Manuel Pégourié-Gonnard
f614bde912
Merge pull request #7656 from mprse/ffdh_tls13_v2_drivers
...
FFDH 4: driver-only parity testing - with TLS 1.3
2023-07-10 13:08:47 +02:00
Dave Rodgman
e183ecef3d
Merge pull request #7136 from yanrayw/5692-record-compatsh-test-cases
...
Record the outcome of each test case in compat.sh
2023-07-10 12:08:32 +01:00
Valerio Setti
dda0019e2e
ssl_test_lib: fix rebase error
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 10:22:51 +02:00
Manuel Pégourié-Gonnard
5c41ae867b
Merge pull request #7887 from ronald-cron-arm/fix-hrr-in-psk-kem
...
tls13: server: Fix spurious HRR
2023-07-10 09:58:13 +02:00
Valerio Setti
5bdebb2004
ssl_test_lib: fix variable naming for curve group
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
54e23792c8
tls: replace numeric values with proper TLS IANA symbols
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
fb6356f003
ssl_test_lib: simplify function which prints supported curves
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
deb676442d
ssl_test_lib: manage FFDH keys the same way as ECC ones
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
ee3a4d0d38
debug: replace occurence of ECP_LIGHT with PK_HAVE_ECC_KEYS
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
6f0441d11e
tls: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
acd32c005f
programs: add helper functions for supported EC curves
...
- get full list, or
- get TLS ID from name
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
0085c2e486
test: fix message's text
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:10:20 +02:00
Valerio Setti
16b70f2b1a
test: enabled ssl-opt testing in no_ecp_at_all components
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:10:20 +02:00
Valerio Setti
49e6907b5b
tls: replace ECP_LIGHT occurrencies with PK_HAVE_ECC_KEYS
...
Up to this point "make test" runs successfully. "ssl-opt" has
not been tested yet.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:10:20 +02:00
Valerio Setti
887f823deb
test: re-enable TLS and key exchanges in no_ecp_at_all component
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:10:20 +02:00
Pengyu Lv
5a3f5f450c
Add changelog entries
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 13:25:28 +08:00
Pengyu Lv
5cbb93ef14
Add test for cache timeout getter
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 13:25:24 +08:00
Pengyu Lv
db6143364a
Add test for endpoint getter
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
30e0870937
Add test for hostname getter
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
08daebb410
Make endpoint getter parameter a pointer to const
...
It would be convenient for users to query the endpoint
type directly from a ssl context:
```
mbedtls_ssl_conf_get_endpoint(
mbedtls_ssl_context_get_config(&ssl))
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
accd53ff6a
Add getter access to endpoint field in mbedtls_ssl_config
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
918ebf3975
Add getter access to hostname field in mbedtls_ssl_context
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
af724dd112
ssl_cache: Add getter access to timeout field
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Dave Rodgman
7dbd2bf90c
Merge pull request #7441 from gilles-peskine-arm/mbedtls_x509_crt_parse_path-qemu-bug
...
More mbedtls_x509_crt_parse_path() tests, and note qemu-user bug when 32-bit code run on 64-bit host
2023-07-07 19:15:31 +01:00
Paul Elliott
2dfe7993af
Merge pull request #6914 from davidhorstmann-arm/cmake-pass-through-config-defines
...
Pass `MBEDTLS_CONFIG_FILE` defines through cmake
2023-07-07 17:01:57 +01:00
Tom Cosgrove
c5f41bfeb8
Merge pull request #7212 from sergio-nsk/patch-4
...
Fix error: comparison of integers of different signs: 'SOCKET' and 'int'
2023-07-07 16:45:55 +01:00
Dave Rodgman
602a0919f3
Merge pull request #7464 from yuhaoth/pr/Change-clock-source-to-bootime-for-ms-time
...
Replace CLOCK_MONOTONIC with CLOCK_BOOTTIME for `mbedtls_ms_time` on linux
2023-07-07 15:42:17 +01:00
Manuel Pégourié-Gonnard
461d59b2f8
Merge pull request #7858 from mprse/ffdh_tls13_v2_f
...
Make use of FFDH keys in TLS 1.3 - follow-up
2023-07-07 16:19:35 +02:00
Dave Rodgman
8abb3497ad
Merge branch 'development' into mbedtls_x509_crt_parse_path-qemu-bug
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-07 15:11:35 +01:00
Ronald Cron
c75ff730cd
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-07 15:53:34 +02:00
Ronald Cron
8a74f07c2a
tls13: server: Fix spurious HRR
...
If the server during a TLS 1.3 handshake selects
the PSK key exchange mode, it does not matter
if it did not find in the key share extension
a key share for a group it supports. Such a
key share is used and necessary only in the
case of the ephemeral or PSK ephemeral key
exchange mode. This is a possible scenario in
the case of a server that supports only the PSK
key exchange mode and a client that also
supports a key exchange mode with ephemeral keys.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-07 15:53:12 +02:00
Gabor Mezei
f05ca737da
Update comment
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-07-07 12:59:22 +02:00
Dave Rodgman
c4749b1c66
Merge pull request #7584 from gilles-peskine-arm/fuzz-file-open-fail
...
Fuzz programs: print an error if loading the reproducer fails
2023-07-07 11:51:59 +01:00
David Horstmann
2d3ba07bf4
Add ChangeLog entry for CMake config defines
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-07-07 11:25:40 +01:00
Dave Rodgman
1917ee7cd1
Merge pull request #7867 from gilles-peskine-arm/readme-python3.8
...
Officially require Python 3.8
2023-07-07 09:58:15 +01:00
Manuel Pégourié-Gonnard
9967f11066
Merge pull request #7810 from valeriosetti/issue7771
...
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/ECC
2023-07-07 10:22:47 +02:00
Przemek Stekiel
46b2d2b643
Fix code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-07 09:34:17 +02:00
Dave Rodgman
aa00e81901
Merge pull request #7492 from gilles-peskine-arm/psa-driver-doc-entry-point
...
README: add section about drivers
2023-07-06 15:35:18 +01:00
Tomás González
3719f9ec91
tests/test_suite_pem: Augment DES test cases with AES: PEM
...
A few negative test cases in test_suite_pem.data rely on DES
(“invalid iv”, “malformed”). DES is deprecated.
Construct similar test cases using AES.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-07-06 14:21:23 +01:00
Dave Rodgman
2230258530
Merge pull request #7890 from yanrayw/aes_comment_fix
2023-07-06 13:52:33 +01:00
Gilles Peskine
e1d5b07304
Link to the guide for writing a driver
...
Don't link to the proposed specifications: they aren't good entry points
because they describe what we want to achieve, not what exists today. The
guide links to them, that's enough.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-06 13:13:43 +02:00
Manuel Pégourié-Gonnard
a30c5cfc66
Use minimal include in test_suite_random
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:29 +02:00
Manuel Pégourié-Gonnard
999ce227fc
Make the PSA-mbedtls RNG API public
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:28 +02:00
Manuel Pégourié-Gonnard
d55d66f5ec
Fix missing includes
...
Some files relied on psa_util.h to provide the includes they need.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:28 +02:00
Manuel Pégourié-Gonnard
abfe640864
Rationalize includes in psa_util
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:27 +02:00
Manuel Pégourié-Gonnard
801d5b441d
Remove unnecessary (and harmful) include
...
Besides being unnecessary, it was causing problem when build SSL test
programs, which include this header, then in turn trying to include the
internal header from library, which didn't work.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:26 +02:00
Manuel Pégourié-Gonnard
b7e8939198
Move error functions to internal header
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:26 +02:00
Manuel Pégourié-Gonnard
a5a8f29d7e
Move ECC and FFDH macros to internal header
...
ECC macros used in the following files:
library/pk.c
library/pk_wrap.c
library/pkparse.c
library/pkwrite.c
library/ssl_misc.h
library/ssl_tls12_client.c
FFDH macro use only in library/ssl_misc.h so could possibly be moved
there, but it seems cleaner to keep it close to the ECC macros are they
are very similar in nature.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:45:54 +02:00
Manuel Pégourié-Gonnard
f9b012f313
Remove unused function from psa_util.h
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:42:33 +02:00
Manuel Pégourié-Gonnard
5c731b0afb
Use consistent guards for deprecated feature
...
Fixes an "unused static function" warning in builds with
DEPRECATED_REMOVED.
While at it, remove an include that's now useless.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:42:33 +02:00