Commit graph

6945 commits

Author SHA1 Message Date
Paul Elliott
20362cd1ca Bump library and so versions for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:56:01 +01:00
Paul Elliott
9a8d78419f Fixup test tls13_server_certificate_msg_invalid_vector_len
The parameters for init_handshake_options had changed on the development
branch after this test was created, so fixing up this test in order to
correct build failures after merge.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 11:34:14 +01:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Paul Elliott
6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash
Fix DTLS 1.2 session resumption
2022-07-06 15:03:36 +01:00
Paul Elliott
826762e315
Merge pull request #5765 from leorosen/fix-some-resource-leaks
Fix resource leaks
2022-07-05 23:12:02 +01:00
Dave Rodgman
c6a4a1cc13
Merge pull request #6011 from gabor-mezei-arm/coverity_22_07_01
Fix uninitialised memory access in test
2022-07-05 13:59:34 +01:00
Andrzej Kurek
ddb8cd601d test_suite_ssl: Fix handshake options cleanup
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 16:07:28 -04:00
Andrzej Kurek
9dc4402afa test_suite_ssl: zeroize the cache pointer in case if the struct memory gets reused
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:40:15 -04:00
Andrzej Kurek
1e085686ec test_suite_ssl: remove unnecessary user data checks
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:40:09 -04:00
Andrzej Kurek
3d0d501517 test_suite_ssl: prefer ASSERT_ALLOC over malloc
Fix formatting for option initialization
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:39:34 -04:00
Andrzej Kurek
92d7417d89 Formatting fixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
e11acb2c9b test_suite_ssl: add proper cache cleanup
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
e8ad0d7d42 Disable bad session id length test in TLS 1.3
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
456a109edb test_suite_ssl: add required dependencies for default handshake parameters
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
6e518ab086 test_suite_ssl: add missing options cleanup
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
ed58b50ea6 test_suite_ssl: add missing MBEDTLS_SSL_SERVER_C dependency
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
626a931bb9 test_suite_ssl: Add missing arguments in endpoint initialization
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
514683abdc Add a test with a bad session_id_len that makes cache setting fail
Force a bad session_id_len before handshake wrapup. This should
result in a forced jump to a clean up of a serialized session.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:18:29 -04:00
Andrzej Kurek
780dc18f74 Refactor test_suite_ssl tests to enable cache setting
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:18:28 -04:00
Manuel Pégourié-Gonnard
4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection
Permissions 2a: TLS 1.2 ciphersuite selection
2022-07-04 12:37:02 +02:00
Paul Elliott
41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf
Turn off stdio buffering with setbuf()
2022-07-04 10:12:22 +01:00
Ronald Cron
0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk
Refactor signature algorithm chooser
2022-07-04 09:10:08 +02:00
Neil Armstrong
6931e439e4 Fix Handshake select ECDH-RSA- test dependencies
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-01 18:30:10 +02:00
Paul Elliott
bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints
Add accessors to config DN hints for cert request
2022-07-01 17:23:14 +01:00
Neil Armstrong
c67e6e96f8 Depends on MBEDTLS_X509_REMOVE_INFO disable for double Opaque keys test requiring cert infos to determine selected key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-01 15:48:10 +02:00
Gabor Mezei
dc3f3bb8b1
Initilize variable
Coverity scan detected a problem of an uinitilized variable.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-07-01 15:06:34 +02:00
Jerry Yu
7ac0d498de remove force_version for client
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-01 19:29:30 +08:00
Manuel Pégourié-Gonnard
790ab52ee0
Merge pull request #5962 from gilles-peskine-arm/storage-format-doc-202206
Documentation about storage format compatibility
2022-07-01 12:21:17 +02:00
Jerry Yu
52b7d923fe fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-01 18:12:44 +08:00
Neil Armstrong
7999cb3896 Remove auth_mode=required and client crt_file/key_file when testing server authentication
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-01 09:51:33 +02:00
Neil Armstrong
4b10209568 Use different certs for double opaque keys and check certificate issuer CN
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-01 09:48:09 +02:00
Neil Armstrong
1948a20796 Cleanup Order & Title of Opaque TLS tests, fix RSA- test definition
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 18:05:57 +02:00
Gilles Peskine
6497b5a1d1 Add setbuf platform function
Add a platform function mbedtls_setbuf(), defaulting to setbuf().

The intent is to allow disabling stdio buffering when reading or writing
files with sensitive data, because this exposes the sensitive data to a
subsequent memory disclosure vulnerability.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 17:01:40 +02:00
Ronald Cron
cb67e1a890
Merge pull request #5917 from gilles-peskine-arm/asn1write-0-fix
Improve ASN.1 write tests
2022-06-30 15:42:16 +02:00
Neil Armstrong
167d82c4df Add dual keys Opaque ssl-opt tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 11:32:00 +02:00
Neil Armstrong
36b022334c Reorganize Opaque ssl-opt tests, pass key_opaque_algs=, add less wrong negative server testings
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 11:16:53 +02:00
Neil Armstrong
b2c3b5be2d Fix depends on handshake_ciphersuite_select tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 10:49:04 +02:00
Neil Armstrong
db13497490 Reorganize & add more handshake_ciphersuite_select to test all MBEDTLS_KEY_EXCHANGE_XXX cases
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 09:06:28 +02:00
Paul Elliott
f6a56cf5ff
Merge pull request #939 from ronald-cron-arm/tls13-add-missing-overread-check
TLS 1.3: Add missing overread check
2022-06-29 17:01:14 +01:00
Werner Lewis
ec0193d019 Update test to cover move-decrypt sequence
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-29 16:17:50 +01:00
Werner Lewis
dd76ef359d Refactor AES context to be shallow-copyable
Replace RK pointer in AES context with a buffer offset, to allow
shallow copying. Fixes #2147.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-29 16:17:50 +01:00
Dave Rodgman
5b50f38f92
Merge pull request #934 from gilles-peskine-arm/mpi-0-mod-2
Fix null pointer dereference in mpi_mod_int(0, 2)
2022-06-29 15:02:59 +01:00
Jerry Yu
aae28f178b add tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:21:32 +08:00
Jerry Yu
a0bb906c9f fix handshake_version test fail.
when both tls13 and tls12 are enabled, the
test will fail.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:09 +08:00
Jerry Yu
f55886a217 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:46 +08:00
Jerry Yu
a6076aa8b8 Revert temp test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:45 +08:00
Jerry Yu
7ab7f2b184 Remove pkcs1 from certificate_verify
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:44 +08:00
Ronald Cron
7898fd456a
Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server
TLS 1.3 server: Send dummy change_cipher_spec records

The internal CI PR-merge job ran successfully thus good to go.
2022-06-29 09:47:49 +02:00
Glenn Strauss
bd10c4e2af Test accessors to config DN hints for cert request
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-06-29 02:54:28 -04:00
Gilles Peskine
d86abf2392
Merge pull request #5861 from wernerlewis/csr_subject_comma
Fix output of commas and other special characters in X509 DN values
2022-06-28 21:00:49 +02:00
Neil Armstrong
2407279fa4 Add tests with specific hash for handshake_ciphersuite_select positive tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:12:17 +02:00
Neil Armstrong
ed917bf548 Update description for negative key_opaque_algs tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:12:17 +02:00
Neil Armstrong
8c52ed8d1e Add negative testing of ciphersuite selection using Opaque algs & usage
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:12:17 +02:00
Neil Armstrong
eb4390b27c Add Cipersuite selection negative testing by using invalid algs for server-side opaque key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:10:48 +02:00
Gabor Mezei
9e4b7bd199
Do not force TLS 1.3 on client side for TLS 1.3 middlebox compatibility tests
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-28 16:22:14 +02:00
Gabor Mezei
f7044eaec8
Fix name
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-28 16:01:49 +02:00
Ronald Cron
585cd70d04 tests: ssl: Fix coverity deadcode issue
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
b94854f8e3
Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests
TLS 1.3: Enable and add tests
2022-06-28 09:15:17 +02:00
Gilles Peskine
5969a4b5e0 Don't call memcpy(NULL, 0) which has undefined behavior
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-27 23:59:53 +02:00
Dave Rodgman
f5b7082f6e
Merge pull request #5811 from polhenarejos/bug_x448
Fix order value for curve x448
2022-06-27 13:47:24 +01:00
Werner Lewis
9b0e940135 Fix case where final special char exceeds buffer
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 12:01:22 +01:00
Werner Lewis
31ecb9600a Add tests for exceeded buffer size
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 11:23:43 +01:00
Werner Lewis
b33dacdb50 Fix parsing of special chars in X509 DN values
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes #769.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 11:19:50 +01:00
Ronald Cron
cf600bc07c Comment fixes
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
e7b9b6b380 tls13: Add checks of overread check failures
In Certificate message parsing tests with
invalid vector lengths, add checks that the
parsing failed on the expected overread check.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
e3dac4aaa1 tls13: Add Certificate msg parsing tests with invalid vector lengths
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:42 +02:00
Ronald Cron
a8d79b9eb6 ssl-opt.sh: Remove one pattern check
In "Authentication: client cert not trusted,
server required" ssl-opt.sh test, depending
on client and server execution speed, the
handshake on the client side may complete
successfully: the TLS connection is aborted
by the server because it is not able to
authenticate the client but at that time
the client may have completed the handshake
on its side. Thus, do not check that the
client handshake failed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:05:35 +02:00
Ronald Cron
07040bb179
Merge pull request #5951 from xkqian/tls13_add_alpn
Add ALPN extension to the server side
2022-06-27 08:33:03 +02:00
Ronald Cron
9738a8d0fd
Merge pull request #943 from ronald-cron-arm/tls13-fix-key-usage-checks
TLS 1.3: Fix certificate key usage checks
2022-06-27 08:32:17 +02:00
Ronald Cron
21a1b2d374 Enable "Sending app data" SSL unit tests for TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
c78511b59a ssl-opt.sh: Enable some authentication tests for TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
1938588e80 tls13: Align some debug messages with TLS 1.2 ones
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
a4417c13a1 ssl-opt.sh: Add Small/Large packets TLS 1.3 tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
ba80d4d60b ssl-opt.sh: Enable Event-driven I/O tests for TLS 1.3
The other "Event-driven I/O" tests are not relevant
to TLS 1.3 yet: no ticket and session resumption
support.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
2cffd284bc ssl-opt.sh: Enable Non-blocking I/O tests for TLS 1.3
The other "Non-blocking I/O" tests are not relevant
to TLS 1.3 yet: no ticket and session resumption
support.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Manuel Pégourié-Gonnard
93a7f7d7f8
Merge pull request #5954 from wernerlewis/x509_next_merged
Add mbedtls_x509_dn_get_next function
2022-06-24 09:59:22 +02:00
XiaokangQian
95d5f549f1 Fix coding styles
Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-24 05:42:15 +00:00
Werner Lewis
3e5585b45d Replace TEST_ASSERT macro uses
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-23 15:12:10 +01:00
Werner Lewis
ac80a66395 Reduce buffer sizes to expected size
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-23 15:11:50 +01:00
XiaokangQian
c740345c5b Adress review comments
Change Code styles
Add test cases

Change-Id: I022bfc66fe509fe767319c4fe5f2541ee05e96fd
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-23 03:24:12 +00:00
Ronald Cron
f9c13fe69f ssl-opt.sh: Add positive check in successful "keyUsage client-auth" tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-22 17:36:21 +02:00
Ronald Cron
ba65fbbe30 Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-22 17:36:12 +02:00
Gabor Mezei
7e2dbafe2d
Add test for dummy CCS records
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-22 17:07:21 +02:00
XiaokangQian
acb3992251 Add ALPN extension to the server side
CustomizedGitHooks: yes
Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-22 06:34:58 +00:00
Przemek Stekiel
0c9e74bd55 Remove mbedtls_psa_hkdf_expand() and mbedtls_psa_hkdf_extract() tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-21 07:22:33 +02:00
Gilles Peskine
e0469b5908
Merge pull request #931 from AndrzejKurek/clihlo_cookie_pxy_fix
Add a client hello cookie_len overflow test
2022-06-20 19:35:54 +02:00
Gilles Peskine
76851ae3a6 Add warnings to test code and data about storage format stability
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-20 19:10:35 +02:00
Gilles Peskine
36aeb7f163
Merge pull request #5834 from mprse/HKDF_1
HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms
2022-06-20 15:27:46 +02:00
Werner Lewis
12657cdcc6 Remove binary int use
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-20 11:57:35 +01:00
Werner Lewis
90c46c376b Use consistent test case names
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-20 11:53:17 +01:00
Werner Lewis
b3acb053fb Add mbedtls_x509_dn_get_next function
Allow iteration through relative DNs when X509 name contains multi-
value RDNs.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-17 16:40:55 +01:00
Dave Rodgman
eb8570f174 Fix missing newline
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-06-17 14:59:36 +01:00
Dave Rodgman
5cab9dafb7 fix whitespace
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-06-17 13:48:29 +01:00
Dave Rodgman
57080461f7 Add test-case for checking curve order
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-06-17 13:42:40 +01:00
Tuvshinzaya Erdenekhuu
8988e23690 Add missing break
In ''int execute_tests( int argc , const char ** argv )'' function,
switch case is missing break statement.

Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-06-17 10:55:42 +01:00
Ronald Cron
d28f5a98f1 ssl-opt.sh: Add certificate key usage tests for TLS 1.3
Those are adaptations of the already existing
TLS 1.2 tests. It is not really possible to just
remove the TLS 1.2 dependency of the existing tests
because of the following:
. in TLS 1.3 the ciphersuite selection on server
  side is not related to the server certificate
. for tests involving OpenSSL the OpenSSL command line
  as to be adapted to TLS 1.3
. server authentication is mandatory in TLS 1.3
. a key with KeyEncipherment and not DigitalSignature
  usage is never acceptable

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-17 08:46:27 +02:00
Ronald Cron
ca3c6a5698
Merge pull request #5817 from xkqian/tls13_add_server_name
Tls13 add server name
2022-06-16 08:30:09 +02:00
Gilles Peskine
6194053feb ASN.1: test that we can parse what we can write
In asn1_write tests, when there's a parsing function corresponding to the
write function, call it and check that it can parse what we wrote.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-15 21:17:25 +02:00
Gilles Peskine
b7e215f6bc Fix copypasta in test data
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-15 21:16:42 +02:00
Andrzej Kurek
ca35f5bed0 test_suite_ssl: Use a zero fragment offset in a test with a too short record
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-15 07:19:40 -04:00
Ronald Cron
4ccd226cbf
Merge pull request #5864 from xkqian/tls13_add_comprehensive_cases
Tls13 add comprehensive cases
2022-06-15 09:18:11 +02:00
Przemek Stekiel
6c9fd61565 exercise_key_agreement_key: add special handling for HKDF_EXPAND
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-14 14:41:42 +02:00
Andrzej Kurek
7cf872557a Rearrange the session resumption code
Previously, the transforms were populated before extension
parsing, which resulted in the client rejecting a server
hello that contained a connection ID.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-14 08:26:19 -04:00
Przemek Stekiel
d898745f70 exercise_key_agreement_key: provide SALT for HKDF_EXTRACT
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-14 11:41:52 +02:00
XiaokangQian
3ed16231ab Refine server side SNI test cases
Change-Id: Icdc91ed382e81702e3b46645d3ce3534e62d4a13
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-14 08:24:04 +00:00
Jerry Yu
b7c12a466f Refactor compat scripts
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-12 20:53:02 +08:00
Gilles Peskine
2c2730a372 ASN.1 write tests: test with larger buffer
Test with the output buffer size up to *and including* the expected output
size plus one. `... < expected->len + 1` was evidently a mistake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:15:44 +02:00
Gilles Peskine
321a08944b Fix bug whereby 0 was written as 0200 rather than 020100
0200 is not just non-DER, it's completely invalid, since there has to be a
sign bit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:13:33 +02:00
Gilles Peskine
c9a30fba74 Add MPI write tests when the MPI object has a leading zero limb
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:13:07 +02:00
Gilles Peskine
0ab804a794 Fix mismatch between test data and test description
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:12:25 +02:00
Gilles Peskine
d8579b7673 Uncomment mbedtls_asn1_write_mpi tests with leading 1 bit
mbedtls_asn1_write_mpi() correctly handles the sign bit, so there's no
reason not to test that it's handled correctly.

Fix copypasta in test data that was commented out.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:10:37 +02:00
XiaokangQian
9b938b7c37 Share code with base class in generate_tls13_compat_tests.py
Change-Id: I4540bdff7072cdb9bcc9fdb0799c4165ca381b2a
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-10 07:06:32 +00:00
XiaokangQian
fb1a3fe7f3 Address comments about python syntax
CustomizedGitHooks: yes
Change-Id: I5c4d39789df802d0b839061ce8c59ad241917d0b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-10 02:27:52 +00:00
Gilles Peskine
ae25bb043c Fix null pointer dereference in mpi_mod_int(0, 2)
Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or
mbedtls_mpi_write_string() in base 2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 19:32:46 +02:00
XiaokangQian
b1847a234e Re-structure to share more common code
Change-Id: I5034485f7511238d083c2725fbef8818d33ffb07
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-09 02:53:23 +00:00
Andrzej Kurek
ed4d217874 Add missing test dependencies for cookie parsing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-08 11:57:57 -04:00
Andrzej Kurek
078e9bcda6 Add the mbedtls prefix to ssl_check_dtls_clihlo_cookie
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-08 11:47:33 -04:00
Paul Elliott
271c3052fb
Merge pull request #5892 from AndrzejKurek/ssl-opt-client-kill-fix
Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell
2022-06-08 14:27:01 +01:00
Dave Rodgman
11930699f1
Merge pull request #5827 from wernerlewis/time_utc
Use ASN1 UTC tags for dates before 2000
2022-06-08 13:54:19 +01:00
Paul Elliott
5f2bc754d6
Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests
Pr/add-tls13-moving-state-tests
2022-06-08 13:39:52 +01:00
XiaokangQian
96287d98d8 Remove the certificate key check against the received signature
Change-Id: I07d8d46c58dec499f96cb7307fc0af15149d9df7
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-08 08:37:53 +00:00
XiaokangQian
9850fa8e8d Refine ssl_tls13_pick_cert()
Change-Id: I5448095e280d8968b20ade8b304d139e399e54f1
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-08 07:02:41 +00:00
Przemek Stekiel
b088a900f4 test_suite_psa_crypto_storage_format: disable KA(ECDH,HKDF_EXTRACT/EXPAND...) test cases
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-07 15:34:18 +02:00
Przemek Stekiel
d9e1287e64 crypto_config_test_driver_extension.h add HKDF_EXTRACT/EXPAND algs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-07 14:19:39 +02:00
XiaokangQian
23c5be6b94 Enable SNI test for both tls12 and tls13
Change-Id: Iae5c39668db7caa1a59d7e67f226a5286d91db22
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-07 09:43:13 +00:00
Ronald Cron
00e5eaad62 test: ssl: Remove more TLS 1.2 dependencies in handshake state tests
That way the concerned tests are also run in the
TLS 1.3 only configuration where a TLS 1.3
handshake is performed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-07 11:14:01 +02:00
Ronald Cron
bdddaef9bb test: ssl: Enable client authentication in handshake state tests
The endpoint initialization function was setting up
a certificate but the client certificate was not
used because client authentication was not enabled
(not enabled in the default SSL server configuration).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-07 11:13:49 +02:00
Dave Rodgman
4b55a89327
Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor
Add accessor for x509 certificate extension types
2022-06-06 21:51:38 +01:00
Andrzej Kurek
cfb01948c8 Add cookie parsing tests to test_suite_ssl
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:29:15 -04:00
Andrzej Kurek
140b589ec6 Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell
When executing eval in the background, the next "$!" gives the
eval PID, not the ssl-client2 pid. This causes problems when
a client times out and the script tries to kill it. Instead, it
kills the parent eval call.
This caused problems with subsequent proxy tests receiving
old packets from a client from a previous test.
Moving the "&" to inside the eval call fixes the problem.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:02:36 -04:00
Thomas Daubney
5c9c2ce86d Add correct test dependencies
Functions called within the test mean that MBEDTLS_X509_CRT_PARSE_C
is a test dependency and so is declared in this commit.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-06 16:36:43 +01:00
Thomas Daubney
a5f39e0ec2 Move accessor definition
Move the definition of the accessor so that it is not defined
within the MBEDTLS_X509_CRT_WRITE_C guards. Thus remove the
dependency from the test and test cases.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-06 15:42:32 +01:00
Przemek Stekiel
221391b3d2 generate_psa_tests.py: REVERT adapt OpFail test generator for HKDF-Exract/Expand algs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:26:43 +02:00
Przemek Stekiel
66867731aa derive_output tests: fix output key length to be consistent with teh description
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:26:02 +02:00
Przemek Stekiel
cde3f783f5 Make info valid only after secret for HKDF-EXPAND + adapt tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:26:02 +02:00
Przemek Stekiel
0586f4c4ea Make salt mandatory for HKDF-EXTRACT + adapt tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:25:43 +02:00
Jerry Yu
6994e3e0c2 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-06 11:50:49 +08:00
Przemek Stekiel
0e99391afe derive_output test: fix output key bit length
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Przemek Stekiel
3e8249cde0 Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Przemek Stekiel
f0f0bd068b test_suite_psa_crypto_metadata: add test cases for the HKDF-Extract/Expand algorithms
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
XiaokangQian
129aeb9b0e Update test cases and support sni ca override
Change-Id: I6052acde0b0ec1c25537f8dd81a35562da05a393
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-02 09:29:18 +00:00
Werner Lewis
acd01e58a3 Use ASN1 UTC tags for dates before 2000
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-01 16:24:28 +01:00
Jerry Yu
f2d32e6c3d fix tls13_only test fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-01 18:05:18 +08:00
Thomas Daubney
3ff4fc6997 Add test data
Add two test cases for accessor test. One test where desired
ext type is presentent and the other of when the ext type is
not present.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-01 10:23:50 +01:00
Thomas Daubney
bd5466ab7e Add test for accessor
Add test logic for accessor.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-01 10:23:50 +01:00
Jerry Yu
7bf3358a2d Remove duplicated tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-01 16:55:17 +08:00
Jerry Yu
1443537da3 fix test fail when WANT_READ/WRITE returned
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-01 15:53:31 +08:00
XiaokangQian
f4f0f6961a Enable requires_openssl_tls1_3 in sni test cases
Change-Id: I71fbabe0b2ff80d5f1f15ae7df2b048503ccf965
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-01 00:42:27 +00:00
XiaokangQian
ac41edfc5e Enable requires_gnutls_tls1_3 in sni test cases
Change-Id: Iea18f4e6a6b4c6b90612b43a5bcd396cdd506335
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-31 13:22:13 +00:00
Jerry Yu
66537f40b6 fix certificate request fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 19:53:05 +08:00