Commit graph

23192 commits

Author SHA1 Message Date
Yanray Wang
5d646e705d compat.sh: do not filter PSK ciphersuites for GnuTLS if $VERIFY=YES
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:51 +08:00
Yanray Wang
c66a46f734 compat.sh: remove check_openssl_server_bug
As there is no $VERIFY for PSK test cases,
check_openssl_server_bug is not functional in compat.sh.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:51 +08:00
Yanray Wang
35c0eadf0f compat.sh: avoid running duplicate test cases for PSK
With the introduction of PSK_TESTS,
 - Either `compat.sh -V NO` or `compat.sh -V YES` runs the PSK tests
 - `compat.sh` or `compat.sh -V "NO YES"` runs PSK tests only once

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:51 +08:00
Yanray Wang
dae7057e1f compat.sh: ignore $VERIFY in PSK TYPE
There is no need to provide CA file in PSK. Thus VERIFY is
meaningless for PSK. This change omits the arguments passed to
the client and server for $VERIFY=YES.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:20 +08:00
Gilles Peskine
10ada35019
Merge pull request #7022 from daverodgman/3DES-warning
Improve warnings for DES/3DES
2023-02-03 16:41:34 +01:00
Gilles Peskine
0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3
Parsing v3 extensions from a CSR - v.2
2023-02-03 16:41:11 +01:00
Gilles Peskine
80c552556a
Merge pull request #6791 from yanrayw/6675-change-some-key-generation-funcs-to-static
TLS 1.3: Key Generation: change some key generation functions to static
2023-02-03 11:56:35 +01:00
Gilles Peskine
753ad17a41
Merge pull request #6982 from aditya-deshpande-arm/check-files-characters
check_files.py: Allow specific Box Drawing characters to be used
2023-02-03 11:46:06 +01:00
Gilles Peskine
e2db23d741
Merge pull request #6902 from yanrayw/6651-enable-cipher-suite-names-consistent
compat.sh: report and filter cipher suite names consistently
2023-02-03 11:38:31 +01:00
Manuel Pégourié-Gonnard
bae8d2ae13
Merge pull request #7028 from daverodgman/sizeof-brackets
Fix use of sizeof without brackets
2023-02-03 10:29:56 +01:00
Manuel Pégourié-Gonnard
d56def5c30
Merge pull request #6946 from valeriosetti/issue6856
driver-only ECDSA: fix testing disparities in ecp, random, se_driver_hal
2023-02-03 08:51:04 +01:00
Yanray Wang
131ec931eb Remove the additional dot in output of compat.sh
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-03 12:13:04 +08:00
Dave Rodgman
fdbfaafc2f Additional warnings in cipher.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 13:44:31 +00:00
Dave Rodgman
23caf02c5b Update warnings in cipher.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 13:17:34 +00:00
Dave Rodgman
6dd757a8ba Fix use of sizeof without brackets
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 12:40:50 +00:00
Dave Rodgman
c04515b83c Improve warnings for DES/3DES
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 10:47:58 +00:00
Valerio Setti
00c1ccb08c depends.py: fix typo and slightly reorganized code
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-02 11:33:31 +01:00
Gilles Peskine
24c6f49530
Merge pull request #7005 from tom-cosgrove-arm/fix-doxygen-typos-in-new-bignum
Fix typos in doxygen commands in new bignum modules
2023-02-01 19:05:04 +01:00
Aditya Deshpande
ebb2269f68 Allow whole Box Drawings range
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-02-01 13:30:26 +00:00
Gilles Peskine
a193986aab
Merge pull request #6942 from ucko/2023a-bignum
mbedtls_mpi_sub_abs: Skip memcpy when redundant (#6701).
2023-02-01 11:36:25 +01:00
Tom Cosgrove
8a1f784ece Fix typos in doxygen commands in new bignum modules
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-02-01 08:43:54 +00:00
Yanray Wang
a12cecbe47 Modify some comments in ssl_tls13_keys.c
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-01 14:29:51 +08:00
Aaron M. Ucko
a2b674f9a7 Simplify ChangeLog entry for mbedtls_mpi_sub_abs fix.
Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>
2023-01-31 15:31:18 -05:00
Gilles Peskine
c567b74e6e
Merge pull request #6964 from davidhorstmann-arm/code-style-improvements
Improvements to code style script
2023-01-31 21:22:57 +01:00
Gilles Peskine
f6b9823422
Merge pull request #6979 from daverodgman/const-time-asm-vol
Inhibit compiler from optimising out const-time asm
2023-01-31 11:28:45 +01:00
Gilles Peskine
470f10cfc5
Merge pull request #6941 from gabor-mezei-arm/6375_quasi-reduction_function
Add function to fix quasi-reduction
2023-01-31 11:25:25 +01:00
Gabor Mezei
db1607fa69
Remove unneeded include
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-30 16:27:48 +01:00
Aditya Deshpande
15b6dd0fb4 Modify comments to make them more inclusive
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 13:46:58 +00:00
Aditya Deshpande
ea637081dd Allow specific Box Drawing UTF characters that are used in Markdown trees in check_files.py
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 13:19:32 +00:00
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843
Improve X.509 cert writing serial number management
2023-01-30 13:08:57 +01:00
Dave Rodgman
4610d4b7a6 Inhibit compiler from optimising out const-time asm
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-30 09:26:48 +00:00
Manuel Pégourié-Gonnard
e28397a376
Merge pull request #6938 from aditya-deshpande-arm/check-names-exclusions
check_names.py: Compare identifiers in excluded files against symbols parsed by nm
2023-01-30 09:21:58 +01:00
Przemek Stekiel
3022370896 Add changelog entry for V3 extensions in CSR
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-27 16:06:08 +01:00
Gabor Mezei
b57c908855
Shorten the prefix of the test case belongs to the fix quasi-reduction function
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-27 14:37:42 +01:00
Gabor Mezei
26439bf692
Revert "Add dependency for generated test cases"
The 'MBEDTLS_TEST_HOOKS' belongs to a test function and
not to a test case.

This reverts commit 1e8c210b9d.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-27 14:33:50 +01:00
Valerio Setti
18b9b035ad test: add test for a full length serial of 0xFF
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-27 11:47:57 +01:00
Valerio Setti
a87f839113 test: improve error handling in x509_set_serial_check()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-27 11:29:42 +01:00
Valerio Setti
9b5e1da8f8 fixing a typo in comment
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-27 11:29:35 +01:00
Manuel Pégourié-Gonnard
169d9e6eb4
Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215
Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS
2023-01-27 10:05:00 +01:00
Przemek Stekiel
59f4a18b6f Fix test dependency SHA1 -> SHA256
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-27 07:14:14 +01:00
Przemek Stekiel
36ad5e7ab5 Fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-26 22:30:45 +01:00
Gilles Peskine
b82977a429
Merge pull request #6962 from davidhorstmann-arm/fix-check-python-errors
Fix check python errors
2023-01-26 21:54:25 +01:00
Gilles Peskine
81505e4a16
Merge pull request #6917 from yanrayw/6658-not-print-Terminated-ubuntu-22.04
Fix the problem of printing "Terminated" in compat.sh under Ubuntu-22.04
2023-01-26 21:53:33 +01:00
Gilles Peskine
b20028b3a3 Avoid using external programs in inner loops
Don't use external programs for string manipulation that the shell can do.
This makes the script a little faster (~10% when testing PSK).

For this commit, I only looked at code run in the innermost loop.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-26 21:45:45 +01:00
Gilles Peskine
47aab850da Batch cipher translations to go faster
Python has a high startup cost, so go back to invoking it only once per
server start, rather than once per client start. This is a measurable
performance improvement (running time ~*0.5 with PSK, less dramatic with
asymmetric crypto).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-26 21:45:45 +01:00
Gilles Peskine
292cd6f4e5 Don't use the cipher suite in check_openssl_server_bug
We can detect PSK based on $TYPE. This allows more flexibility in how cipher
suites are spelled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-26 21:44:26 +01:00
Valerio Setti
af4815c6a4 x509: replace/fix name of new function for setting serial
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-26 17:43:09 +01:00
Gabor Mezei
1e8c210b9d
Add dependency for generated test cases
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-26 12:30:01 +01:00
Janos Follath
803638c023
Merge pull request #6939 from minosgalanakis/bignum/6027_hardcode_montgomery_moduli
Bignum: hardcode montgomery moduli
2023-01-25 16:51:11 +00:00
Przemek Stekiel
32e20919ac Remove redundant check and add comment to inform about processing of empty extensions
Netscape Certificate Management System Administrator's Guide: Extension-Specific Policy Modules, Chapter 18: Extension-Specific Policy Modules, Netscape Certificate Type Extension Policy:
> The extension has no default value.

A bitstring with no flags set is still technically valid, as it will mean that the certificate has no designated purpose at the time of creation.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-25 16:20:25 +01:00