In some cases, we were calling `mbedtls_test_ssl_endpoint_free()` on an
uninitialized `mbedtls_test_ssl_endpoint` object if the test case failed
early, e.g. due to `psa_crypto_init()` failing. This was largely harmless,
but could have caused weird test results in case of failure, and was flagged
by Coverity.
Use a more systematic style for initializing the stack object as soon as
it's declared.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The previous key was not correct so it could not be imported into PSA
for validation inside the PK module.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
In some cases, we were calling `mbedtls_test_ssl_endpoint_free()` on an
uninitialized `mbedtls_test_ssl_endpoint` object if the test case failed
early, e.g. due to `psa_crypto_init()` failing. This was largely harmless,
but could have caused weird test results in case of failure, and was flagged
by Coverity.
Use a more systematic style for initializing the stack object as soon as
it's declared.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
PK restartable operations are now implemented using PSA interruptible
ones, so mbedtls_ecp_set_max_ops() can be removed in favor of
psa_interruptible_set_max_ops().
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
For each function in `x509_oid.c`, determine where it is used and only
include it in the build if it is needed by the X.509 code. Define the
corresponding internal tables only when they are consumed by a function.
This makes Mbed TLS completely independent of the compilation option
`MBEDTLS_OID_C`. This option remains present only in sample configs for
crypto, where it must stay until TF-PSA-Crypto no longer relies on this
option.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some code that parses or writes X.509 needs to know OID values. We provide a
convenient list. Don't remove this list from the public interface of the
library.
For user convenience, expose these values in the same header as before and
with the same name as before: `MBEDTLS_OID_xxx` in `<mbedtls/oid.h>`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Replace the non-X.509-named error code `MBEDTLS_ERR_OID_NOT_FOUND` with
`MBEDTLS_ERR_X509_UNKNOWN_OID`, which already exists and is currently not
used for anything.
Public functions in X.509 propagate this error code, so it needs to have a
public name.
Remove the definition of `MBEDTLS_ERR_OID_NOT_FOUND` in `x509_oid.h`, then
```
git grep -l MBEDTLS_ERR_OID_NOT_FOUND | xargs perl -i -pe 's/\bMBEDTLS_ERR_OID_NOT_FOUND\b/MBEDTLS_ERR_X509_UNKNOWN_OID/g'
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
There was a discrepancy between how `mbedtls_test_ssl_endpoint_init()` and
`mbedtls_test_ssl_perform_handshake()` handled client authentication:
`mbedtls_test_ssl_endpoint_init()` defaulted to
`MBEDTLS_SSL_VERIFY_REQUIRED` on both sides, whereas
`mbedtls_test_ssl_perform_handshake()` obeyed `options->srv_auth_mode` which
defaulted to no verification of the client certificate.
Make this more uniform. Now `mbedtls_test_ssl_endpoint_init()` obeys
`options->srv_auth_mode` on servers (still forcing verification on clients,
which is the library default anyway). Also, `options->srv_auth_mode` is now
enabled by default. Thus:
* Tests that call `mbedtls_test_ssl_perform_handshake()` now perform client
certificate verification, unless they disable it explicitly.
* Tests that call `mbedtls_test_ssl_endpoint_init()` on a server are
unchanged. (They would change if they were setting
`options->srv_auth_mode` explicitly, which previously was ignored, but
no test function did this.)
This means that a few test functions now perform client certificate
verification whereas they previously don't. This is harmless except in
`handshake_ciphersuite_select`, where one test case
`Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque` fails with
client authentication because the test code doesn't deal with the weirdness
of static ECDH correctly with respect to client authentication. So keep
the previous behavior in `handshake_ciphersuite_select`, by explicitly
turning off client authentication.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The DTLS context and the queues now conveyed inside the endpoint object.
Remove the unused parameters.
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Both PKCS7 and X509 rely on PK module under the hood and the latter can
use PSA to store keys and perform operations. Therefore psa_crypto_init()
must be called before any operation can be done with PKCS7 and X509.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The commented out tests cause crashes (in different ways) until the bug
is fixed; the first two test are passing already and are here mostly to
provide a reference point.
The bug report was using programs/x509/cert_write, but string_to_names()
is what it was really targetting, which is better for automated tests.
The strings used are a minor adapation of those from the report.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
* public/development: (23 commits)
tests: suite_x509parse: set PSA max operations in x509_verify_restart()
library: debug: remove mbedtls_debug_printf_ecdh()
library: debug: make mbedtls_debug_print_psa_ec() static
Remove call to pk_decrypt() in ssl_server2
Change hardcoded error values in ssl-opt to take in the PSA error alias
Test with GCC 15 with sloppy union initialization
Update crypto with the union initialization fixes
Mark ssl_tls12_preset_suiteb_sig_algs const
Mark ssl_tls12_preset_default_sig_algs const
Use PSA macros for the `pkalgs` domain
reverted compat-2.x.h removal from psa-transition.md
Correct ChangeLog file extension
Add ChangeLog
remove compat-2.x.h
Remove trace of secp224k1
Update submodules
Improve comments
Allow gcc-15 to be in $PATH
Enable drivers when testing with GCC 15
GCC 15: Silence -Wunterminated-string-initialization
...
Set also psa_interruptible_set_max_ops() when mbedtls_ecp_set_max_ops()
is set so that the same amount of operations will be used both if legacy
ECDSA_C or PSA is used under the hood to perform the operation.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The OID module is used by both crypto and X.509. It has moved to the
`tf-psa-crypto` subdirectory, and the sibling commit
08d8cc57db removes this subdirectory from the
`mbedtls` repository in order to make `tf-psa-crypto` a submodule. We want
to access the relevant parts directly from X.509 rather than go through the
crypto repository, because OID functions are only accessible as private
interfaces, and crypto doesn't know when a particular OID function is needed
in the build since it depends on X.509 configuration options.
Make a copy of the OID module and its unit tests. In a follow-up, the X.509
module will switch to consuming this copy rather than the one that went into
TF-PSA-Crypto.
Rename the files from `*oid*` to `*x509_oid*` to follow the naming
convention that submodules of X.509 are prefixed with `x509`. This also
avoids file name clashes with TF-PSA-Crypto.
Since OID is not a public interface of Mbed TLS 4.x, move the header file
into `library`.
This commit only makes the files available. Subsequent commits will take
care of making these files used in the build.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Parsing of CRT files with message's hash alg different from the MGF1 was
allowed in the past, but now it fails. So we need to move/adapt tests
relying on this feature, from a "verify" scope to a "parse" one.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
