Gilles Peskine
2c1442ebc0
New sample program to benchmark certificate loading
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:08:33 +02:00
Gilles Peskine
4fa0725936
Merge pull request #5002 from mstarzyk-mobica/psa_output_buffer_limitation
...
Remove output buffer limitation for PSA with GCM.
2021-10-25 19:37:33 +02:00
Gilles Peskine
f7946a6210
Merge pull request #5091 from gilles-peskine-arm/test_equal_verbose
...
Show values when TEST_EQUAL fails
2021-10-22 17:25:03 +02:00
Mateusz Starzyk
30bd7fa607
Change error code for MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-22 10:33:32 +02:00
Mateusz Starzyk
33d01ffe60
Remove redundant value assignemnt to olen.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-21 14:55:59 +02:00
Gilles Peskine
89615eefe7
Show values when TEST_EQUAL fails
...
When TEST_EQUAL fails, show the two numerical values in the test log (only
with host_test). The values are printed in hexa and signed decimal.
The arguments of TEST_EQUAL must now be integers, not pointers or floats.
The current implementation requires them to fit in unsigned long long
Signed values no larger than long long will work too. The implementation
uses unsigned long long rather than uintmax_t to reduce portability
concerns. The snprintf function must support "%llx" and "%lld".
For this purpose, add room for two lines of text to the mbedtls_test_info
structure. This adds 154 bytes of global data.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 22:32:44 +02:00
Gilles Peskine
9202ba37b1
Merge pull request #4960 from mpg/cleanup-tls-cipher-psa-3.x
...
Clean up some remnants of TLS pre-1.2 support
2021-10-19 21:59:15 +02:00
Gilles Peskine
6210320215
Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys
...
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
2021-10-18 17:53:56 +02:00
Gilles Peskine
e7997c494b
Merge pull request #5085 from daverodgman/fix_naming
...
Fix naming examples in TLS 1.3 style guide
2021-10-18 17:52:07 +02:00
Gilles Peskine
bf21c07923
Merge pull request #5072 from mprse/issue_5065
...
Use switch statement instead if-else in psa_aead_check_nonce_length() and psa_aead_set_lengths(). Fixes #5065
2021-10-18 17:51:50 +02:00
Dave Rodgman
c8aaac89d0
Fix naming examples in TLS 1.3 style guide
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-10-18 13:00:51 +01:00
Gilles Peskine
7637ab0d8b
Merge pull request #5037 from mprse/issue_4551
...
Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
2021-10-18 10:39:21 +02:00
Gilles Peskine
0d4640ad90
Merge pull request #4984 from gilles-peskine-arm/check-names-files
...
check_names.py: more robust handling of excluded files
2021-10-15 13:33:50 +02:00
Przemyslaw Stekiel
316c4fa3ce
Address review comments
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-15 08:04:53 +02:00
Gilles Peskine
2bb5e9c973
Merge pull request #4760 from gilles-peskine-arm/ecb-alt-ret-3.0
...
Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
2021-10-14 12:11:20 +02:00
Przemyslaw Stekiel
ed61c5e8b0
Add change-log file (issue #5065 )
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-14 09:14:09 +02:00
Gilles Peskine
1c66bf8061
Merge pull request #5070 from mpg/fix-resumption-openssl-client-tests
...
Use newer OpenSSL for tests failing with the old
2021-10-13 21:05:15 +02:00
Paul Elliott
0421715ade
Use 127.0.0.1 rather than localhost
...
This was causing some tests using the openssl s_client to not connect -
I suspect this was due to localhost (at least on my machine) resolving
to ::1 rather than 127.0.0.1. Note that the error seen would have been
that the session file specified with -sess_out did not get created.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 16:14:47 +01:00
Paul Elliott
1428f252ad
Fix incorrect check for DTLS
...
Missing wildcards meant that some servers were not identified as DTLS,
which lead to port checking on TCP rather than UDP, and thus mistakenly
cancelling tests as the server had not come up.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 16:14:40 +01:00
Paul Elliott
09cfa18976
Spelling fix
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 16:13:44 +01:00
Przemyslaw Stekiel
4cad4fc8a9
psa_crypto.c: use switch instead if-else in psa_aead_check_nonce_length and psa_aead_set_lengths ( fixes #5065 )
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-13 14:04:36 +02:00
Przemyslaw Stekiel
1ecfdea002
all.sh: add full - MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-13 13:27:34 +02:00
Manuel Pégourié-Gonnard
d60950c2d0
Use newer OpenSSL for tests failing with the old
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-13 13:12:47 +02:00
Ronald Cron
e3e16d5d67
Merge pull request #4982 from yuhaoth/pr/add-read-ptr-and-handshake-kex-modes
...
TLS1.3:add read ptr and handshake kex modes
CI merge job: only "Session resume using tickets, DTLS: openssl client" failed in one component thus CI can be considered as passed.
2021-10-11 19:23:12 +02:00
Ronald Cron
e23bba04ee
Merge pull request #4927 from yuhaoth/pr/add-tls13-serverhello-utils
...
TLS 1.3: ServerHello: add utils functions used by ServerHello
Regarding the merge job, there was only one of the failure we currently encounter on almost all PR (Session resume using tickets, DTLS: openssl client test case see #5012 ) thus we can consider that this PR passed CI.
2021-10-11 11:01:11 +02:00
Przemyslaw Stekiel
b576c7b779
Address review comments
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-11 10:43:17 +02:00
Jerry Yu
e4eefc716a
Improve document for chk_buf_read_ptr
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-09 10:40:40 +08:00
Jerry Yu
fd320e9a6e
Replace zeroize with memset
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 21:52:41 +08:00
Przemyslaw Stekiel
25f7063533
enerate_psa_tests.py fix format
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 15:28:45 +02:00
Jerry Yu
88b756bacb
move tls1_3 max md size
...
It should be internal definition
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 18:41:38 +08:00
Przemyslaw Stekiel
d9d630cdf3
Addapt psa_generate_key() tests
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 12:26:21 +02:00
Jerry Yu
d1ab262844
define max md size for tls1_3
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 16:19:24 +08:00
Jerry Yu
205fd82f7e
fix check_name fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 16:16:24 +08:00
Jerry Yu
ae0b2e2a2f
Rename counter_len
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 15:40:14 +08:00
Jerry Yu
c1ddeef53a
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 15:40:14 +08:00
Jerry Yu
dca3d5ddf9
fix document issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:19:29 +08:00
Jerry Yu
0cabad375b
fix doxygen parameter wrong
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
adf861aad4
Address kex_modes check function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
e15e665cfb
fix comments and check return issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
1b7c4a464c
tls13: add key exchange modes in handshake params
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
34da3727d6
Add check read ptr macro
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Przemyslaw Stekiel
770153e836
Add change-log entry
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-07 11:12:41 +02:00
Przemyslaw Stekiel
c0fe820dc9
psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-07 11:08:56 +02:00
Gilles Peskine
0c7c524b25
Merge pull request #5001 from gilles-peskine-arm/readme-add-contacts
...
Add contact information directly on the home page
2021-10-06 19:35:52 +02:00
Gilles Peskine
bf3ec84b1c
Merge pull request #5003 from gilles-peskine-arm/all.sh-makeflags-nproc
...
Limit make parallelism to the number of CPUs in all.sh
2021-10-06 19:35:12 +02:00
Mateusz Starzyk
c48f43b44d
Fix PSA AEAD GCM's update output buffer length verification.
...
Move GCM's update output buffer length verification
from PSA AEAD to the built-in implementation of the GCM.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-04 13:54:55 +02:00
Mateusz Starzyk
f28261fc14
Remove output buffer limitation for PSA with GCM.
...
The requirement of minimum 15 bytes for output buffer in
psa_aead_finish() and psa_aead_verify() does not apply
to the built-in implementation of the GCM.
Alternative implementations are expected to verify the
length of the provided output buffers and to return
the MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the
buffer length is too small.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-04 13:54:54 +02:00
Gilles Peskine
023aa11760
Merge pull request #4996 from mprse/mbedtls_cipher_setup_psa_ECB
...
Fix test gap: mbedtls_cipher_setup_psa() with ECB
2021-10-01 14:49:10 +02:00
Gilles Peskine
2aefc9ef2e
Fix typo in comment
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 20:34:53 +02:00
Gilles Peskine
fcc93d797b
Make MBEDTLS_IGNORE_RETURN configurable
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 18:56:17 +02:00