Pengyu Lv
981ec14744
tls13: rename ssl_tls13_check_*_key_exchange functions
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:57 +08:00
Ronald Cron
90d07118ad
Merge pull request #6721 from yuhaoth/pr/tls13-early-data-extension-of-nst
...
TLS 1.3: EarlyData SRV: Write `early_data` extension of NewSessionTicket
2023-12-07 09:25:35 +00:00
Gilles Peskine
f3ccfddb45
Merge pull request #8615 from davidhorstmann-arm/fix-cast-potential-overflow
...
Fix possible integer overflows
2023-12-07 00:42:10 +00:00
Dave Rodgman
779819a4dd
Merge pull request #8613 from bensze01/valgrind-only-in-nightlies
...
Do not run Valgrind tests in PR jobs
2023-12-06 19:18:24 +00:00
Gilles Peskine
42d78c73b7
Merge pull request #8550 from gabor-mezei-arm/tf_psa_crypto_change_log_support
...
Modify changelog assembly to work with tf-psa-crypto
2023-12-06 18:25:49 +00:00
Gilles Peskine
57e401b39f
Merge pull request #8521 from valeriosetti/issue8441
...
[G4] Make CTR-DRBG fall back on PSA when AES not built in
2023-12-06 18:25:44 +00:00
David Horstmann
4749007f64
Fix possible integer overflows before widening
...
When calculating a result to go into an mbedtls_ms_time_t, make sure
that arithmetic is performed at the final size to prevent overflow.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-06 17:22:53 +00:00
Bence Szépkúti
0354d04d3c
Do not run Valgrind tests in PR jobs
...
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2023-12-06 16:14:37 +01:00
Manuel Pégourié-Gonnard
d9c69d12ac
Merge pull request #8513 from mschulz-at-hilscher/feature/explicitly-accessing-private-fields-in-benchmark
...
Explicitly accessing private fields in benchmark
2023-12-06 11:06:32 +00:00
Manuel Pégourié-Gonnard
ad4f0ada37
Merge pull request #8514 from mschulz-at-hilscher/fixes/uninitialized-variable-in-ssl_msg
...
Fix uninitialized variable warnings in ssl_msg.c
2023-12-06 11:06:03 +00:00
Jerry Yu
750e06743f
remove misbehavior tests and code
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:22:15 +08:00
Jerry Yu
95648b0134
Some minor improvement
...
- move early data check to `prepare`
- avoid `((void) output_len)
- replace check with `session_ticket_allow` in 2nd place
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:16 +08:00
Jerry Yu
c59c586ac4
change prototype of write_early_data_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:15 +08:00
Jerry Yu
163e12f7ff
remove assignment for session->max_early_data_size
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:09 +08:00
Jerry Yu
ebe1de62f9
fix various issue
...
- rename connection time variable
- remove unnecessary comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:25 +08:00
Jerry Yu
9e7f9bc253
Add missing debug message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:22 +08:00
Jerry Yu
db97163ac7
add ticket max_early_data_size check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:13 +08:00
Jerry Yu
5233539d9f
share write_early_data_ext function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:50 +08:00
Jerry Yu
0069abc141
improve comments of new session ticket
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:46 +08:00
Jerry Yu
1a160703f8
set max_early_data_size of ticket to keep consistent
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:43 +08:00
Jerry Yu
f135bac89c
Add max_early_data_size check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:39 +08:00
Jerry Yu
930ce4cfac
Revert "change max_early_data_size source"
...
This reverts commit 3d8d6a770f3a0f3045820970bc4a5d6ee7df8e10.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:36 +08:00
Jerry Yu
2f5d93b1c9
Revert "set init value for max_early_data_size in session"
...
This reverts commit 8b02d75ed1af883e135979d24e38c0847e66fede.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:33 +08:00
Jerry Yu
d450fd25ae
change max_early_data_size source
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:31 +08:00
Jerry Yu
525990fb62
set init value for max_early_data_size in session
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:28 +08:00
Jerry Yu
db6fda71e5
improve early data comments
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:51 +08:00
Jerry Yu
10795a0c3b
replace ticket permission set
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:48 +08:00
Jerry Yu
c2b1bc4fb6
replace early data permission check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:46 +08:00
Jerry Yu
4da7c22cd6
add early data flag check function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:44 +08:00
Jerry Yu
ea96ac3da9
fix various issues
...
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:37 +08:00
Jerry Yu
3db60dfe5e
rename nst early data write function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:16:56 +08:00
Jerry Yu
391c943340
Add tests for ticket early data permission bit
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:16:48 +08:00
Jerry Yu
3c2b21ed0e
Enable multi max_early_data_size value for connections
...
For test purpose, we set different value for each
session
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:56 +08:00
Jerry Yu
fceddb310e
Add early data permission check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:54 +08:00
Jerry Yu
01da35e2c8
add early data extension of NST
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:52 +08:00
Ronald Cron
40f3f1c36f
Merge pull request #7058 from yuhaoth/pr/tls13-early-data-parsing-0-rtt-data
...
TLS 1.3 EarlyData SRV: Parsing 0-RTT data
2023-12-06 06:47:32 +00:00
Jerry Yu
42020fb186
revert output message which used by testing
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-05 17:35:53 +08:00
Ronald Cron
a1e867c676
Merge pull request #8576 from yanrayw/issue/fix-tls13-session_negotiate-assignment
...
TLS13: CLI: EarlyData: Assign ciphersuite after associated verification in EE
2023-12-05 08:31:24 +00:00
Jerry Yu
ebb1b1d48f
fix ci test failure
...
"skip parse certificate verify" can not be changed.
It is used in `Authentication: client badcert, server none`
test.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-05 11:02:15 +08:00
Jerry Yu
b55f9eb5c5
fix various issues
...
- remove unnecessary statements
- improve macro name
- improve output message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-05 10:27:17 +08:00
Gabor Mezei
fe23daf8a3
Remove leftover code from initial changelog support
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-12-04 14:37:31 +01:00
Valerio Setti
302a487499
test_driver_key_management: rename counter for export_public_key() hits
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
829ce0facf
test_driver_cipher: add forced return status for encrypt and set_iv
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
7ef35a9b3c
test_suite_psa_crypto_driver_wrappers: add counter for failing psa_cipher_update()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
83e0de8481
crypto_extra: revert changes to mbedtls_psa_random_free()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
0ca1868fcd
test_suite_psa_crypto_driver_wrappers: fix missing hit counter reset before test
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
7448367f68
test_suite_psa_crypto_slot_management: modify check on open key slots
...
This commit
- Reverts changes previously done to psa_crypto_helpers.[c,h]
- Implements a new check for open key slots in
mbedtls_test_helper_is_psa_leaking():
- when CTR_DRBG does not use AES_C or PSA does not have an external
RNG, then we allow 1 key slot (it's the one holding the AES key)
- when the above conditions are not met, then we fallback to the
usual check for "no open key slots remaining"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
7ab90723c4
mbedtls_config: update descriptions of MBEDTLS_CTR_DRBG_C and MBEDTLS_PSA_CRYPTO_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
45337a8895
test_suite_psa_crypto_driver_wrappers: add counter for cipher_update()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
6ef82ae39d
test_suite_psa_crypto_driver_wrappers: improving driver access counters
...
When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB. This
means that, when AES-ECB is accelerated, each random operation goes through
driver access as well. This might result in unexpectedly increased
counters for driver's access.
We add extra counters in test_driver_[cipher/key_management].c to be
more specific on which driver functions are accessed and ignore
extra accesses due to CTR_DRBG.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00