Commit graph

22962 commits

Author SHA1 Message Date
Pengyu Lv
9f92695c8d tls13: set key exchange mode in ticket_flags on client/server
Set the ticket_flags when:
  - server: preparing NST (new session ticket) message
  - client: postprocessing NST message

Clear the ticket_flags when:
  - server: preparing NST message
  - client: parsing NST message

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:53 +08:00
Pengyu Lv
b7d50acb37 tls13: add helpers to manipulate ticket_flags
Add helper functions to get/set/clear ticket_flags.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:52 +08:00
Pengyu Lv
5b8dcd2097 Add debug helper to print ticket_flags status
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:52 +08:00
Gilles Peskine
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Gilles Peskine
fd13a0f851
Merge pull request #6905 from gilles-peskine-arm/code-style-casts-psa-headers-more
Remove redundant error code definitions
2023-01-11 14:40:42 +01:00
Gilles Peskine
c55c343670
Merge pull request #6884 from gilles-peskine-arm/check-files-unicode
Reject bad characters in source code
2023-01-11 13:46:59 +01:00
Gilles Peskine
03e99cf14d Remove redundant error code definitions
We're including psa/crypto_values.h, which defines the necessary error
codes. Remove redundant definitions, which hurt because they need to be
styled in exactly the same way (same presence/absence of spaces between
tokens).

This completes the fix of https://github.com/Mbed-TLS/mbedtls/issues/6875.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 11:15:18 +01:00
Ronald Cron
83c5ad4873
Merge pull request #6787 from yuhaoth/pr/workaround-gnutls_anti_replay_fail
TLS 1.3: EarlyData: Workaround anti replay fail from GnuTLS
2023-01-11 09:05:36 +01:00
Gilles Peskine
3900bddd77
Merge pull request #6823 from mpg/unify-openssl-variables
Use OPENSSL everywhere, not OPENSSL_CMD
2023-01-10 22:10:19 +01:00
Gilles Peskine
f9c8d76db6
Merge pull request #6893 from tom-daubney-arm/modify_generate_errors_script
Make generate_errors.pl handle directory names containing spaces when opening files
2023-01-10 22:09:58 +01:00
Gilles Peskine
b4ffe781ed
Merge pull request #6878 from gilles-peskine-arm/code-style-casts-psa-headers
Don't restyle some PSA macros
2023-01-10 22:09:13 +01:00
Gilles Peskine
0770efe4e1
Merge pull request #6888 from daverodgman/iar-bignum-warning
Fix IAR warning
2023-01-10 22:08:37 +01:00
Dave Rodgman
bbbd803c2e Add Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-10 10:08:12 +00:00
Thomas Daubney
1efe4a874d Add ChangeLog entry
Add ChangeLog entry documenting bugfix.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-01-10 09:35:39 +00:00
Manuel Pégourié-Gonnard
28d4d43416
Merge pull request #6863 from valeriosetti/issue6830
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
2023-01-10 10:01:17 +01:00
Manuel Pégourié-Gonnard
6e666c2e79 Remove obsolete comment
Was explaining why we didn't use the OPENSSL name, but we are using it
now...

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-10 09:38:58 +01:00
Manuel Pégourié-Gonnard
3368724ade
Merge pull request #6870 from valeriosetti/issue6831
Document/test dependencies on ECP & Bignum
2023-01-10 09:25:41 +01:00
Jerry Yu
3e60cada5d Improve comment and changlog
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-10 14:58:08 +08:00
Thomas Daubney
33878ed30b Modify generate errors script
Modify generate_errors.pl such that it can now handle
opening files where the file path includes a directory
name containing spaces.

Raised in issue #6879. Fix provided by
@tom-cosgrove-arm in aforementioned issue.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-01-09 18:28:10 +00:00
Valerio Setti
a0b97bc803 fix wrong type in debug message
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-09 19:10:32 +01:00
Valerio Setti
2c12185b88 test: fix dependencies on function and data files
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-09 18:00:39 +01:00
Valerio Setti
1e868ccbac fix several typos and extra blank spaces
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-09 17:59:46 +01:00
Valerio Setti
2b5d3ded1f remove remaining occurencies of mbedtls_ecc_group_to_psa() from TLS
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-09 11:04:52 +01:00
Jerry Yu
99e902f479 Add changlog entry.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-07 20:20:35 +08:00
Jerry Yu
bdb936b7a5 Workaround anti replay fail of GnuTLS
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-07 20:19:55 +08:00
Jerry Yu
a15af37867 Change time resolution of reco_delay from second to millionseconds
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.

From test result of #6712, this can improve the fail rate from 4%
to 92%.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-07 13:01:42 +08:00
Jerry Yu
f05b6eed0c Revert "Skip early data basic check temp"
This reverts commit 4e83173bb7.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-07 13:01:42 +08:00
Glenn Strauss
14db51224e Fix IAR warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-06 14:20:14 +00:00
Manuel Pégourié-Gonnard
b17803682e
Merge pull request #6873 from mpg/fix-derive-key-exercise
Fix test function derive_key_exercise()
2023-01-06 11:50:05 +01:00
Gilles Peskine
d11bb47fe0 Reject invalid UTF-8 and weird characters in text files
Reject "weird" characters in text files, especially control characters that
might be escape sequences or that might cause other text to appear garbled
(as in https://trojansource.codes/).

Also reject byte sequences that aren't valid UTF-8.

Accept only ASCII (except most control characters), letters, some non-ASCII
punctuation and some mathematical and technical symbols. This covers
everything that's currently present in Mbed TLS ( §áèéëñóöüłŽ–—’“”…≥).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-05 20:31:14 +01:00
Gilles Peskine
b389743ace Pass line number to issue_with_line
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-05 20:28:30 +01:00
Gilles Peskine
0ed9e78bf7 Treat more *.bin files as binary
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-05 20:27:35 +01:00
Gilles Peskine
cd0a565644
Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype
TLS 1.3: Upstream misc fix from prototype
2023-01-05 14:35:54 +01:00
Gilles Peskine
f07ddde980
Merge pull request #6876 from davidhorstmann-arm/disable-code-style-for-bn-asm
Check for Uncrustify errors in `code_style.py`
2023-01-05 14:35:16 +01:00
David Horstmann
78d566b216 Fix pylint warnings about comparison to True
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-05 10:02:09 +00:00
David Horstmann
8d1d6edb0b Fix incorrect typing of function in code_style.py
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-05 09:59:35 +00:00
David Horstmann
bec95320ba Don't restyle end of file
Move the *INDENT-ON* annotation to the end of the file so that
uncrustify does not restyle the later sections (since it introduces a
risk of future problems).

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-05 09:50:47 +00:00
Valerio Setti
8e45cdd440 fix wrong dependency for X509_TRUSTED_CERTIFICATE_CALLBACK
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-05 09:33:38 +01:00
Valerio Setti
8841d6b2f6 add missing dependency documentation for SSL_ASYNC_PRIVATE
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-05 08:40:24 +01:00
Gilles Peskine
a651607b37 Skip restyling of PSA macros also defined in psa-arch-tests
Some preprocessor macro definitions must have a specific expansion so that
the same macro name can be defined in different products. The definition of
having the same expansion (per the C language specification) means the same
sequence of tokens, and also the same absence/presence of spacing between
tokens.

Two macros are also defined in headers in the PSA Compliance test suite, so
the test suite would fail to build if we changed the definitions. Preserve
those definitions. Technically this is a bug in the test suite, since having
extra spaces (or even a completely different constant expression with the
same value) would still be compliant. Bug reported as
https://github.com/ARM-software/psa-arch-tests/issues/337

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-04 19:55:35 +01:00
Gilles Peskine
45873ceba3 Skip restyling of PSA error code definitions
Some preprocessor macro definitions must have a specific expansion so that
the same macro name can be defined in different products. The definition of
having the same expansion (per the C language specification) means the same
sequence of tokens, and also the same absence/presence of spacing between
tokens.

For PSA error code definitions, the specific expansion is mandated by the
PSA Status code specification and the PSA Crypto API specification. In
particular, there must not be a space between (psa_status_t) and the
numerical value (whereas K&R would put a space).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-04 19:50:27 +01:00
David Horstmann
c571c5b1f0 Check Uncrustify returncode in code_style.py
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-04 18:44:00 +00:00
David Horstmann
cb3b6ae580 Disable code style correction for bignum assembly
The inline assembly defined in bn_mul.h confuses code style parsing,
causing code style correction to fail. Disable code style correction for
the whole section gated by "#if defined(MBEDTLS_HAVE_ASM)" to prevent
this.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-04 17:50:08 +00:00
Valerio Setti
67419f0e11 tls: fix + save code size when DEBUG_C is not enabled
Some PSA curves' symbols (PSA_WANT_) were not matching the corresponding
MBEDTLS_ECP_DP_. This was fixed together with the removal of extra code
when DEBUG_C is not enabled.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-04 17:36:00 +01:00
Valerio Setti
40d9ca907b tls: remove useless legacy function
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-04 16:08:04 +01:00
Manuel Pégourié-Gonnard
9502b56192 Fix test function derive_key_exercise()
mbedtls_test_psa_setup_key_derivation_wrap() returns 1 for success, 0
for error, so the test here was wrong.

This is just a hotfix in order to avoid a testing gap. Larger issues not
addressed here:

- I don't think we should just exit and mark the test as passed; if
we're not doing the actual testing this should be marked as SKIP.
- Returning 1 for success and 0 for failure is a violation of our
documented coding guidelines. We're also supposed to test with == 0 or
!= 0. Having consistent conventions is supposed to help avoid errors
like this.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-04 13:16:53 +01:00
Gilles Peskine
262851df1c
Merge pull request #6868 from davidhorstmann-arm/workaround-uncrustify-asm-defines
Workaround Uncrustify parsing of "asm"
2023-01-04 10:38:06 +01:00
Valerio Setti
a4bb0fabea check_config: add missing dependencies for the build without BIGNUM
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 16:20:43 +01:00
Valerio Setti
e1655b8132 test: add test for building without BIGNUM_C
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 16:20:43 +01:00
Valerio Setti
73260b6e65 test: extend test_suite_ssl for testing new functions
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 16:05:02 +01:00