Commit Graph

10655 Commits

Author SHA1 Message Date
Andrzej Kurek
7ad75b6a22 Increase the min hs timeout in one of the ssl_opt tests
This triggered some spurious CI failure, where
the network is flaky. Increasing the min value,
leaving the max at the same distance should 
account for this.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-14 06:17:40 -05:00
Andrzej Kurek
5ef12c0cbc
Merge pull request #4016 from AndrzejKurek/baremetal-ci-spurious-resend
Fix spurious resend in one of the ssl-opt.sh tests.
2021-01-13 21:58:49 +01:00
Andrzej Kurek
95b87f32f6 Increase the min hs timeout in one of the ssl_opt tests
This triggered some spurious CI failure, where
the network is flaky. Increasing the min value,
leaving the max at the same distance should 
account for this.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-12 07:49:41 -05:00
Andrzej Kurek
d7073d9290
Merge pull request #3979 from AndrzejKurek/coverity-seg-fault-context
Fix the usage of ssl context after its nullified
2021-01-05 12:47:41 +01:00
Andrzej Kurek
ffe07bf020
Merge pull request #3977 from AndrzejKurek/fi-missing-volatile
FI variables missing 'volatile'
2021-01-05 12:05:52 +01:00
Andrzej Kurek
42ed2d3c59 Fix the usage of ssl context after its nullified
Previously, it was possible to access a null pointer
even though the given configuration should work.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-04 09:36:53 -05:00
Andrzej Kurek
17c3531b4b Add missing volatile identifiers before fi-related variables
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-31 09:56:42 -05:00
Andrzej Kurek
165564de07
Merge pull request #3946 from AndrzejKurek/optimized-key-exchange
Key exchange optimizations
2020-12-23 20:03:17 +01:00
Andrzej Kurek
5d3d2327ce Introduce additional fault injection protection to ssl_cli.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-23 03:45:53 -05:00
Andrzej Kurek
25997053a8 Introduce FI protection to ssl client handshake step handling
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-23 03:34:24 -05:00
Andrzej Kurek
ad3c4ffb56 Add an "SSL" infix to MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-21 08:11:36 -05:00
Andrzej Kurek
6b5c9a3744 Add an "SSL" infix to MBEDTLS_EARLY_KEY_COMPUTATION
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-21 08:02:59 -05:00
Andrzej Kurek
4f5549f595 Add an "SSL" infix to MBEDTLS_IMMEDIATE_TRANSMISSION
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-21 07:56:57 -05:00
Andrzej Kurek
df6e684460 Add a valgrind test for baremetal config
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-21 07:45:43 -05:00
Andrzej Kurek
0719b3c129 Add output flushing after each message transmission
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-19 17:15:52 -05:00
Andrzej Kurek
e6c3aa7e7b Fix minor issues and clean up the code
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-18 15:06:42 -05:00
Andrzej Kurek
e2134ed4b1 Fix certificate management when freeing handshake
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-18 11:23:19 -05:00
Shelly Liberman
a981a9605d
Merge pull request #3961 from shelib01/random_buf_fix
fix flow control check
2020-12-16 10:35:22 +02:00
Andrzej Kurek
38c7f2d32f Refactor the immediate transmission feature
The original way or handling it did not cover
message fragmentation or retransmission.
Now, the messages are always appended
to the flight and sent immediately, using 
the same function as normal flight 
transmission.
Moreover, epoch handling is different for this feature,
with a possibility to perform the usual retransmission
using previous methods. 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 18:17:31 -05:00
Andrzej Kurek
d886d9f93c Fix freeing uninitialized fields from the ssl context
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek
9627202d3a Move MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION to baremetal config
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek
5ac3a50924 DTLS: disable datagram packing tests when immediate transmission is on
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek
c3dde3f2f9 Fix unreachable code error
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek
52e08cbcb2 Fix unused parameters and ifdefs
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek
777d4217f1 Fix define and function names to conform to Mbed TLS rules
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek
b22e64045b Update generated files
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek
131512440e Move the new config optimization defines to be optional
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Hannes Tschofenig
32846c62ac Moving the ecdhe_computed variable into the handshake structure 2020-12-15 12:50:37 +01:00
Hannes Tschofenig
34630562cd Making sure that the ECDHE pre-computation is only done once. 2020-12-15 12:33:45 +01:00
Shelly Liberman
699aebecb9 fix flow control check
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-12-14 18:57:52 +02:00
Andrzej Kurek
cee7ee86af
Merge pull request #3956 from shelib01/aes_masking_fix
AES masking bug fix
2020-12-14 09:37:12 +01:00
Shelly Liberman
51701bb4af aes masking bug fix
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-12-13 18:32:09 +02:00
Andrzej Kurek
25d0202ac5
Merge pull request #3941 from AndrzejKurek/tinycrypt-ecdsa-signature
Add ECDSA signature generation tests to tinycrypt
2020-12-08 06:18:33 -05:00
Andrzej Kurek
3e80b1a657 Fix compilation errors when building sign_with_k test function
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-07 08:54:50 -05:00
Hannes Tschofenig
c162895030 Add call to mbedtls_x509_crt_free() 2020-12-07 11:04:09 +01:00
Andrzej Kurek
bef771bf50 Add ECDSA signature generation tests to tinycrypt
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-04 09:54:11 -05:00
Andrzej Kurek
fca6731ddd
Merge pull request #3934 from AndrzejKurek/tinycrypt-ecdsa-test-vectors
Add NIST CAVP FIPS 186-4 test vectors for tinycrypt ecdsa
2020-12-04 09:47:00 -05:00
Hannes Tschofenig
e151a3528a Adding early ECDHE key generation to ssl_cli.c 2020-12-03 17:37:49 +01:00
Hannes Tschofenig
c34d9cf37a Adding storage for public key to handshake_params 2020-12-03 17:37:06 +01:00
Hannes Tschofenig
77cddb3ef7 Adding early key computation config option 2020-12-03 17:36:00 +01:00
Hannes Tschofenig
3cb3db7961 Adding early key computation config check 2020-12-03 17:35:50 +01:00
Hannes Tschofenig
2279ffd2a0 Adding immediate message transmission 2020-12-03 15:52:35 +01:00
Hannes Tschofenig
dfa4bae320 Adding immediate transmission option 2020-12-03 15:49:35 +01:00
Hannes Tschofenig
cb6410c67d Wrapper function for calling parse_certificate_verify 2020-12-03 15:48:55 +01:00
Hannes Tschofenig
635f86874f Adding delayed server cert verification to client state machine 2020-12-03 15:48:32 +01:00
Hannes Tschofenig
4f8c88312c Adding wrapper function for certificate verification function 2020-12-03 15:48:12 +01:00
Hannes Tschofenig
f336c7ea71 Adding delayed server cert verification config option 2020-12-03 15:47:47 +01:00
Hannes Tschofenig
c7f6d7f75c Making sure that keep peer certificate option is set when server cert verification is used. 2020-12-03 15:47:31 +01:00
Andrzej Kurek
bbd1c38ad6 Add NIST CAVP FIPS 186-4 test vectors for tinycrypt ecdsa
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-02 11:44:54 -05:00
Andrzej Kurek
b0b1cdc059
Merge pull request #3932 from AndrzejKurek/tinycrypt-ecdh-test-vectors
Tinycrypt - ecdh test vectors
2020-12-02 11:43:35 -05:00