Commit graph

18854 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
6d2479516c
Merge pull request #5533 from paul-elliott-arm/fix_fuzz_privkey_null_ctx
Fix null context when using dummy_rand with mbedtls_pk_parse_key()
2022-02-16 09:55:01 +01:00
Paul Elliott
5d7e61fb61 Fix uninitialised return value.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-15 16:05:17 +00:00
Gabor Mezei
d917081b8b
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:25:27 +01:00
Gabor Mezei
7381242748
Use PSA_INIT()
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:24:58 +01:00
Gabor Mezei
8d5a4cbfdb
Check return value of psa_destroy_key
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:23:17 +01:00
Gabor Mezei
833713c35c
Add better name for variable
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:16:08 +01:00
Andrzej Kurek
8666df6f18 Add signature length mismatch handling when using PSA in pk_verify_ext
Introduce a regression test for that too.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 08:23:02 -05:00
Andrzej Kurek
90ba2cbd0a Cosmetic changes to return placement and variable naming
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 08:18:44 -05:00
Ronald Cron
a7a1deabf8
Merge pull request #5393 from gilles-peskine-arm/opt-testcases-outcomes-fix
Fix test suite name reporting of opt-testcases/tls13-compat.sh
2022-02-15 13:53:10 +01:00
Andrzej Kurek
853ad7bfcf Use macros in tests for PSA init/deinit routines
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 07:13:03 -05:00
Manuel Pégourié-Gonnard
a1b506996d
Merge pull request #5526 from paul-elliott-arm/fix_fuzzer_null_ref
Ensure ctr_drbg is initialised every time in fuzz_server
2022-02-15 10:31:03 +01:00
Ronald Cron
b788c044b7 Use PSA status to Mbed TLS error code conversion function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-15 09:14:15 +01:00
Manuel Pégourié-Gonnard
e14b644f4d
Merge pull request #5456 from mpg/cleanup-ecdh-psa
Cleanup PSA-based ECDHE in TLS 1.2
2022-02-15 09:09:07 +01:00
Paul Elliott
a1dc3e5a60 Add safety to dummy_random in case of NULL context
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-14 18:26:21 +00:00
Paul Elliott
bb0168144e Ensure valid context is used in fuzz_dtlsserver
A valid ctr_drbg context is now a prerequisite for using dummy_random()

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-14 15:57:11 +00:00
Ronald Cron
87829e5429 Fix documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-14 16:31:33 +01:00
PeterSpace
c2774a3ad4 Update library/psa_its_file.c
Signed-off-by: pespacek <peter.spacek@silabs.com>
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
2022-02-14 12:24:56 +01:00
Paul Elliott
51a7679a8e Ensure context is passed in to dummy_rand
In fuzz_privkey, we switched over to using dummy_rand(), which uses
ctr_drbg internally, and thus requires an initialised ctr_drbg_context
to be passed in via p_rng when calling mbedtls_pk_parse_key().

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-11 19:10:14 +00:00
Ronald Cron
fb84e98fb4 Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-11 16:10:44 +01:00
Ronald Cron
135427cb35 Run TLS 1.3 tests when MBEDTLS_USE_PSA_CRYPTO is enabled
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-11 16:10:44 +01:00
Ronald Cron
f6893e11c7 Finalize PSA hash operations in TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-11 16:10:34 +01:00
Ronald Cron
4279bac965 Document TLS 1.3 MVP limitation regarding MBEDTLS_USE_PSA_CRYPTO
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-11 15:10:22 +01:00
Gilles Peskine
bebeae9428
Merge pull request #5504 from gstrauss/mbedtls_pem_get_der
Add accessor to get der from mbedtls_pem_context
2022-02-10 23:56:57 +01:00
Paul Elliott
00738bf65e Ensure ctr_drbg is initialised every time
ctr_drbg is a local variable and thus needs initialisation every time
LLVMFuzzerTestOneInput() is called, the rest of the variables inside the
if(initialised) block are all static.

Add extra validation to attempt to catch this issue in future.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-10 18:38:53 +00:00
Manuel Pégourié-Gonnard
574e538c75
Merge pull request #5522 from mpg/fixup-psa-migration
Fixup psa migration documentation
2022-02-10 13:41:56 +01:00
Manuel Pégourié-Gonnard
29e0e6fa3c
Merge pull request #5501 from gstrauss/ssl-ticket-rotate
Add mbedtls_ssl_ticket_rotate() for ticket rotation
2022-02-10 13:18:32 +01:00
Manuel Pégourié-Gonnard
c70013e4bc Clarify the trailer field situation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-10 13:16:50 +01:00
Manuel Pégourié-Gonnard
c7f3254379 Clarify a sentence
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-10 13:00:33 +01:00
Manuel Pégourié-Gonnard
58d101b721 Fix a few more typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-10 12:58:09 +01:00
Gabor Mezei
9607ab4dbd
Prevent function not used compilation error
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-10 10:57:24 +01:00
Gabor Mezei
b35759ded8
Add tests for mbedtls_psa_hkdf_expand
The tests are based on the test of mbedtls_hkdf_expand.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-10 10:57:24 +01:00
Gabor Mezei
a3eecd242c
Implement HKDF expand in TLS 1.3 based on PSA HMAC
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-10 10:57:23 +01:00
Glenn Strauss
a941b62985 Create public macros for ssl_ticket key,name sizes
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 15:28:28 -05:00
Glenn Strauss
e328245618 Add test case use of mbedtls_ssl_ticket_rotate
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 14:33:16 -05:00
Glenn Strauss
a950938ff0 Add mbedtls_ssl_ticket_rotate for ticket rotation.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 14:33:15 -05:00
Andrzej Kurek
7db1b78fff Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
Duplicate a test case but with a different expected error
due to error translation to and from PSA.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-09 14:13:44 -05:00
Gabor Mezei
748ab4ae77
Use ASSERT_ALLOC
Change the calloc functions to ASSERT_ALLOC to check the
return value of calloc as well.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-09 16:31:48 +01:00
Gilles Peskine
196a1c4256
Merge pull request #5517 from yuhaoth/pr/fix-client-auth-fail
BUG fix :fix client_auth fail
2022-02-09 13:08:12 +01:00
Jerry Yu
7840f81303 fix client_auth fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-09 19:43:22 +08:00
Manuel Pégourié-Gonnard
2c5fbad479
Merge pull request #5004 from mpg/doc-psa-migration
Document PSA migration strategy
2022-02-09 12:07:12 +01:00
Manuel Pégourié-Gonnard
62b49cd06a
Merge pull request #5472 from yuhaoth/pr/move-client-auth
Move client_auth to handshake
2022-02-09 10:57:00 +01:00
Manuel Pégourié-Gonnard
9193f7d836
Merge pull request #5436 from mpg/prog-hmac-cipher-psa
PSA: example programs for HMAC and AEAD vs legacy
2022-02-09 10:53:49 +01:00
Ronald Cron
6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request
add tls1_3 read certificate request
2022-02-09 09:51:55 +01:00
Manuel Pégourié-Gonnard
1df23b903f Check the result of PEM decoding
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 14:53:50 -05:00
Manuel Pégourié-Gonnard
33ab075f45 Add success case for pem_read testing
Currently all cases were negative, so the block that exercised
mbedtls_pem_get_der() would never be reached.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 14:53:50 -05:00
Glenn Strauss
72bd4e4d6a Add accessor to get buf from mbedtls_pem_context
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-08 14:53:46 -05:00
Xiaofei Bai
7c8b6a97b9 Update CertificateRequest skip condition
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-02-08 15:21:13 +00:00
pespacek
443c78eb83 BUGFIX: PSA test vectors use UID 1 instead of 0.
Test vector to test rejection of uid = 0 was added.

Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 15:19:26 +01:00
pespacek
d62e906b1c TEST: added psa_its_set expected failure test
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 15:19:26 +01:00
Jerry Yu
5c7d1cce97 fix typo error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-08 21:08:29 +08:00