Janos Follath
1d26d976e8
Merge pull request #6731 from tom-cosgrove-arm/issue-6293-mod_exp
...
Require input to mbedtls_mpi_core_exp_mod() to already be in Montgomery form
2022-12-07 08:31:49 +00:00
Gilles Peskine
8781dd0e61
Fix overly large allocations of MPIs
...
The second argument of ASSERT_ALLOC is a number of array elements, not a
number of bytes.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-06 23:05:06 +01:00
Gilles Peskine
de09ddd64e
Move tests of random-in-range functions to their own suite
...
The random-in-nrange test code has auxiliary functions that are common to all
the interfaces (core, mod_raw (upcoming), mod (upcoming), legacy), and does
some differential testing to check that all the layers consume the RNG in
the saame way. Test them all in the same test suite.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-06 22:50:11 +01:00
Dave Rodgman
1fe45295d7
Merge pull request #6685 from gilles-peskine-arm/valgrind-cf-skip-tests
...
Rationalize Valgrind tests
2022-12-06 18:39:32 +00:00
David Horstmann
92b5ac1a47
Add all.sh component to test with code style
...
Run the main test suites after running code style correction to check
that code style correction does not break these tests.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-12-06 17:44:30 +00:00
Dave Rodgman
556e8a3219
Fix additional mis-spelling
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-06 16:31:25 +00:00
David Horstmann
6e5bc03311
Add ChangeLog entry for code style script
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-12-06 16:09:17 +00:00
David Horstmann
1b84781184
Disable code style correction in check_config.h
...
Code style correction currently messes up check_names.py
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-12-06 16:09:17 +00:00
David Horstmann
fa928f1c44
Add script to run Uncrustify
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-12-06 15:04:37 +00:00
Dave Rodgman
92011eef34
Merge pull request #6717 from tom-cosgrove-arm/fix-typos-2212
...
Fix typos prior to release
2022-12-06 15:00:34 +00:00
David Horstmann
e6cb118d56
Add configuration file for Uncrustify
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-12-06 14:46:29 +00:00
Dave Rodgman
614688711d
Fix spelling of test dependency
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-06 14:44:08 +00:00
Tom Cosgrove
0a0ddedfb7
Have mbedtls_mpi_core_exp_mod() take a temporary instead of allocating memory
...
Last PR needed for #6293
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-06 14:37:18 +00:00
Dave Rodgman
98be95563d
Merge pull request #6689 from gilles-peskine-arm/changelog-20221129-pre-3.3
...
Changelog improvements for 3.3
2022-12-06 13:37:24 +00:00
Tom Cosgrove
21d459d26a
Add type annotations
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-06 12:36:00 +00:00
Tom Cosgrove
c240600f24
Separate out to_montgomery and from_montgomery for bignum tests
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-06 12:20:43 +00:00
Werner Lewis
3f2999ad25
Rename test_suite_bignum_mod.data for consistency
...
Use the same naming convention as bignum and bignum_core now that test
data is generated.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-06 11:55:32 +00:00
Werner Lewis
93a31c9efd
Re-enable pylint unused warnings
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-06 11:55:32 +00:00
Werner Lewis
e1b6b7c0ac
Implement mbedtls_mpi_mod_add()
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-06 11:55:32 +00:00
Janos Follath
977c53f00a
Merge pull request #6704 from tom-cosgrove-arm/issue-6020-mod_sub
...
Implement mbedtls_mpi_mod_sub()
2022-12-06 11:53:41 +00:00
Tom Cosgrove
ecda186893
Require input to mbedtls_mpi_core_exp_mod() to already be in Montgomery form
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-06 10:46:30 +00:00
Valerio Setti
ba22c9c1ff
test: pake: remove useless check in ssl_ecjpake_set_password()
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-06 11:42:33 +01:00
Valerio Setti
2e1e43fb82
test: pake: fix error in ssl_ecjpake_set_password()
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-06 11:41:57 +01:00
Gilles Peskine
77d3057c6d
More grammar fixes
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-06 11:25:09 +01:00
Manuel Pégourié-Gonnard
ad27b8074f
Declare ECP_RESTARTABLE and USE_PSA compatible
...
This is only the beginning:
- some test failures in test_suite_pk, test_suite_x509 and ssl-opt.sh
will be fixed in the next few commits;
- then the interactions between those options will be documented and
tested.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-06 11:05:28 +01:00
Jerry Yu
6ee56aa18f
Add default values for conf->*early_data*
...
- early_data default to disable
- max_early_data_size default to built-in value
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 18:00:47 +08:00
Manuel Pégourié-Gonnard
2b7ad6472b
Document all effects of MBEDTLS_ECP_RESTARTABLE
...
It might not be obvious that this option goes beyond adding new
functions, but also automagically modifies the behaviour of TLS
in some circumstances. Moreover, the exact modifications and
circumstances were not documented anywhere outside the ChangeLog.
Fix that.
While at it, adjust the test that checks no restartable behaviour with
other key exchanges, to use a key exchange that allows cert-based client
authentication so that we can check that this is not restartable either.
We don't have any automated test checking that the server is never
affected. That would require adding an ec_max_ops command-line option to
ssl_server2 that never has any effect, just to check that it indeed
doesn't. I'm not sure that's worth it. I tested manually and could
confirm that the server never has restartable behaviour, even for the
parts that are shared between client and server such as cert chain
verification.
Note (from re-reading the code): all restartable behaviour is controlled
by the flag ssl->handshake->ecrs_enabled which is only client-side with
the ECDHE-ECDSA key exchange (TLS 1.2).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-06 10:54:35 +01:00
Jerry Yu
39da9857df
remove limitation of max_early_data_size
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 16:58:36 +08:00
Jerry Yu
d146a37d56
Change the definition of max_early_data_size argument.
...
`conf_max_early_data_size` does not reuse as en/disable. When
call it, we should call `conf_early_data()` also.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 14:56:54 +08:00
Jerry Yu
2c93fc1544
Revert "Add reco_debug_level to reduce debug output"
...
This reverts commit a6934776c9
.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 11:05:54 +08:00
Jerry Yu
12c46bd14f
fix various issues
...
- disable reuse of max_early_data_size.
- make conf_early_data available for server.
- various comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 11:02:51 +08:00
Dave Rodgman
80f8c679c5
Merge pull request #6709 from daverodgman/pkcs7-docs
...
Add warnings & disable PKCS #7 by default
2022-12-05 16:24:29 +00:00
Dave Rodgman
4705f2d8a1
Merge pull request #976 from Mbed-TLS/merge-dev
...
Merge development into restricted
2022-12-05 16:21:17 +00:00
Tom Cosgrove
f51f972d67
Apply review comments
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-05 15:47:40 +00:00
Dave Rodgman
e1cda441a0
Merge pull request #6722 from daverodgman/fix_pr_template_link
...
Fix broken link
2022-12-05 13:23:17 +00:00
Tom Cosgrove
ed4f59eec3
Fix another typo where 'PSK' was 'PKS'
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-05 12:07:50 +00:00
Jerry Yu
e01304f6d8
fix type conversion issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 19:58:46 +08:00
Jerry Yu
ac5ca5a0ea
Refactor cookie members of handshake struct
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 19:58:45 +08:00
Dave Rodgman
dbcbf44d65
Update include/mbedtls/mbedtls_config.h
...
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-05 11:15:10 +00:00
Dave Rodgman
acbb6dc364
Merge remote-tracking branch 'origin/development' into merge-dev
2022-12-05 10:59:23 +00:00
Dave Rodgman
ca6d6614a6
Fix broken link
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-05 10:48:23 +00:00
Tom Cosgrove
416b48c023
ChangeLog entry is fixed in a different PR
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-05 08:08:28 +00:00
Jerry Yu
54dfcb7794
fix comments and debug info issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 15:43:09 +08:00
Tom Cosgrove
1797b05602
Fix typos prior to release
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Issam E. Maghni
760f3a0a48
Install CMake files in MbedTLS dir
...
Right now, CMake files are installed in <prefix>/cmake. That being said,
it gets easily bloated, and the standard is to use a directory with the
same name as the project.
I discovered this issue with this "bug":
https://github.com/termux/termux-packages/issues/12416
The issue's author claimed that MbedTLS's files were not installed in
the lib directory. But the patch applied by termux team broke CMake's
search of MbedTLS config files. So I wanted to upstream the real fix
here instead.
Here are some examples of projects using directories:
- https://github.com/xiph/flac/blob/1.4.2/CMakeLists.txt#L239
- https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.15.2/CMakeLists.txt#L675
- https://github.com/catchorg/Catch2/blob/v3.2.0/CMakeLists.txt#L62
- https://github.com/capnproto/capnproto/blob/v0.10.2/c++/CMakeLists.txt#L162
Signed-off-by: Issam E. Maghni <issam.e.maghni@mailbox.org>
2022-12-04 03:00:38 +00:00
Valerio Setti
70e029006d
test: pake: fix mixed testing in test_tls1_2_ecjpake_compatibility
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 16:21:56 +01:00
Valerio Setti
d6feb20869
test: pake: allow opaque password only when USE_PSA is enabled
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 14:28:49 +01:00
Valerio Setti
e7518ba28e
test: pake: reshaping the ssl_ecjpake_set_password()
...
Removed the "error injection" strategy. Now the functions checks
for all the errors in a row.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 12:09:43 +01:00
Valerio Setti
757f359474
tls: pake: do not destroy key on errors while setting opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 11:07:11 +01:00
Gilles Peskine
da9746e8ce
Test NOT_ACCEPTABLE cases for MPI get-random
...
Test some cases where mbedtls_mpi_core_random() or mbedtls_mpi_random()
should return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE. These test cases use a very
small range that makes the NOT_ACCEPTABLE case likely. The test code uses a
deterministic RNG whose implementation is in the test framework, so we know
that the tests will pass reproducibly unless the implementation the test
framework changes.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:46:31 +01:00