cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-01 01:16:36 -04:00
Code Issues Packages Projects Releases Wiki Activity
29,659 Commits 7 Branches 115 Tags
Commit Graph

29659 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ronald Cron
c57f86e132 Add ticket creation time to TLS 1.2 session serialization 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Ronald Cron
d1c106c787 Define ticket creation time in TLS 1.2 case as well 
The purpose of this change is to eventually base
the calculation in ssl_ticket.c of the ticket age
when parsing a ticket on the ticket creation time
both in TLS 1.2 and TLS 1.3 case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Ronald Cron
feb577a949 Fix TLS 1.2 session serialization on server side 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Ronald Cron
7b1921ac57 Add endpoint in TLS 1.2 session serialization data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Ronald Cron
17ef8dfddb ssl_session: Define unconditionally the endpoint field 
The endpoint field is needed to serialize/deserialize
a session in TLS 1.2 the same way it is needed in the
TLS 1.3 case: client specific fields that should not
be in the serialized version on server side if both
TLS client and server are enabled in the TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Ronald Cron
ba5165e09a ssl_ticket.c: Fix ticket lifetime enforcement 
Take into account that the lifetime of
tickets can be changed through the
mbedtls_ssl_ticket_rotate() API.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:15 +01:00
Ronald Cron
e34f124ff1 ssl_ticket.c: Remove pedantic server endpoint check 
When calculating the ticket age, remove the check
that the endpoint is a server. The module is
supposed to be used only server side. Furthermore,
if such check was necessary, it should be at the
beginning of all ssl_ticket.c APIs. As there is no
such protection in any API, just remove the check.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:56:40 +01:00
Ronald Cron
3c3e2e62f6 ssl_ticket.c: Remove TLS server guard 
The ticket module is removed from the build
if the TLS server is not in the build now
thus no need for the guard.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:54:29 +01:00
Ronald Cron
ce72763f78 ssl_ticket.c: Remove client code 
ssl_ticket.c is a server module.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:52:55 +01:00
Ronald Cron
d1100b0b45 Disable ticket module when useless 
Disable ticket module if either the TLS
server or the support for session tickets
is not enabled at build time as in that
case the ticket module is not used by the
TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:50:31 +01:00
Dave Rodgman
67223bb501 add support for AES-CTR to benchmark 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-12 18:33:57 +00:00
Tom Cosgrove
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile 
TLS: remove RSA signature algorithms in `suite B` profile
 2024-01-12 14:34:28 +00:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext 
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
 2024-01-12 13:39:15 +00:00
Waleed Elmelegy
f0ccf46713 Add minor cosmetic changes to record size limit changelog and comments 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-12 10:52:45 +00:00
Waleed Elmelegy
4b09dcd19c Change renegotiation test to use G_NEXT_SRV 
Change renegotiation test to use G_NEXT_SRV
to avoid problems when sending TLS 1.3
extensions since we exceed the extension
limit in G_SRV.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-12 10:50:25 +00:00
Ryan Everett
86d5347930 Mention PK parse in changelog 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-12 10:31:31 +00:00
Ryan Everett
a90378c425 Restore previous version of rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-12 10:24:00 +00:00
Kusumit Ghoderao
153586a3d5 change values to ULL 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-12 11:19:16 +05:30
Ryan Everett
d00a138075 Change test data for pkparse aes 
Test data generated using openSSL with:
openssl pkcs8 -topk8 -v2 $ENC -v2prf hmacWithSHA384 -inform PEM
-in $IN -outform PEM -out $OUT -passout "pass:PolarSSLTest"

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-11 17:23:15 +00:00
Paul Elliott
3519cfb3d8
Merge pull request #8639 from bensze01/release_components 
Set OpenSSL/GnuTLS variables when running release components
 2024-01-11 15:38:35 +00:00
Ronald Cron
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function 
Harmonise the names and return values of check functions in TLS code
 2024-01-11 13:51:39 +00:00
Ronald Cron
7c14afcaaa
Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check 
TLS1.3: SRV: check `min_tls_version` when parsing ClientHello
 2024-01-11 13:34:09 +00:00
Waleed Elmelegy
85ddd43656 Improve record size limit changelog wording 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-11 11:07:57 +00:00
Manuel Pégourié-Gonnard
eeb96ac9fe
Merge pull request #8433 from yuhaoth/pr/add-deprecated-flag-for-sig_hashes-api 
Add deprecated flag in document for sig_hashes
 2024-01-11 09:33:10 +00:00
Valerio Setti
19ec9e4f66 psa_crypto_ecp: remove support for secp224k1 
Since this curve is not supported in PSA (and it will not ever be
in the future), we save a few bytes.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-11 07:07:14 +01:00
Waleed Elmelegy
e83be5f639 Change renegotiation tests to work with TLS 1.2 only 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 23:39:54 +00:00
Ryan Everett
1f935f5027 Add AES tests to test_suite_pkparse 
Test data generated using openssl:
openssl genpkey -algorithm rsa -out $OUT -$ALG

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-10 19:34:18 +00:00
Ryan Everett
ae0b4bd04c Add more details to comments 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-10 19:19:10 +00:00
Ryan Everett
4cfd6a6bc6 Fix dependencies in pkcs5 aes-128-cbc tests 
These tests do not specify a hash function. This is an optional parameter
with default value hmacWithSHA1, so these test cases are dependant on SHA-1
and not SHA-256

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-10 19:15:45 +00:00
Kusumit Ghoderao
a7c55d5a14 fix depends on condition 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-11 00:43:48 +05:30
Paul Elliott
f149cd1a3a
Merge pull request #8688 from jwinzig-at-hilscher/development 
Fix bug in mbedtls_x509_set_extension
 2024-01-10 16:57:16 +00:00
Kusumit Ghoderao
179f33a1ea add test cases with different hash algs 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:10 +05:30
Kusumit Ghoderao
7d4db631cf add depends on for capacity tests and fix code style 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
f4351c1a61 correct test data 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
d3f70d321a fix unused variable warning and other fixes 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
911eafda31 add bugfix changelog entry 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
83455ebcc0 disable pbkdf2_hmac set max capacity test 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
d3ae165adb Add tests for derive_full for hkdf_extract, hkdf_expand and ecjpake_to_pms 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
1da06da398 Add tests for derive_set_capacity for pbkdf and ecjpake_to_pms 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
604e1cbbe7 Change error status for invalid HKDF alg 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
2c4264bd41 Add hkdf_extract, hkdf_expand and ecjpake_to_pms cases 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
9ffd397e4c Increase input parameter type and buffer size 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
86e83dd4a7 Add kdf_set_max_capacity function 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
a0907f5750 Reorder and correct comment 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
4aa6b36a35 add tests for derive_full and derive_set_capacity 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
5f3a938d95 Fix psa_key_derivation_setup_kdf 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Waleed Elmelegy
3ff472441a Fix warning in ssl_tls13_generic.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
1487760b55 Change order of checking of record size limit client tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
09561a7575 Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to config_adjust_ssl.h 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
a3bfdea82b Revert "Make sure record size limit is not configured without TLS 1.3" 
This reverts commit 52cac7a3e6782bbf46a76158c9034afad53981a7.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00