Przemyslaw Stekiel
4cad4fc8a9
psa_crypto.c: use switch instead if-else in psa_aead_check_nonce_length and psa_aead_set_lengths ( fixes #5065 )
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-13 14:04:36 +02:00
Przemyslaw Stekiel
1ecfdea002
all.sh: add full - MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-13 13:27:34 +02:00
Manuel Pégourié-Gonnard
d60950c2d0
Use newer OpenSSL for tests failing with the old
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-13 13:12:47 +02:00
Ronald Cron
e3e16d5d67
Merge pull request #4982 from yuhaoth/pr/add-read-ptr-and-handshake-kex-modes
...
TLS1.3:add read ptr and handshake kex modes
CI merge job: only "Session resume using tickets, DTLS: openssl client" failed in one component thus CI can be considered as passed.
2021-10-11 19:23:12 +02:00
Przemyslaw Stekiel
77804132ba
Use PSA_HASH_LENGTH instead hardcoded integer values
2021-10-11 16:38:17 +02:00
Ronald Cron
e23bba04ee
Merge pull request #4927 from yuhaoth/pr/add-tls13-serverhello-utils
...
TLS 1.3: ServerHello: add utils functions used by ServerHello
Regarding the merge job, there was only one of the failure we currently encounter on almost all PR (Session resume using tickets, DTLS: openssl client test case see #5012 ) thus we can consider that this PR passed CI.
2021-10-11 11:01:11 +02:00
Przemyslaw Stekiel
b576c7b779
Address review comments
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-11 10:43:17 +02:00
Jerry Yu
e4eefc716a
Improve document for chk_buf_read_ptr
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-09 10:40:40 +08:00
Jerry Yu
fd320e9a6e
Replace zeroize with memset
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 21:52:41 +08:00
Gilles Peskine
09c46da27e
Implement PSA_WANT_KEY_TYPE_ARIA
...
Follow what has been done for CAMELLIA.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-08 15:48:16 +02:00
Przemyslaw Stekiel
25f7063533
enerate_psa_tests.py fix format
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 15:28:45 +02:00
Jerry Yu
88b756bacb
move tls1_3 max md size
...
It should be internal definition
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 18:41:38 +08:00
Przemyslaw Stekiel
d9d630cdf3
Addapt psa_generate_key() tests
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 12:26:21 +02:00
Gilles Peskine
f4d2fd4a05
Fix cmake invocation syntax
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-08 11:45:47 +02:00
Jerry Yu
d1ab262844
define max md size for tls1_3
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 16:19:24 +08:00
Jerry Yu
205fd82f7e
fix check_name fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 16:16:24 +08:00
Jerry Yu
ae0b2e2a2f
Rename counter_len
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 15:40:14 +08:00
Jerry Yu
c1ddeef53a
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 15:40:14 +08:00
Jerry Yu
dca3d5ddf9
fix document issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:19:29 +08:00
Jerry Yu
0cabad375b
fix doxygen parameter wrong
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
adf861aad4
Address kex_modes check function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
e15e665cfb
fix comments and check return issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
1b7c4a464c
tls13: add key exchange modes in handshake params
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
34da3727d6
Add check read ptr macro
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Gilles Peskine
dbf7b7eeb5
Switch cmake -O2 builds around to where we test a lot
...
Use Release mode (-O2) for component_test_full_cmake_clang which runs SSL
tests.
To have some coverage with Check mode (which enables more compiler warnings
but compiles with -Os), change a few other builds that only run unit tests
at most to Check mode.
Don't add any new builds, to keep the total build volume down. We don't need
extensive coverage of all combinations, just a reasonable set.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-07 19:38:32 +02:00
Gilles Peskine
77f0535a93
Clarify a comment
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-07 19:27:16 +02:00
Gilles Peskine
cf52222694
Correct support function name
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-07 19:25:29 +02:00
Gilles Peskine
4086159910
Remove obsolete specification draft
...
See https://armmbed.github.io/mbed-crypto/psa/#hardware-abstraction-layer
instead.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-07 19:14:01 +02:00
Przemyslaw Stekiel
db0ed7c579
ssl_server2.c: fix build err (key_slot - unused variable)
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-07 15:11:43 +02:00
Przemyslaw Stekiel
770153e836
Add change-log entry
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-07 11:12:41 +02:00
Przemyslaw Stekiel
c0fe820dc9
psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-07 11:08:56 +02:00
Gilles Peskine
0c7c524b25
Merge pull request #5001 from gilles-peskine-arm/readme-add-contacts
...
Add contact information directly on the home page
2021-10-06 19:35:52 +02:00
Gilles Peskine
bf3ec84b1c
Merge pull request #5003 from gilles-peskine-arm/all.sh-makeflags-nproc
...
Limit make parallelism to the number of CPUs in all.sh
2021-10-06 19:35:12 +02:00
Przemyslaw Stekiel
575f23c3d5
add client/server opaque test
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-06 14:36:41 +02:00
Gilles Peskine
ff0aee0e7b
Build with -O2 when running ssl-opt
...
SSL testing benefits from faster executables, so use -O2 rather than -O1.
Some builds use -O1, but that's intended for jobs that only run unit tests,
where the build takes longer than the tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 09:36:03 +02:00
Mateusz Starzyk
c48f43b44d
Fix PSA AEAD GCM's update output buffer length verification.
...
Move GCM's update output buffer length verification
from PSA AEAD to the built-in implementation of the GCM.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-04 13:54:55 +02:00
Mateusz Starzyk
f28261fc14
Remove output buffer limitation for PSA with GCM.
...
The requirement of minimum 15 bytes for output buffer in
psa_aead_finish() and psa_aead_verify() does not apply
to the built-in implementation of the GCM.
Alternative implementations are expected to verify the
length of the provided output buffers and to return
the MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the
buffer length is too small.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-04 13:54:54 +02:00
Przemyslaw Stekiel
0483e3d652
Add key_opaque option to ssl_server2.c + test
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-04 11:28:22 +02:00
Gilles Peskine
023aa11760
Merge pull request #4996 from mprse/mbedtls_cipher_setup_psa_ECB
...
Fix test gap: mbedtls_cipher_setup_psa() with ECB
2021-10-01 14:49:10 +02:00
Gilles Peskine
2aefc9ef2e
Fix typo in comment
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 20:34:53 +02:00
Gilles Peskine
fcc93d797b
Make MBEDTLS_IGNORE_RETURN configurable
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 18:56:17 +02:00
Gilles Peskine
252b758dd6
Cleaner implementation of MBEDTLS_IGNORE_RETURN
...
The previous implementation was misparsed in constructs like
`if (condition) MBEDTLS_IGNORE_RETURN(...); else ...;`.
Implement it as an expression, tested with GCC, Clang and MSVC.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 18:54:51 +02:00
Gilles Peskine
cd79dfc4bb
Fix mistake in the sample implementation of MBEDTLS_CHECK_RETURN
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 18:53:36 +02:00
Gilles Peskine
050d2fc201
Limit make parallelism to the number of CPUs
...
Don't default to unbridled -j, which causes a load spike and isn't really
faster.
"Number of CPUs" is implemented here as a reasonable compromise between
portability, correctness and simplicity. This is just a default that can be
overridden by setting MAKEFLAGS in the environment.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 18:24:21 +02:00
Gilles Peskine
6b34ac7655
Merge pull request #4955 from gilles-peskine-arm/make-tests-v-development
...
Facilitate reproducing unit tests from all.sh
2021-09-30 16:08:53 +02:00
Ronald Cron
d8ca055073
Merge pull request #4977 from xkqian/generic_fetch_handshake_msg
...
Add fetch_hand_message in generic
2021-09-30 15:30:00 +02:00
Gilles Peskine
b6b15b26e9
Add contact information directly on the home page
...
This information was already present in SECURITY.md and SUPPORT.md, but that
wasn't very apparent.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 14:10:06 +02:00
Przemyslaw Stekiel
73142dfb98
Add change-log: fix-mbedtls_cipher_crypt-aes-ecb.txt
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-09-30 13:14:20 +02:00
XiaokangQian
05420b120b
TLS1.3: Add useful comments based on RFC8446
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-09-30 06:15:18 +00:00
XiaokangQian
16c61aa738
TLS1.3: Alignment coding styles based on comments
...
Fix kinds of alignment issues in fetch handshake messages.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-09-30 02:14:23 +00:00