Commit graph

20753 commits

Author SHA1 Message Date
Dave Rodgman
86c333e79e Add explicit cast to satisfy compiler
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-17 16:57:26 +01:00
Dave Rodgman
536f28c892 Respect MBEDTLS_HAVE_TIME in ssl_ticket
Make use of ticket generation time and associated fields
conditional on MBEDTLS_HAVE_TIME, to avoid compile errors
on baremetal.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-17 14:20:36 +01:00
Dave Rodgman
392f714153 Fix type used for capturing TLS ticket generation time
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-17 12:38:24 +01:00
Dave Rodgman
8c9a0aebb3
Merge pull request #5985 from zhangsenWang/development
Re-enable four tests disabled because of an old OpenSSL bug
2022-08-16 09:56:58 +01:00
Dave Rodgman
96a4be990f
Merge pull request #6177 from AndrzejKurek/ecdsa-no-md
Adjust hash dependencies in `test_suite_ecdsa`
2022-08-16 09:55:02 +01:00
Dave Rodgman
a7448bf19d
Merge pull request #6141 from mpg/driver-hashes-rsa-v21
Driver hashes rsa v21
2022-08-16 09:52:39 +01:00
Zhangsen Wang
3f95d303d1 rebase with lastest development branch 2022-08-16 03:16:22 +00:00
Dave Rodgman
7b1be55484
Merge pull request #5993 from eliteraspberries/android-soname
Allow non-versioned library soname.
2022-08-12 13:49:55 +01:00
Dave Rodgman
273efeb0eb Add Changelog entry
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-12 11:02:03 +01:00
Dave Rodgman
fca2bcc733 Update bump_version.sh to recognise Makefile changes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-12 11:02:03 +01:00
Mansour Moufid
6a8673092f Allow non-versioned library soname.
Signed-off-by: Mansour Moufid <mansourmoufid@gmail.com>
2022-08-12 11:02:01 +01:00
Dave Rodgman
8b0799d43f
Merge pull request #6181 from wernerlewis/ecp_set_zero
Add tests for mbedtls_ecp_set_zero
2022-08-11 16:43:19 +01:00
Andrzej Kurek
1af61cb75b Introduce a new macro for hash size in ecdsa tests
Previously these tests depended on the definition from
inside the MD module, which in turn could be 32 or 64
bytes depending on whether MBEDTLS_SHA512_C was
defined. This is unnecessary, so a constant is itnroduced
instead.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-11 09:19:42 -04:00
Przemek Stekiel
71bf28bb34 Fix include file path
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-11 12:50:06 +02:00
Przemek Stekiel
f98b57f231 Initialize status/ret to error value
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-11 12:50:06 +02:00
Przemek Stekiel
2aae040615 make ret_from_status() global function and move it to has_info.[ch]
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-11 12:50:06 +02:00
Przemek Stekiel
712bb9c5af Use more suitable function for checking if hash is supported
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard
79b99f47a1 Fix definition of MD_OR_PSA macros
The code will make the decision based on availability of MD, not of
MD+this_hash. The later would only be possible at runtime (the hash
isn't known until then, that's the whole point of MD), so we'd need to
have both MD-based and PSA-based code paths in a single build, which
would have a very negative impact on code size. So, instead, we choose
based on the presence of MD, which is know at compile time, so we only
have one of the two code paths in each build.

Adjust the macros so that they match the logic of the code using them.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard
7d5271608b Fix undeclared dependencies on SHA-1
Previously the whole .function file had a global dependency on
MBEDTLS_SHA1_C. This hasn't been correct for a long time:
- on principle, dependency declarations in .function files are for
compile-time dependencies;
- in practice, a number of test cases do not depend on SHA-1, as they only
use SHA-256 or SHA-512 - those cases should not be skipped in builds
without SHA-1;
- this was "taken advantage of" to skip dependency declarations for
test cases that only depended on SHA-1.

The previous commit removed the global dependency on SHA1_C; as a result
the test cases that actually depend on SHA-1 were not skipped in builds
without SHA-1. This commit fixes that by adding dependency declarations
where they belong: in the .data file.

All cases compute hashes using MD is available, or PSA otherwise; so
MD_OR_PSA is appropriate here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard
e741c61d54 Adjust dependencies in test_suite_pkcs1_v21
sed -i -f md_or_psa_hash.sed \
        tests/suites/test_suite_pkcs1_v21.data
        tests/suites/test_suite_pk.data

with md_or_psa_hash.sed containing:

    s/MBEDTLS_MD5_C/MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA/g
    s/MBEDTLS_RIPEMD160_C/MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA/g
    s/MBEDTLS_SHA1_C/MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA/g
    s/MBEDTLS_SHA224_C/MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA/g
    s/MBEDTLS_SHA256_C/MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA/g
    s/MBEDTLS_SHA384_C/MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA/g
    s/MBEDTLS_SHA512_C/MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA/g

(The only lines in pk.data that still had old-style dependencies where
the ones about PKCS1_V21.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard
7a27e85f5c Fix failure of RSA accel test
Previously MD_C was auto-enabled based on the fact that ALG_RSA_PSS was
requested, but that's no longer the case since the previous commit.

We can fix this in one of two ways: either enable MD_C, or enable all
the PSA_WANT_ALG_SHA_xxx that are needed for test. Go for MD_C because
it's a single line and avoids having to enumerate a list that might grow
in the future.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
077ba8489d PKCS#1 v2.1 now builds with PSA if no MD_C
Test coverage not there yet, as the entire test_suite_pkcs1_v21 is
skipped so far - dependencies to be adjusted in a future commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
faa3b4e0c3 Get rid of md_info outside helper functions
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
35c09e4824 Introduce compute_hash() function
This allows callers not to worry with md_info and makes it easier to
provide a PSA version for when MD_C is not available.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
f701acc088 Extract common code into hash_mprime()
This will also make it easier to provide a PSA-based version for when MD
is not available.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
f3a6755450 Simplify callers of mgf_mask()
Some of them no longer need md_ctx, some of those no longer need the
exit dance that was used to free it, or need it on a smaller scope.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
259c213545 Tune API of internal function mgf_mask in RSA
This is a first step towards making a version of this function that
uses PSA when MD is not available.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Dave Rodgman
8a9f88899d
Merge pull request #6186 from leorosen/ssl_tls_null_on_invalid_code
ssl_tls: avoid the appearance of a potential NULL dereferencing
2022-08-11 10:12:34 +01:00
Dave Rodgman
322a7a19e7
Merge pull request #6155 from yuhaoth/pr/add-any-all-configs-enabled
Add ability to check if any/all configs are enabled/disabled for ssl-opt
2022-08-11 09:40:38 +01:00
Jerry Yu
62c8763de7 Improve macro expansion help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 10:18:36 +08:00
Jerry Yu
08dccc1f75 Improve help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-10 10:02:04 +08:00
Leonid Rozenboim
e9d8dcdbf5 ssl_tls: avoid the appearance of a potential NULL dereferencing
Looking at the bigger picture it is clear that if `ssl->session` is NULL,
there will be a failure much earlier, and that is well protected from,
however, the practice of dereferencing a pointer which has not been
verified in prior for validity goes against secure coding practices.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-08-09 12:34:30 -07:00
Dave Rodgman
f421d45869
Merge pull request #6139 from AdityaHPatwardhan/fix/build_error_due_to_missing_prototype
Fix build error due to  missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled
2022-08-09 11:27:42 +01:00
Dave Rodgman
384f1e61f7
Merge pull request #5950 from savent404/development
cmake: IAR support option( MBEDTLS_FATAL_WARNINGS)
2022-08-09 10:52:31 +01:00
Dave Rodgman
953ce3962f
Merge pull request #5971 from yuhaoth/pr/add-rsa-pss-rsae-for-tls12
Add rsa pss rsae for tls12
2022-08-09 10:21:45 +01:00
Werner Lewis
3b09739c1b Add test case for mbedtls_ecp_set_zero
Tests function with various ECP point conditions, covering freshly
initialized, zeroed, non-zero, and freed points.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-08 17:22:55 +01:00
Andrzej Kurek
9f42c0683c Adjust hash dependencies in test_suite_ecdsa
Only deterministic tests require SHA256 now.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-08 07:31:48 -04:00
Gilles Peskine
5740ff5f1f
Merge pull request #5949 from Summer-ARM/mbedtls-psa-crypto-config
MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C are needed when PSA_WANT_ALG_CHACHA20_POLY1305 is defined
2022-08-05 11:03:45 +02:00
Gilles Peskine
b4983d4556
Merge pull request #6164 from mprse/md_ssl_test
Avoid use of MD in SSL test suite
2022-08-05 11:02:44 +02:00
Gilles Peskine
f860f3742b
Merge pull request #6070 from wernerlewis/bignum_test_radix
Remove radix argument from bignum test functions
2022-08-05 11:01:07 +02:00
Gilles Peskine
57d4c11c44
Merge pull request #6165 from mprse/md_x509_test
Avoid use of MD in X.509 write test suite
2022-08-04 10:11:03 +02:00
Gilles Peskine
b3edc1576c
Merge pull request #2602 from edsiper/crt-symlink
x509_crt: handle properly broken links when looking for certificates
2022-08-03 13:05:29 +02:00
Gilles Peskine
07e7fe516b
Merge pull request #6088 from tuvshinzayaArm/validation_remove_change_curve
Validation remove and change in files related to curve in library
2022-08-03 13:05:16 +02:00
Gilles Peskine
7e1ee0f04b
Merge pull request #6114 from mman/development
Use double quotes to include private header file psa_crypto_cipher.h
2022-08-03 13:04:57 +02:00
Jerry Yu
27d80927d5 fix wrong typo
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-02 21:28:55 +08:00
Martin Man
4741e0b56c Use double quotes to include private header file psa_crypto_cipher.h
Signed-off-by: Martin Man <mman@martinman.net>
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
2022-08-02 12:44:35 +02:00
Aditya Patwardhan
3096f331ee Fix missing prototype warning when MBEDTLS_DEPRECATED_REMOVED is
enabled

Added the changelog.d entry

Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-08-02 11:15:18 +05:30
savent
5d8adab983 cmake: IAR support option( MBEDTLS_FATAL_WARNINGS)
IAR toolchain makes some warning, forcing 'warning as error' is not for sure.

Signed-off-by: savent <savent_gate@outlook.com>
2022-08-02 03:23:02 +00:00
Werner Lewis
dc47fe71df Use upper case for bignum string comparison
Test data which is compared as a hex string now uses upper case to
match output of mbedtls_mpi_write_string() output. This removes usage
of strcasecmp().

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-01 15:17:45 +01:00
Werner Lewis
3ccc116c35 Apply test data changes for conflicting cases
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-01 15:17:45 +01:00