Remove support signature PKCS1 v1.5 in CertificateVerify.
Remove useless server states in test script
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
Remove useless component in all.sh
Remove use server logs in ssh-opt.sh
Remove useless guards in ssl_client2.c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This option only gated an ability to set a callback,
but was deemed unnecessary as it was yet another define to
remember when writing tests, or test configurations. Fixes#4653.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
If socket setup fail, ssl structure setup won't be called.
And the order of them do not affect final result, but it
will break ssl setup negative tests.
Change the order can fix that.
issue: #4844
Change-Id: I2488ed5f74773421eb1eac0cfd7f1ce4fbb0b32d
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
To support tls1.3 relative tests, add `tls1_3`
parameter for `{min,max}_version` and `force_version`
issues: #4844
Change-Id: I1b22a076582374b8aabc733086562e9d03a94a2a
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This is necessary for the case where the public part of an EC keypair
needs to be computed from the private part - either because it was not
included (it's an optional component) or because it was compressed (a
format we can't parse).
This changes the API of two public functions: mbedtls_pk_parse_key() and
mbedtls_pk_parse_keyfile().
Tests and programs have been adapted. Some programs use a non-secure RNG
(from the test library) just to get things to compile and run; in a
future commit this should be improved in order to demonstrate best
practice.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Commit removes code dependent on
MBEDTLS_SSL_TRUNCATED_HMAC from SSL
client and sever example programs.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Conflicts:
include/mbedtls/ssl.h
include/psa/crypto_struct.h
Conflicts fixed by using the code from development branch
and manually re-applying the MBEDTLS_PRIVATE wrapping.
This commit makes the API
- mbedtls_ssl_get_output_max_frag_len()
- mbedtls_ssl_get_input_max_frag_len()
- mbedtls_ssl_get__max_frag_len()
for querying the state of the Maximum Fragment Length
extension internal.
Rationale: The value those APIs provide to the user is in
upper bounds for the size of incoming and outgoing records,
which can be used to size application data buffers apporpriately
before passing them to mbedtls_ssl_{read,write}(). However,
there are other factors which influence such upper bounds,
such as the MTU or other extensions (specifically, the
record_size_limit extension which is still to be implemented)
which should be taken into account.
There should be more general APIs for querying the maximum
size of incoming and outgoing records.
For the maximum size of outgoing records, we already have such,
namely mbedtls_ssl_get_max_out_record_payload().
For the maximum size of incoming records, a new API will be
added in a subsequent commit.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Conflicts:
* configs/config-psa-crypto.h: modified here, removed in development
* tests/suites/test_suite_x509parse.data: all conflicts are in depends_on
lines where development made a change unrelated to MBEDTLS_SHAxxx and our
branch either changed `MBEDTLS_SHA256_C` to `MBEDTLS_SHA224_C` or
`MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384` to ``MBEDTLS_SHA384_C`, with
no change to what the test does. Pick the other branch's dependency
changes then apply our SHA dpeendency change.
Although SHA512 is currently required to enable SHA384, this
is expected to change in the future. This commit is an
intermediate step towards fully separating SHA384 and SHA512.
check_config is the only module which enforces that SHA512 is
enabled together with SHA384.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
This function was introduced before ssl_test_common_source.c and so the
function is replicated in both ssl_client2.c and ssl_server2.c. Move
the function to ssl_test_common_source.c to avoid duplication.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
