Commit graph

28353 commits

Author SHA1 Message Date
Gilles Peskine
4dec9ebdc2
Merge pull request #8378 from mschulz-at-hilscher/fixes/issue-8377
Fixes "CSR parsing with critical fields fails"
2023-11-08 18:07:04 +00:00
Gilles Peskine
c75ee77dbb
Merge pull request #8439 from yuhaoth/pr/add-test-suite-parameter-to-ssl-opt
Add test-suite parameter to filter tests
2023-11-08 18:05:44 +00:00
Gilles Peskine
b97058e2d5
Merge pull request #8496 from ronald-cron-arm/remove-cocci-files
Remove unused *.cocci files
2023-11-08 18:05:13 +00:00
Dave Rodgman
0d22539de0
Merge pull request #8468 from daverodgman/mbedtls-3.5.1-pr
Mbed TLS 3.5.1
2023-11-08 18:01:32 +00:00
Ryan Everett
5567e3a34b Make empty key slots explicit
Add new status field to key slots, and use it.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-11-08 13:28:20 +00:00
Valerio Setti
b9015385fd test_driver_extension: use same def/undef pattern for all accelerated symbols
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-08 13:11:10 +01:00
Manuel Pégourié-Gonnard
3e1d39b332 Add check about legacy dependencies in PSA tests
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-08 12:54:02 +01:00
Dave Rodgman
9eb2abd1e0 Add docs re Everest license
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:17 +00:00
Dave Rodgman
9f747537cf Update BRANCHES
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:11 +00:00
Dave Rodgman
28d40930ae Restore bump version
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:08 +00:00
Dave Rodgman
39b2a38076 Restore 3.5.1 ChangeLog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:04 +00:00
Dave Rodgman
a2d14ef764 Merge remote-tracking branch 'origin/development' into mbedtls-3.5.1-pr
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:39:53 +00:00
Dave Rodgman
47854e638b Revert back to v3.5.0
git revert v3.5.0..v3.5.1
git rebase to combine the resulting revert commits

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:38:57 +00:00
Dave Rodgman
edb8fec988 Add docs re Everest license
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:36:00 +00:00
Gilles Peskine
1d6de4ceb7 No more limitations accelerated algorithms using a built-in hash
It used to be the case that when an algorithm that uses a hash inside was
accelerated through a PSA driver, it might end up calling a hash algorithm
that is not available from the driver. Since we introduced MBEDTLS_MD_LIGHT,
this no longer happens: PSA accelerated hashes are available to callers of
the MD module, so the test driver can use all available hash algorithms.
Hence the workaround to skip testing certain accelerated cases is no longer
needed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-08 12:30:52 +01:00
Manuel Pégourié-Gonnard
fcc5f31bb8 Rm unjustified MD_C dependencies in PSA test
RSA will auto-enable MD_LIGHT, we don't need to list MD_C as a
dependency here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-08 12:30:52 +01:00
Manuel Pégourié-Gonnard
af302b9e5d Rm unjustified PK_C dependencies in PSA tests
Some are about raw or AES keys where PK seems really unrelated.

The others are about RSA where PK may be relevant, but the necessary
bits of PK are auto-enabled when RSA key types are requested, so we
shouldn't need to list them as dependencies in tests.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-08 12:30:52 +01:00
Manuel Pégourié-Gonnard
433150e8f2 Rm redundant ECC dependencies in psa_crypto tests
Since _DERIVE can't be accelerated now, in
config_adjust_legacy_from_psa.h we will notice and auto-enable ECP_LIGHT
as well as the built-in version of each curve that's supported in this
build. So, we don't need to list those as dependencies here - and they
would cause issues when we add support for _DERIVE drivers.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-08 12:30:51 +01:00
Manuel Pégourié-Gonnard
59a8b41ca3 Fix incorrect RSA dependencies in psa_crypto tests
There's no reason the tests would depend specifically on our built-in
implementation and not work with drivers, so replace the RSA_C
dependency with the correct PSA_WANT dependencies.

Those 6 cases use two different test functions, but both of those
functions only do `psa_import()`, so all that's needed is PUBLIC_KEY or
KEYPAIR_IMPORT (which implies KEYPAIR_BASIC) depending on the kind of
key being tested.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-08 12:30:51 +01:00
Manuel Pégourié-Gonnard
0d9a3618bd Rm unneeded dep on PK_PARSE_C in psa crypto tests
Most of them were removed in 7162, not sure how these ones slipped in.

There's no reason deterministic ECDSA verification would need PK parse
more than the other tests. The following finds no match:

    grep -i pk_parse library/ecdsa.c library/psa_crypto_ecp.c

Even if PK parse was actually needed for this, the right way would be to
auto-enable it based on PSA_WANT symbols, and then only depend on
PSA_WANT symbols here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-08 12:30:51 +01:00
Yanray Wang
d137da5a93 check_config: make error message in BLOCK_CIPHER_NO_DECRYPT clearer
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-08 19:17:44 +08:00
Yanray Wang
004a60c087 aes.c: remove non-functional code
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-08 19:05:31 +08:00
Yanray Wang
65f7653bdd tls1.3: early data: rephrase ChangeLog
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-08 18:48:33 +08:00
Ronald Cron
f95b678729 Remove unused *.cocci files
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-11-08 10:08:09 +01:00
Ronald Cron
c27a4ce3dd
Merge pull request #8429 from gilles-peskine-arm/fix-test_suite_constant_time_hmac-not-executed
Fix test suite never executed due to an undefined symbol
2023-11-08 09:05:12 +00:00
Pengyu Lv
2bd56de3f4 ssl: replace MBEDTLS_SSL_HAVE_*_CBC with two seperate macros
MBEDTLS_SSL_HAVE_<block_cipher>_CBC equals
MBEDTLS_SSL_HAVE_<block_cipher> and MBEDTLS_SSL_HAVE_CBC.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 14:21:19 +08:00
Pengyu Lv
ba6825e37b ssl: use MBEDTLS_SSL_HAVE_* in tests
Done by commands:

```
sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 14:09:16 +08:00
Yanray Wang
eb61868878 tls1.3: early data: add ChangeLog entry
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-08 13:46:28 +08:00
Pengyu Lv
65458fa969 ssl: MBEDTLS_SSL_HAVE_* in ssl_misc.h
Done by commands:

```
sed -i "300,$ s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
sed -i "300,$ s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
sed -i "300,$ s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 12:16:29 +08:00
Pengyu Lv
829dd2048a ssl: use MBEDTLS_SSL_HAVE_* in ssl_ciphersuites.c
Mainly done by the commands, with some manual adjust.

```
sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 12:01:26 +08:00
Pengyu Lv
f1b86b088f ssl: add macro to indicate CBC mode is available
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 11:28:42 +08:00
Pengyu Lv
e870cc8c86 ssl: add macro for available key types
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 11:28:36 +08:00
Yanray Wang
7b320fa7c9 ssl-opt.sh: fix typo
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-08 10:33:32 +08:00
Pengyu Lv
fe03a4071b ssl_helper: fix missin initialization of cli_log_obj
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 10:30:48 +08:00
Yanray Wang
8636d471b3 config-tfm.h: License Change
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-08 10:07:03 +08:00
Yanray Wang
30769696e7 Merge remote-tracking branch 'origin/development' into adjust_tfm_configs 2023-11-08 10:00:24 +08:00
Matthias Schulz
c55b500343 Changed notes in x509_csr.h to better describe the behavior of mbedtls_x509_csr_parse_der and mbedtls_x509_csr_parse_der_with_ext_cb.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-07 16:47:37 +01:00
Matthias Schulz
e92f6dcf5c New test cases requested in https://github.com/Mbed-TLS/mbedtls/pull/8378#discussion_r1383779861
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-07 15:16:35 +01:00
Tom Cosgrove
53199b1c0a
Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed
TLS 1.3: EarlyData SRV: Write early data extension  in EncryptedExtension
2023-11-07 13:59:13 +00:00
Dave Rodgman
7604915cce Update Changelog with bugfix entry
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-07 12:33:17 +00:00
Yanray Wang
4995e0c31b cipher.c: return error for ECB-decrypt under BLOCK_CIPHER_NO_DECRYPT
- fix remaining dependency in test_suite_psa_crypto.data

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 17:51:32 +08:00
Tom Cosgrove
4122c16abd
Merge pull request #6945 from lpy4105/issue/6935/ticket_flags-kex-mode-determination
TLS 1.3: SRV: Check ticket_flags on kex mode determination when resumption
2023-11-07 09:26:21 +00:00
Jerry Yu
7cca7f6820 move ext print to the end of write client hello
pre_shared_key extension is done at the end. The
information should be print after that

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-07 15:19:13 +08:00
Jerry Yu
1ccd6108e8 Revert "fix miss sent extensions mask"
This reverts commit 06b364fdfd.

It has been set in write_binders

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-07 14:57:44 +08:00
Jerry Yu
7ef9fd8989 fix various issues
- Debug message
- Improve comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-07 14:31:37 +08:00
Jerry Yu
2bea94ce2e check the ticket version unconditional
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-07 14:18:17 +08:00
Yanray Wang
0751761b49 max_early_data_size: rename configuration function
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:34 +08:00
Yanray Wang
d5ed36ff24 early data: rename configuration function
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:24 +08:00
Pengyu Lv
4ebf86e780 tls13-misc: Do not check kex mode for some cases
Ephemeral is preferred over pure PSK, the change is
to make CI happy.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-07 10:14:32 +08:00
Pengyu Lv
44670c6eda Revert "TLS 1.3: SRV: Don't select ephemeral mode on resumption"
This reverts commit dadeb20383.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-07 09:58:53 +08:00