Commit graph

28072 commits

Author SHA1 Message Date
Valerio Setti
c747306848 all.sh: remove redundant make in test_psa_crypto_config_accel_cipher_aead()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-13 10:51:52 +01:00
Valerio Setti
73d053123f ssl-opt: set proper cipher dependencies in tests using ticket_aead parameters
Check either legacy or PSA symbols based on USE_PSA_CRYPTO

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:27:45 +01:00
Valerio Setti
38e75fb1a7 ssl_server2: remove usage of mbedtls_cipher_info_from_string()
This removes the dependency from cipher module and legacy key/modes
symbols which are used in cipher_wrap.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:27:39 +01:00
Valerio Setti
01c4fa3e88 ssl: move MBEDTLS_SSL_HAVE internal symbols to ssl.h
This is useful to properly define MBEDTLS_PSK_MAX_LEN when
it is not defined explicitly in mbedtls_config.h

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:12:07 +01:00
Valerio Setti
dd43d7b3a4 ssl-opt: set proper dependencies on tests with encrypted server5 key
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:12:07 +01:00
Valerio Setti
f941455e3b all.sh: enable ssl-opt testing in psa_crypto_config_[accel/reference]_cipher_aead
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:12:07 +01:00
Manuel Pégourié-Gonnard
7d7ce0e66a
Merge pull request #8495 from lpy4105/issue/6322/driver-only-cipher_aead-tls
[G3] Driver-only cipher+aead: TLS: main test suite
2023-11-09 11:10:34 +00:00
Gilles Peskine
4dec9ebdc2
Merge pull request #8378 from mschulz-at-hilscher/fixes/issue-8377
Fixes "CSR parsing with critical fields fails"
2023-11-08 18:07:04 +00:00
Gilles Peskine
c75ee77dbb
Merge pull request #8439 from yuhaoth/pr/add-test-suite-parameter-to-ssl-opt
Add test-suite parameter to filter tests
2023-11-08 18:05:44 +00:00
Gilles Peskine
b97058e2d5
Merge pull request #8496 from ronald-cron-arm/remove-cocci-files
Remove unused *.cocci files
2023-11-08 18:05:13 +00:00
Dave Rodgman
0d22539de0
Merge pull request #8468 from daverodgman/mbedtls-3.5.1-pr
Mbed TLS 3.5.1
2023-11-08 18:01:32 +00:00
Dave Rodgman
9eb2abd1e0 Add docs re Everest license
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:17 +00:00
Dave Rodgman
9f747537cf Update BRANCHES
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:11 +00:00
Dave Rodgman
28d40930ae Restore bump version
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:08 +00:00
Dave Rodgman
39b2a38076 Restore 3.5.1 ChangeLog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:04 +00:00
Dave Rodgman
a2d14ef764 Merge remote-tracking branch 'origin/development' into mbedtls-3.5.1-pr
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:39:53 +00:00
Dave Rodgman
47854e638b Revert back to v3.5.0
git revert v3.5.0..v3.5.1
git rebase to combine the resulting revert commits

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:38:57 +00:00
Dave Rodgman
edb8fec988 Add docs re Everest license
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:36:00 +00:00
Ronald Cron
f95b678729 Remove unused *.cocci files
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-11-08 10:08:09 +01:00
Ronald Cron
c27a4ce3dd
Merge pull request #8429 from gilles-peskine-arm/fix-test_suite_constant_time_hmac-not-executed
Fix test suite never executed due to an undefined symbol
2023-11-08 09:05:12 +00:00
Pengyu Lv
2bd56de3f4 ssl: replace MBEDTLS_SSL_HAVE_*_CBC with two seperate macros
MBEDTLS_SSL_HAVE_<block_cipher>_CBC equals
MBEDTLS_SSL_HAVE_<block_cipher> and MBEDTLS_SSL_HAVE_CBC.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 14:21:19 +08:00
Pengyu Lv
ba6825e37b ssl: use MBEDTLS_SSL_HAVE_* in tests
Done by commands:

```
sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 14:09:16 +08:00
Pengyu Lv
65458fa969 ssl: MBEDTLS_SSL_HAVE_* in ssl_misc.h
Done by commands:

```
sed -i "300,$ s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
sed -i "300,$ s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
sed -i "300,$ s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 12:16:29 +08:00
Pengyu Lv
829dd2048a ssl: use MBEDTLS_SSL_HAVE_* in ssl_ciphersuites.c
Mainly done by the commands, with some manual adjust.

```
sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 12:01:26 +08:00
Pengyu Lv
f1b86b088f ssl: add macro to indicate CBC mode is available
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 11:28:42 +08:00
Pengyu Lv
e870cc8c86 ssl: add macro for available key types
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 11:28:36 +08:00
Pengyu Lv
fe03a4071b ssl_helper: fix missin initialization of cli_log_obj
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 10:30:48 +08:00
Matthias Schulz
c55b500343 Changed notes in x509_csr.h to better describe the behavior of mbedtls_x509_csr_parse_der and mbedtls_x509_csr_parse_der_with_ext_cb.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-07 16:47:37 +01:00
Matthias Schulz
e92f6dcf5c New test cases requested in https://github.com/Mbed-TLS/mbedtls/pull/8378#discussion_r1383779861
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-07 15:16:35 +01:00
Tom Cosgrove
53199b1c0a
Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed
TLS 1.3: EarlyData SRV: Write early data extension  in EncryptedExtension
2023-11-07 13:59:13 +00:00
Dave Rodgman
7604915cce Update Changelog with bugfix entry
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-07 12:33:17 +00:00
Tom Cosgrove
4122c16abd
Merge pull request #6945 from lpy4105/issue/6935/ticket_flags-kex-mode-determination
TLS 1.3: SRV: Check ticket_flags on kex mode determination when resumption
2023-11-07 09:26:21 +00:00
Jerry Yu
7ef9fd8989 fix various issues
- Debug message
- Improve comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-07 14:31:37 +08:00
Jerry Yu
2bea94ce2e check the ticket version unconditional
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-07 14:18:17 +08:00
Pengyu Lv
4ebf86e780 tls13-misc: Do not check kex mode for some cases
Ephemeral is preferred over pure PSK, the change is
to make CI happy.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-07 10:14:32 +08:00
Pengyu Lv
44670c6eda Revert "TLS 1.3: SRV: Don't select ephemeral mode on resumption"
This reverts commit dadeb20383.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-07 09:58:53 +08:00
Pengyu Lv
1f00926142 Change base config to full
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-07 09:55:11 +08:00
Dave Rodgman
b578514b03
Merge pull request #8470 from gilles-peskine-arm/check-files-license
Check copyright statements and SPDX license statements
2023-11-06 17:07:54 +00:00
Dave Rodgman
4b67ac8adf
Merge pull request #8444 from Mbed-TLS/cvv-code-size
code size for mbedtls_cipher_validate_values
2023-11-06 12:50:37 +00:00
Dave Rodgman
2ef7c30775 Update BRANCHES
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-06 11:47:15 +00:00
Paul Elliott
e03270f2e0
Merge pull request #8391 from paul-elliott-arm/full_no_platform
Add full_no_platform config preset
2023-11-06 11:35:28 +00:00
Manuel Pégourié-Gonnard
964dee6b3f
Merge pull request #8442 from lpy4105/issue/8355/driver-only-cipher_aead-x509
X.509: Support driver-only cipher+aead
2023-11-06 09:10:57 +00:00
Jerry Yu
9e47b268c4 Revert "ssl-opt.sh: Make record_outcome record the ssl-opt.sh file only"
This reverts commit cfe68a0cb6.

As commit 5eb2b02862, this line is used to report test suite name.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-06 10:53:43 +08:00
Jerry Yu
50d07bdeec Add test-suite parameter to filter tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-06 10:49:01 +08:00
Gilles Peskine
ce78200fb5 Pacify mypy
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-04 16:07:26 +01:00
Gilles Peskine
3b9facd8ac Also complain if licenses are mentioned
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-04 16:07:26 +01:00
Gilles Peskine
f2fb9f667c Check copyright statements and SPDX license identifier
Enforce a specific copyright statement and a specific SPDX license
identifier where they are present.

Binary files, third-party modules and a few other exceptions are not
checked.

There is currently no check that copyright statements and license
identifiers are present.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-04 16:07:26 +01:00
Gilles Peskine
990030bce0 Sort imports
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-04 16:07:26 +01:00
Gilles Peskine
8b6b41f6cd
Merge pull request #8434 from valeriosetti/issue8407
[G2] Make TLS work without Cipher
2023-11-04 15:05:00 +00:00
Gilles Peskine
c5ce9fcf03
Merge pull request #8435 from valeriosetti/issue8415
Remove cipher/aead legacy dependencies from PSA test suites
2023-11-04 15:04:51 +00:00