Xiaokang Qian
32af4fbbdb
Set ciphersuite info and kex mode in set_session in re-connection
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
34aab55aa7
Add prepare function to switch transform to early keys
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:58 +00:00
Xiaokang Qian
125afcb060
Add end-of-early-data write
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:58 +00:00
Pengyu Lv
acbeb7fa30
code_style.py: Add helpers to print warning and skipped files
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-08 09:59:40 +08:00
Pengyu Lv
8c6325cc8e
code_style.py: Apply exclusions to the file list
...
This commit rename `--files` options to `--subset` and
it means to check a subset of the files known to git.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-08 09:59:27 +08:00
Nick Child
3dafc6c3b3
pkcs7: Drop support for signature in contentInfo of signed data
...
The contentInfo field of PKCS7 Signed Data structures can
optionally contain the content of the signature. Per RFC 2315
it can also contain any of the PKCS7 data types. Add test and
comments making it clear that the current implementation
only supports the DATA content type and the data must be empty.
Return codes should be clear whether content was invalid or
unsupported.
Identification and fix provided by:
- Demi Marie Obenour <demiobenour@gmail.com>
- Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-07 20:04:52 +00:00
Gilles Peskine
fad34a4f10
Support all legacy algorithms in PSA
...
This is not strictly mandatory, but it helps.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-07 20:37:56 +01:00
Valerio Setti
5b16e9eabc
pk_wrap: keep ECDSA_C for ECP_RESTARTABLE contexts
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 16:21:36 +01:00
Andrzej Kurek
7dcdc132d5
Change SHA256_C to HAS_ALG_SHA256_VIA[..] in x509 tests
...
This way these tests won't be skipped in a configuration with a driver.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:24:34 -05:00
Hanno Becker
dae916b05f
X.509: Add length consistency checks to x509_get_other_name()
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:24:32 -05:00
Hanno Becker
2a15a0c868
X.509: Remove red'n bounds checks and zeroiz'n in OtherName parsing
...
- ASN.1 parsing functions check that length don't exceed buffer bounds,
so checks `p + len > end` are redundant.
- If `p + len == end`, this is erroneous because we expect further fields,
which is automatically caught by the next ASN.1 parsing call.
Hence, the two branches handling `p + len >= end` in x509_get_other_name()
can be removed.
Further, zeroization of the `other_name` structure isn't necessary
because it's not confidential (and it's also not performed on other
error conditions in this function).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:15:27 -05:00
Hanno Becker
5d82c3b99c
X.509: Improve negative testing for SubjectAltName parsing
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:10:29 -05:00
Hanno Becker
dc0e8b92f8
Add a ChangeLog entry
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:10:29 -05:00
Hanno Becker
db305ff42e
X.509: Improve negative testing for SubjectAltName parsing
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:10:29 -05:00
Hanno Becker
ae8f8c435c
Fix X.509 SAN parsing
...
Fixes #2838 . See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:10:27 -05:00
Gilles Peskine
a0c806aac1
Merge pull request #7003 from lpy4105/issue/do-not-run-x86-tests-on-arm64
...
all.sh: test_m32_xx is not supported on arm64 host
2023-02-07 10:26:10 +01:00
Gilles Peskine
4c77601832
Merge pull request #6975 from davidhorstmann-arm/c-build-helper-improvements
...
Minor improvements to `c_build_helper.py`
2023-02-07 10:25:59 +01:00
Yanray Wang
3f9961bfca
compat.sh: remove G_CLIENT_PRIO as it's not used
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:51 +08:00
Yanray Wang
a89c4d51f7
compat.sh: display "no" even if $VERIFY=YES for PSK test cases
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:51 +08:00
Yanray Wang
5d646e705d
compat.sh: do not filter PSK ciphersuites for GnuTLS if $VERIFY=YES
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:51 +08:00
Yanray Wang
c66a46f734
compat.sh: remove check_openssl_server_bug
...
As there is no $VERIFY for PSK test cases,
check_openssl_server_bug is not functional in compat.sh.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:51 +08:00
Yanray Wang
35c0eadf0f
compat.sh: avoid running duplicate test cases for PSK
...
With the introduction of PSK_TESTS,
- Either `compat.sh -V NO` or `compat.sh -V YES` runs the PSK tests
- `compat.sh` or `compat.sh -V "NO YES"` runs PSK tests only once
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:51 +08:00
Yanray Wang
dae7057e1f
compat.sh: ignore $VERIFY in PSK TYPE
...
There is no need to provide CA file in PSK. Thus VERIFY is
meaningless for PSK. This change omits the arguments passed to
the client and server for $VERIFY=YES.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:20 +08:00
Valerio Setti
1cdddacc62
pk_wrap: use proper macros for sign and verify
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
5c593af271
pk_wrap: fix comment on closing #endif
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
0568decc0c
ecdsa: add comment for ecdsa_context
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
24138d9f83
pk_wrap: re-use identical functions for eckey and ecdsa when possible
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
7ca1318256
pk: add new symbol for generic ECDSA capability
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
bf74f52920
test: add a comment specifying why restartable cannot be tested
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
9e30dd882d
removing a leftover printf from debug
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
4836374088
test: ECDSA driver only: fixing disparities in tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
ab363d9fe1
pk/pk_wrap: replace ECDSA_C with generic ECDSA capabilities' defines
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
cf084ae256
pk: add generic defines for ECDSA capabilities
...
The idea is to state what are ECDSA capabilities independently from how
this is achieved
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
4e0278d710
test: ECDSA driver only: disable ECP_RESTARTABLE
...
This is not yet supported in driver only implementation
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
4e26df99aa
test: ECDSA driver_only: verify disparities in PK
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Gabor Mezei
63aae68b8f
Fix documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-06 16:24:08 +01:00
Dave Rodgman
f31c9e441b
Merge pull request #7019 from tom-cosgrove-arm/dont-use-cast-assignment-in-ssl_server2.c
...
Don't use cast-assignment in ssl_server.c
2023-02-06 12:13:08 +00:00
Jan Bruckner
1aabe5c4d7
Fix typos
...
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-02-06 12:54:53 +01:00
Jan Bruckner
aa31b19395
Extend test framework for Record Size Limit Extension
...
Fixes #7006
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-02-06 12:54:29 +01:00
Manuel Pégourié-Gonnard
cced3521cb
Fix style in test_suite_md.function
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-06 12:37:02 +01:00
Dave Rodgman
94c9c96c94
Merge pull request #6998 from aditya-deshpande-arm/fix-example-programs-usage
...
Fix incorrect dispatch to USAGE in example programs, which causes uninitialized memory to be used
2023-02-06 09:53:50 +00:00
Nick Child
50886c25f3
pkcs7/test: Add test for parsing a disabled algorithm
...
If the digest algorithm is not compiled into Mbedtls,
then any pkcs7 structure which uses this algorithm
should fail with MBEDTLS_ERR_PKCS7_INVALID_ALG.
Add test for this case.
Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-03 20:33:12 +00:00
Nick Child
6291cc2444
pkcs7/test: Remove f strings in generator script
...
MbedTLS CI uses python v3.5, f strings are not supported
until v3.6 . Remove f string's from generate_pkcs7_tests.py.
Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-03 20:33:12 +00:00
Tom Cosgrove
de85725507
Don't use cast-assignment in ssl_server.c
...
Would have used mbedtls_put_unaligned_uint32(), but alignment.h is in library/.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-02-03 16:38:05 +00:00
Aditya Deshpande
9b45f6bb68
Fix more argc checks
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-02-03 16:15:30 +00:00
Gilles Peskine
10ada35019
Merge pull request #7022 from daverodgman/3DES-warning
...
Improve warnings for DES/3DES
2023-02-03 16:41:34 +01:00
Gilles Peskine
0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3
...
Parsing v3 extensions from a CSR - v.2
2023-02-03 16:41:11 +01:00
Manuel Pégourié-Gonnard
f5e2331f8a
Use TEST_EQUAL when applicable in test_suite_md
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:51:03 +01:00
Manuel Pégourié-Gonnard
b707bedca4
Avoid unnecessary copy in test_suite_md
...
Also avoids buffer with an arbitrary size while at it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:32:41 +01:00
Manuel Pégourié-Gonnard
4ba98f5350
Use MBEDTLS_MD_MAX_SIZE in test_suite_md
...
Not only was the size of 100 arbitrary, it's also not great for testing:
using MBEDTLS_MD_MAX_SIZE will get us an ASan error if it ever is too
small.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:25:53 +01:00