Commit graph

29725 commits

Author SHA1 Message Date
Paul Elliott
53ddf420c8
Merge pull request #8689 from paul-elliott-arm/make_tests_thread_safe
Make test data thread safe
2024-02-09 19:43:09 +00:00
Gilles Peskine
05ee3fbdc0 mbedtls_pk_import_into_psa: documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-09 19:31:04 +01:00
Gilles Peskine
48b87ebde3 Choose a curve for tests at compile time
This makes it possible to use the curve in test data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-09 19:31:04 +01:00
Valerio Setti
4ade8ee5b9 test_suite_pem: more tests for ASN.1 parsing after decoding
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-09 17:44:07 +01:00
Matthias Schulz
a6ac0f1330 Replaced MBEDTLS_GCM_LARGETABLE by MBEDTLS_GCM_LARGE_TABLE. Removed empty comment line in doc block.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2024-02-09 17:11:54 +01:00
Paul Elliott
5d2bcc63cd Fix typo / improve documentation for test step fns
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-09 14:41:24 +00:00
Paul Elliott
54ad01efed Merge remote-tracking branch 'upstream/development' into make_tests_thread_safe 2024-02-09 14:33:58 +00:00
Ryan Everett
9dc076b4f4 Fix issue with lock failures returning CORRUPTION_DETECTED
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-09 14:20:09 +00:00
Ryan Everett
7fee4f7318 Fix mutex unlock error handling in psa_destroy_key
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-09 14:11:27 +00:00
Ryan Everett
67f3568895 Reduce analyze_block_cipher_dispatch exceptions
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-09 13:02:23 +00:00
Matthias Schulz
10902c5640
Use NULL for pointer initialization
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com>
2024-02-09 11:14:50 +01:00
Matthias Schulz
cdf9894e60
Ajdusted change log.
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com>
2024-02-09 11:11:38 +01:00
Ronald Cron
a93e25e749 tls12: Fix documentation of TLS 1.2 session serialized data
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-09 10:01:30 +01:00
Ronald Cron
7b0ac0b980 Add change log for mbedtls_ssl_session_get_ticket_creation_time()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-09 09:50:18 +01:00
Ronald Cron
c7fa82ee33 tests: ssl: Improve test parameter sanity check
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-09 09:33:09 +01:00
Ronald Cron
7fdee8b710 ssl_session: Reorder some fields to reduce padding
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-09 09:26:12 +01:00
Valerio Setti
010d23f9af test_suite_[pkparse|x509parse]: fix return values of some PEM related error tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-09 06:42:18 +01:00
Valerio Setti
2653e92a57 pem: fix valid data length returned by mbedtls_pem_read_buffer()
ctx->buflen now returns the amount of valid data in ctx->buf.
Unencrypted buffers were already ok, but encrypted ones were
used to return the length of the encrypted buffer, not the
unencrypted one.
This commit fix this behavior for encrypted buffers.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-09 06:42:18 +01:00
Valerio Setti
b1f6d2ad6f asn1: enable mbedtls_asn1_get_tag() when PEM_PARSE_C is defined
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-09 06:42:18 +01:00
Valerio Setti
9de84bd677 rsa: reject buffers with data outside main SEQUENCE when parsing keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-09 06:42:18 +01:00
Manuel Pégourié-Gonnard
ac60afc2d2 Remove useless overly strong dependency
ECJPAKE_C only needs MD_LIGHT and it allready auto-enables it in
config_adjust_legacy_crypto.h, so nothing to check here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 23:46:55 +01:00
Matthias Schulz
4a9610bffe Remove comments referencing private defines.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2024-02-08 18:39:17 +01:00
Matthias Schulz
0e690d3c0b Add changelog.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2024-02-08 18:37:20 +01:00
Matthias Schulz
f3116341e2
spelling
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com>
2024-02-08 18:35:36 +01:00
Ryan Everett
75e65fe24b Reformat AES encryption test data in pkcs5 tests
The added comma is needed so that these tests match the regex exceptions
in analyze_outcomes.py.
Moved the Encryption tests so that they are separate to decryption.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-08 15:44:43 +00:00
Ryan Everett
afb2eee263 Add PKCS5/12 exceptions to analyze_block_cipher_dispatch
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-08 14:31:54 +00:00
Ryan Everett
791fc2e24c Merge remote-tracking branch 'upstream/development' into pkcs5_aes_new
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-08 14:26:29 +00:00
Matthias Schulz
782667883a Fix:
- Remove unnecessary tests.
- Update description of MBEDTLS_GCM_LARGETABLE parameter.
- Move acceleration defines from gcm.h to gcm.c.
- Remove unnecessary zero setting after shift.
- Fix implementation for big-endian architectures.

Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2024-02-08 13:59:15 +01:00
Janos Follath
7a28738205
Merge pull request #8636 from paul-elliott-arm/new_test_thread_interface
New test thread interface
2024-02-08 12:35:40 +00:00
Manuel Pégourié-Gonnard
a6184b2cc8 Remove redundant check
We're already making sure of that in
include/mbedtls/config_adjust_psa_superset_legacy.h - no need to
double-check here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 12:55:53 +01:00
Manuel Pégourié-Gonnard
1463e49a3c Move config adjustment to config_adjust
After this change, check_config.h does not have any #defined except:
- the standard header double-inclusion guard
- short-lived helpers that are #undef-ed in the same paragraph

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 12:55:52 +01:00
Manuel Pégourié-Gonnard
e1f3faf5bf Remove temporary macros that are not needed
Those were only used for KEY_EXCHANGE_ECJPAKE, but had a much larger
scope than needed. We actually don't need those macros if we distinguish
between cases when expressing dependencies for this key exchange.

The remaining helper macros are all short lived.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 12:55:51 +01:00
Manuel Pégourié-Gonnard
61758e606e Fix wrong dependency of ECJPAKE_C
It always uses MD now. (The "fall back" to PSA Crypto was only in the
1st iteration of driver-only hash support, before we changed the
architecture to make everything go through MD.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 12:44:22 +01:00
Manuel Pégourié-Gonnard
49f64b4cac Fix dependency on low-level hash modules
None of the TLS code is calling low-level hash functions directly. So
the correct dependencies here are MD_CAN.

(I checked and this was the only occurrence.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 12:44:21 +01:00
Manuel Pégourié-Gonnard
7eb3f9a523 Simplify and fix dependency of MD_C on a hash
Simplify: let's take advantage of the MD_CAN macros instead of doing it
again ourselves.

Fix: SHA-3 was forgotten.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 12:44:21 +01:00
Manuel Pégourié-Gonnard
68608b2317 Remove redundant helper macros in check_config.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 12:44:19 +01:00
Tom Cosgrove
1dbfc8ad3c
Merge pull request #8790 from paul-elliott-arm/fix_ctr_drbg_comment
Fix confusing comment in ctr drbg thread test
2024-02-08 11:11:50 +00:00
Antonio de Angelis
058c9a34ec build_info should look for MBEDTLS_PSA_CRYPTO_CLIENT as well
Similarly to check_config.h, also build_info.h should consider
MBEDTLS_PSA_CRYPTO_CLIENT as the define which signals that PSA
Crypto APIs feature are being required in the build (possibly
due to the client/service architecture). It is automatically
enabled if CRYPTO_C is enabled, but only at config_adjust_legacy_crypto.h
which happens after the inclusion of the config_psa.h is needed

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-02-08 10:40:32 +00:00
Gilles Peskine
a3172d1e96 Inline the SHA3 parameters table into a switch
This saves a few bytes of code size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-08 10:47:08 +01:00
Manuel Pégourié-Gonnard
b7307630bb
Merge pull request #8703 from valeriosetti/issue7765-guards-in-asn1
Conversion function between raw and DER ECDSA signatures (guards in ASN1)
2024-02-08 08:45:30 +00:00
Manuel Pégourié-Gonnard
7bf1e98f44
Merge pull request #8740 from valeriosetti/issue8647
Move RSA basic key parsing/writing to rsa.c
2024-02-08 08:35:42 +00:00
Tom Cosgrove
c8de362202
Merge pull request #8665 from ivq/reduce_static_mem
Reduce many unnecessary static memory consumption
2024-02-07 23:26:27 +00:00
Antonio de Angelis
3c19b237d1 Fix trailing parenthesis
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-02-07 17:10:14 +00:00
Valerio Setti
1910390b4a psa_util: improve leading zeros check in convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 16:16:58 +01:00
Paul Elliott
bda577bb0b Fix confusing comment in ctr drbg thread test
Make it clearer where the magic number chosen for entropy_len actually
comes from, and why we chose this value.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-07 15:13:46 +00:00
Dave Rodgman
9b272ac1c6
Merge pull request #8794 from daverodgman/pr-guidelines
Remind contributors not to force-push
2024-02-07 15:08:42 +00:00
Valerio Setti
ef07fa0fc3 test_suite_psa_crypto_util: add more test for raw->der
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 15:16:45 +01:00
Valerio Setti
affba30833 psa_util: update documentation for mbedtls_ecdsa_raw_to_der()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 15:03:33 +01:00
Manuel Pégourié-Gonnard
b02c0be06a
Merge pull request #8791 from gilles-peskine-arm/psa-legacy-bridges-ecdsa-bits-first
Update ECDSA signature conversion specification
2024-02-07 13:43:29 +00:00
Ryan Everett
a8082c43d5 Add MBEDTLS_CIPHER_C dependencies to new pkparse tests
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-07 13:31:19 +00:00