Dave Rodgman
5a1d00f03d
Merge remote-tracking branch 'origin/development' into fast_xor
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-25 17:10:25 +00:00
Dave Rodgman
bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0
...
Fix NULL+0 undefined behavior in PSA crypto ECB
2022-11-25 17:07:46 +00:00
Bence Szépkúti
6e85673e8d
Merge pull request #3431 from naynajain/development-pkcs7
...
PKCS7 Parser - RFC 2315
2022-11-25 15:55:46 +01:00
Janos Follath
505a228b7b
Merge pull request #6606 from gabor-mezei-arm/6222_bignum_low_level_subtraction
...
Bignum: Add low level subtraction
2022-11-25 13:27:23 +00:00
Dave Rodgman
f1419dbbe8
Merge pull request #6381 from tom-cosgrove-arm/pr2164
...
mbedtls: fix possible false success in mbedtls_cipher_check_tag()
2022-11-25 10:55:10 +00:00
Bence Szépkúti
ae79fb2c2e
Merge branch 'development' into pr3431
2022-11-25 03:12:43 +01:00
Gilles Peskine
4bdb9fbfa2
Enable all ciphers in OpenSSL >=1.1.0
...
OpenSSL may be configured to support features such as cipher suites or
protocol versions that are disabled by default. Enable them all: we're
testing, we don't care about enabling insecure stuff. This is not needed
with the builds of OpenSSL that we're currently using on the Jenkins CI, but
it's needed with more recent versions such as typically found on developer
machines, and with future CI additions.
The syntax to do that was only introduced in OpenSSL 1.1.0; fortunately we
don't need to do anything special with earlier versions.
With OpenSSL 1.1.1f on Ubuntu 20.04, this allows SHA-1 in certificates,
which is still needed for a few test cases in ssl-opt.sh. Curiously, this is
also needed for the cipher suite TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 (and
no other, including other DHE-PSK or ARIA cipher suites).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-24 22:41:55 +01:00
Dave Rodgman
7a910a8be0
Minor formatting tweaks
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-24 21:17:40 +00:00
Gabor Mezei
cbcbf4e434
Remove hand-written tests got raw_mod_sub
...
The generated tests cover all off the hand-written tests.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-11-24 11:48:59 +01:00
Dave Rodgman
3172e4e1c9
Fix typo in test_suite_common
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 19:38:13 +00:00
Dave Rodgman
15531bc6d2
Test for all alignment combinations
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 16:51:12 +00:00
Gabor Mezei
b3b3466657
Test subtraction if the parameters are aliased to each other
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-11-23 14:44:14 +01:00
Gabor Mezei
4d3f3c5430
Fix the checking of the used limbs
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-11-23 14:44:14 +01:00
Gabor Mezei
68a45e0aaf
Fix potential not initialized warning
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-11-23 14:44:14 +01:00
Gabor Mezei
c426d9b6cc
Add generated test for low level subtraction with modulus
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-11-23 14:44:13 +01:00
Gabor Mezei
cefe03a10c
Add tests for low level subtraction with modulus
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-11-23 14:44:13 +01:00
Janos Follath
531a871b88
Merge pull request #6235 from tom-cosgrove-arm/issue-6231-core-sub-int
...
Bignum: extract core_sub_int from the prototype
2022-11-23 13:32:02 +00:00
Gilles Peskine
42649d9270
Fix NULL+0 undefined behavior in ECB encryption and decryption
...
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-23 14:16:52 +01:00
Manuel Pégourié-Gonnard
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847
...
Use PSA EC-JPAKE in TLS (1.2) - Part 2
2022-11-23 13:27:30 +01:00
Ronald Cron
1d1d53622f
Merge pull request #6490 from xkqian/tls13_parse_early_data_indication_ee
...
The internal CI merge job ran successfully.
2022-11-23 12:31:25 +01:00
Ronald Cron
cb0e680779
Merge pull request #6476 from yuhaoth/pr/fix-tls13-mbedtls_ssl_is_handshake_over
...
TLS 1.3: Fix tls13 mbedtls ssl is handshake over
2022-11-23 12:12:02 +01:00
Ronald Cron
d8603a7b44
Merge pull request #6638 from ronald-cron-arm/tls13-misc
...
TLS 1.3: Adjustments for the coming release
2022-11-23 09:07:36 +01:00
Dave Rodgman
8c18baf8c1
Add test for unaligned buffers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 18:15:55 +00:00
Dave Rodgman
4413b6690f
Add tests for mbedtls_xor
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:43 +00:00
Tom Cosgrove
d66d5b2fef
Add unit tests for mbedtls_mpi_core_sub_int(), MPI A - scalar b
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-22 15:07:31 +00:00
Bence Szépkúti
a17d038ee1
Merge branch 'development' into pr3431
2022-11-22 15:54:52 +01:00
Janos Follath
0fc88779ec
Merge pull request #6632 from yanesca/refactor_bignum_test_framework
...
Refactor bignum test framework
2022-11-22 14:53:58 +00:00
Gilles Peskine
a08103aa94
Merge pull request #6611 from gilles-peskine-arm/run-test-suites-out-of-tree
...
Fix run-test-suites.pl in out-of-tree builds
2022-11-22 15:01:13 +01:00
Gilles Peskine
4f19d86e3f
Merge pull request #6608 from mprse/ecjpake_password_fix
...
Make a copy of the password key in operation object while setting j-pake password
2022-11-22 14:52:12 +01:00
Xiaokang Qian
8bee89994d
Add parse function for early data in encrypted extentions
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-22 09:40:07 +00:00
Ronald Cron
c2e110f445
tls13: Disable MBEDTLS_SSL_EARLY_DATA by default
...
Eventually we want it to be enabled by default
when TLS 1.3 is enabled but currently the
feature is on development thus it should not be
enabled by default.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-22 09:01:46 +01:00
Gilles Peskine
339406daf9
Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub
...
Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
2022-11-21 19:51:58 +01:00
Gilles Peskine
8b85b4835e
Merge pull request #6617 from tom-cosgrove-arm/call-mbedtls_mpi_mod_modulus_init-first-final-2
...
Must call mbedtls_mpi_mod_modulus_init() before anything else in tests
2022-11-21 19:50:20 +01:00
Przemek Stekiel
f82effa982
Optimize pake test code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-21 15:10:32 +01:00
Przemek Stekiel
cd356c3cdb
Add ec-jpake test to verify if key can be destroyed after set_password_key
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-21 12:25:21 +01:00
Dave Rodgman
9e1836cc16
Merge pull request #6593 from Mbed-TLS/fix_tls12_sent_sigalgs
...
Fix TLS1.2 signature algorithms list entry getting overwritten by length.
2022-11-21 10:09:57 +00:00
Janos Follath
f45797652f
Bignum tests: set unique combinations off by default
...
Normally we need all the combinations, unique combinations make sense
only if the operation is commutative.
No changes to generated tests.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
351e6885f5
Make pylint happy
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
87df373e0e
Bignum test: Move identical function to superclass
...
No intended change in generated test cases.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:13 +00:00
Janos Follath
0cd8967ba1
Split test generator base class
...
The class BaseTarget served two purposes:
- track test cases and target files for generation
- provide an abstract base class for individual test groups
Splitting these allows decoupling these two and to have further common
superclasses across targets.
No intended change in generated test cases.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:13 +00:00
Jerry Yu
dddd35ccf3
remvoe unrelative change
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-20 12:31:45 +08:00
Jerry Yu
a8d3c5048f
Rename new session ticket name for TLS 1.3
...
NewSessionTicket is different with TLS 1.2.
It should not share same state.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
c5826eaba2
Add debug message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
6969eee5d2
Remove Terminated
message on 22.04
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Xiaokang Qian
4e83173bb7
Skip early data basic check temp
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-18 10:57:46 +00:00
Manuel Pégourié-Gonnard
ba7c006222
Merge pull request #6466 from mprse/driver-only-hash-ci
...
Driver-only hashes: test coverage in the CI
2022-11-18 09:31:13 +01:00
Paul Elliott
f6e342cae2
Add test for single signature alg with openssl
...
Test supplied by Gilles Peskine. Also rename previous test to fit to
naming pattern.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Paul Elliott
3b4cedaa71
Add SSL_SRV requirement to test
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Andrzej Kurek
ec71b0937f
Introduce a test for single signature algorithm correctness
...
The value of the first sent signature algorithm is overwritten.
This test forces only a single algorithm to be sent and then
validates that the client received such algorithm.
04 03 is the expected value for SECP256R1_SHA256.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-11-17 14:58:14 +00:00
Ronald Cron
d12922a69a
Merge pull request #6486 from xkqian/tls13_add_early_data_indication
...
The merge job of the internal CI ran successfully. This is good to go.
2022-11-17 12:48:50 +01:00