Commit graph

23571 commits

Author SHA1 Message Date
Yanray Wang
5d646e705d compat.sh: do not filter PSK ciphersuites for GnuTLS if $VERIFY=YES
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:51 +08:00
Yanray Wang
c66a46f734 compat.sh: remove check_openssl_server_bug
As there is no $VERIFY for PSK test cases,
check_openssl_server_bug is not functional in compat.sh.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:51 +08:00
Yanray Wang
35c0eadf0f compat.sh: avoid running duplicate test cases for PSK
With the introduction of PSK_TESTS,
 - Either `compat.sh -V NO` or `compat.sh -V YES` runs the PSK tests
 - `compat.sh` or `compat.sh -V "NO YES"` runs PSK tests only once

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:51 +08:00
Yanray Wang
dae7057e1f compat.sh: ignore $VERIFY in PSK TYPE
There is no need to provide CA file in PSK. Thus VERIFY is
meaningless for PSK. This change omits the arguments passed to
the client and server for $VERIFY=YES.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:20 +08:00
Valerio Setti
1cdddacc62 pk_wrap: use proper macros for sign and verify
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
5c593af271 pk_wrap: fix comment on closing #endif
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
0568decc0c ecdsa: add comment for ecdsa_context
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
24138d9f83 pk_wrap: re-use identical functions for eckey and ecdsa when possible
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
7ca1318256 pk: add new symbol for generic ECDSA capability
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
bf74f52920 test: add a comment specifying why restartable cannot be tested
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
9e30dd882d removing a leftover printf from debug
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
4836374088 test: ECDSA driver only: fixing disparities in tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
ab363d9fe1 pk/pk_wrap: replace ECDSA_C with generic ECDSA capabilities' defines
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
cf084ae256 pk: add generic defines for ECDSA capabilities
The idea is to state what are ECDSA capabilities independently from how
this is achieved

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
4e0278d710 test: ECDSA driver only: disable ECP_RESTARTABLE
This is not yet supported in driver only implementation

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
4e26df99aa test: ECDSA driver_only: verify disparities in PK
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Gabor Mezei
63aae68b8f
Fix documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-06 16:24:08 +01:00
Dave Rodgman
f31c9e441b
Merge pull request #7019 from tom-cosgrove-arm/dont-use-cast-assignment-in-ssl_server2.c
Don't use cast-assignment in ssl_server.c
2023-02-06 12:13:08 +00:00
Jan Bruckner
1aabe5c4d7 Fix typos
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-02-06 12:54:53 +01:00
Jan Bruckner
aa31b19395 Extend test framework for Record Size Limit Extension
Fixes #7006

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-02-06 12:54:29 +01:00
Manuel Pégourié-Gonnard
cced3521cb Fix style in test_suite_md.function
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-06 12:37:02 +01:00
Dave Rodgman
94c9c96c94
Merge pull request #6998 from aditya-deshpande-arm/fix-example-programs-usage
Fix incorrect dispatch to USAGE in example programs, which causes uninitialized memory to be used
2023-02-06 09:53:50 +00:00
Nick Child
50886c25f3 pkcs7/test: Add test for parsing a disabled algorithm
If the digest algorithm is not compiled into Mbedtls,
then any pkcs7 structure which uses this algorithm
should fail with MBEDTLS_ERR_PKCS7_INVALID_ALG.
Add test for this case.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-03 20:33:12 +00:00
Nick Child
6291cc2444 pkcs7/test: Remove f strings in generator script
MbedTLS CI uses python v3.5, f strings are not supported
until v3.6 . Remove f string's from generate_pkcs7_tests.py.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-03 20:33:12 +00:00
Tom Cosgrove
de85725507 Don't use cast-assignment in ssl_server.c
Would have used mbedtls_put_unaligned_uint32(), but alignment.h is in library/.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-02-03 16:38:05 +00:00
Aditya Deshpande
9b45f6bb68 Fix more argc checks
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-02-03 16:15:30 +00:00
Gilles Peskine
10ada35019
Merge pull request #7022 from daverodgman/3DES-warning
Improve warnings for DES/3DES
2023-02-03 16:41:34 +01:00
Gilles Peskine
0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3
Parsing v3 extensions from a CSR - v.2
2023-02-03 16:41:11 +01:00
Manuel Pégourié-Gonnard
f5e2331f8a Use TEST_EQUAL when applicable in test_suite_md
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:51:03 +01:00
Manuel Pégourié-Gonnard
b707bedca4 Avoid unnecessary copy in test_suite_md
Also avoids buffer with an arbitrary size while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:32:41 +01:00
Manuel Pégourié-Gonnard
4ba98f5350 Use MBEDTLS_MD_MAX_SIZE in test_suite_md
Not only was the size of 100 arbitrary, it's also not great for testing:
using MBEDTLS_MD_MAX_SIZE will get us an ASan error if it ever is too
small.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:25:53 +01:00
Manuel Pégourié-Gonnard
c90514ee11 Use MD type not string to in MD test data
For all test that want to use a hash, identify it by its numerical type
rather than a string. The motivation is that when we isolate the
MD-light subset from the larger MD, it won't have support for string
identifiers. Do the change for all tests, not just those that will
exercise functions in MD-light, for the sake of uniformity and because
numerical identifiers just feel better.

Note: mbedtls_md_info_from_string is still tested in md_info().

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:13:10 +01:00
Gilles Peskine
80c552556a
Merge pull request #6791 from yanrayw/6675-change-some-key-generation-funcs-to-static
TLS 1.3: Key Generation: change some key generation functions to static
2023-02-03 11:56:35 +01:00
Gilles Peskine
753ad17a41
Merge pull request #6982 from aditya-deshpande-arm/check-files-characters
check_files.py: Allow specific Box Drawing characters to be used
2023-02-03 11:46:06 +01:00
Gilles Peskine
e2db23d741
Merge pull request #6902 from yanrayw/6651-enable-cipher-suite-names-consistent
compat.sh: report and filter cipher suite names consistently
2023-02-03 11:38:31 +01:00
Manuel Pégourié-Gonnard
bae8d2ae13
Merge pull request #7028 from daverodgman/sizeof-brackets
Fix use of sizeof without brackets
2023-02-03 10:29:56 +01:00
Manuel Pégourié-Gonnard
d56def5c30
Merge pull request #6946 from valeriosetti/issue6856
driver-only ECDSA: fix testing disparities in ecp, random, se_driver_hal
2023-02-03 08:51:04 +01:00
Yanray Wang
f206c1493b Remove duplicate mbedtls_platform_zeroize for tls13_early_secrets
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-03 13:55:47 +08:00
Yanray Wang
131ec931eb Remove the additional dot in output of compat.sh
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-03 12:13:04 +08:00
Gilles Peskine
34c43a871f Make the fields of mbedtls_pk_rsassa_pss_options public
This makes it possible to verify RSA PSS signatures with the pk module,
which was inadvertently broken since Mbed TLS 3.0. Fixes #7040.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-02 23:06:37 +01:00
Dave Rodgman
fdbfaafc2f Additional warnings in cipher.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 13:44:31 +00:00
Dave Rodgman
23caf02c5b Update warnings in cipher.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 13:17:34 +00:00
Dave Rodgman
6dd757a8ba Fix use of sizeof without brackets
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 12:40:50 +00:00
Dave Rodgman
c04515b83c Improve warnings for DES/3DES
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 10:47:58 +00:00
Valerio Setti
00c1ccb08c depends.py: fix typo and slightly reorganized code
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-02 11:33:31 +01:00
Aditya Deshpande
3b18a29c13 Amend changelog entry
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-02-02 09:06:00 +00:00
Nick Child
282d50493a pkcs7: Remove duplicate oid condition
MBEDTLS_OID_PKCS7_ENCRYPTED_DATA was listed twice in
the oid conditional. Remove one of them.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-01 18:32:55 +00:00
Gilles Peskine
24c6f49530
Merge pull request #7005 from tom-cosgrove-arm/fix-doxygen-typos-in-new-bignum
Fix typos in doxygen commands in new bignum modules
2023-02-01 19:05:04 +01:00
David Horstmann
a43e332fe4 Fix near-tautological repetition in ChangeLog
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-01 13:39:57 +00:00
Aditya Deshpande
ebb2269f68 Allow whole Box Drawings range
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-02-01 13:30:26 +00:00