To be compatible with the other functions `mbedtls_psa_hkdf_extract` and `mbedtls_psa_hkdf_expand` use hash algorithm for parameter. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-26 17:28:06 +01:00
Gabor Mezei	07732f7015	Translate from mbedtls_md_type_t to psa_algorithm_t Do the translation as early as possible from mbedtls_md_type_t to psa_algorithm_t. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-26 17:04:19 +01:00
Gabor Mezei	5d9a1fe9e9	PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3 With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support is always enabled. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-26 15:47:15 +01:00
Ronald Cron	618955d381	compat.sh: Fix check for OpenSSL support If OpenSSL does not support a mode (tls12 or dtls12 or tls13) just skip the tests involving OpenSSL. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-25 16:50:18 +01:00
Ronald Cron	2c74ff629d	compat.sh: Restore full TLS compatibility testing Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-25 16:50:18 +01:00
XiaokangQian	a1931448f0	Update hrr test cases generation code without change class Change-Id: I38f620213bf5349d33ecad080538294633f85566 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 11:58:22 +00:00
XiaokangQian	eff93f947d	Rebase code to latest and solve conflicts Change-Id: Id89af63e5d63347f6365c87b2aed419cc31fe0d4 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 10:47:55 +00:00
XiaokangQian	8031ba7fbf	Update code base on comments Change run title Remove dedicate ciphersuite and sig alg Update test cases Change-Id: Ic0e9adf56062e744f7bafbc6bb562baeaafd89f0 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 09:27:53 +00:00
Manuel Pégourié-Gonnard	cefa904759	Merge pull request #5622 from paul-elliott-arm/timing_delay_accessor Accessor for mbedtls_timing_delay_context final delay	2022-03-25 09:14:41 +01:00
XiaokangQian	83f818811e	Update test cases in tls13-compat.sh Change-Id: I5e080b3343492dd80ede1305f95d4b5b98cd44a3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 08:12:35 +00:00
XiaokangQian	68a87e4606	Remove the option r in generate_tls13_compat_tests.py Integrate two options into one Use one dedicate cipher suite TLS_AES_256_GCM_SHA384 Use on dedicate signature algorithm ecdsa_secp384r1_sha384 Change-Id: Icbe39b985e1942edc4b1e37ce3352eed4f316ab7 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 08:09:29 +00:00
XiaokangQian	20438976f9	Change comments and styles base on review Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 08:09:29 +00:00
XiaokangQian	af56fd3b9d	Disable some reported warnings in pylint Change-Id: Ia01e4a425f8b8d83be53d02885cf8ae4cbb20c98 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 08:08:01 +00:00
XiaokangQian	b9cd73f640	Fix errors from pylint Change-Id: I6cbbf8a0b0acedf651fada6ab54fa03dc4ad9cf5 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 08:06:57 +00:00
XiaokangQian	7069cbc8d5	generate all tls13 hrr test cases for compatible mode Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 08:06:08 +00:00
Paul Elliott	42d5e51a98	Make test function name more accurate Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-03-24 19:41:28 +00:00
Paul Elliott	27b0d94e25	Use mbedtls_ssl_is_handshake_over() Switch over to using the new function both internally and in tests. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-03-24 14:43:52 +00:00
Jerry Yu	72d81e56b6	Add cert_sig_algs into offered list Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-24 22:13:57 +08:00
Jerry Yu	7de79850c9	Add cert_sig_algs for compat generate script Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-24 20:09:00 +08:00
Tom Cosgrove	226aca195f	Fix running of all.sh on macOS Was getting 'dd: unknown operand status' Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-03-23 21:40:56 +00:00
Tom Cosgrove	87fbfb5d82	SECLIB-667: Accelerate SHA-512 with A64 crypto extensions Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be specified. If used, it is necessary to compile with -march=armv8.2-a+sha3. The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO. There should be minimal code size impact if no A64_CRYPTO option is set. The SHA-512 implementation was originally written by Simon Tatham for PuTTY, under the MIT licence; dual-licensed as Apache 2 with his kind permission. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-03-23 21:40:53 +00:00
Jerry Yu	f8aa9a44aa	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 20:54:38 +08:00
Jerry Yu	5fb7d176f3	Replace rsakey to 2048bits for test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 11:16:53 +08:00
Jerry Yu	cef3f33012	Guard rsa sig algs with rsa_c and pkcs1_v{15,21} Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 23:16:42 +08:00
Jerry Yu	701656fb29	fix redefine error Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 21:52:05 +08:00
Jerry Yu	e2c882518c	Add pk_sign_ext unit tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 21:24:19 +08:00
Jerry Yu	5512ad9df8	fix genkey fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:14:53 +08:00
Jerry Yu	92339d25b4	Add more unit test for pk_sign_ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:14:53 +08:00
Jerry Yu	b3bfe9f5d2	Add verify for pk_sign_ext test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:14:53 +08:00
Jerry Yu	5a0afc8a12	fix test fail for pk_sign_ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:35 +08:00
Jerry Yu	20f9f819bb	Remove use_psa_crypto in test scripts Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:35 +08:00
Jerry Yu	1f45b67474	Add unit tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	79c004148d	Add PSA && TLS1_3 check_config Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	3a58b462b6	add pss_rsae_sha{384,512} Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00

... 3 4 5 6 7 ...

6617 Commits