1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-10 21:01:41 +03:00
Commit Graph

12188 Commits

Author SHA1 Message Date
3a815cbd2f all.sh: keep RSA_C enabled in component_full_no_pkparse_pkwrite()
This is possible because after #8740 RSA_C no longer depends on
PK to parse and write private/public keys.

This commit also solves related issues that arose after this change
in "pk.c" and "test_suite_pk". In particular now we can use
rsa's module functions for parsing and writing keys without need
to rely on pk_parse and pk_write functions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-11 11:34:53 +01:00
f9a6893b55 Changelog: Added entry for ssl_session accessors.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-03-11 10:09:44 +00:00
61532e9a6b test_suite_pk: fix typos
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-11 09:48:40 +01:00
01ba66d56e pk: replace CRYPTO_CLIENT guards with CRYPTO_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-11 09:48:40 +01:00
a41654d5b1 all.sh: add test component based on full config without PK_[PARSE|WRITE]_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-11 09:48:40 +01:00
452d2d2ccb test_suite_pk: add some initial testing for mbedtls_pk_copy_from_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-11 09:48:40 +01:00
af3e574f5f Merge pull request #8862 from valeriosetti/issue8825
Improve support of mbedtls_psa_get_random in client-only builds
2024-03-10 20:06:27 +00:00
61fd13c6a5 Merge remote-tracking branch 'mbedtls/development' into tls13-cli-max-early-data-size 2024-03-10 18:09:47 +01:00
9422725aba tls13: cli: Discard ticket with zero lifetime
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-10 17:48:26 +01:00
ce79488dd5 tls13: srv: Fail connection if ticket lifetime exceed 7 days
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-10 17:42:43 +01:00
7e1f9f290f Merge pull request #8854 from ronald-cron-arm/tls13-srv-max-early-data-size
TLS 1.3: Enforce max_early_data_size on server
2024-03-09 00:16:07 +00:00
e1295fabaf tests: ssl: early data: Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-08 17:05:27 +01:00
080a5171e2 Merge pull request #8861 from ronald-cron-arm/tls13-srv-select-kex
TLS 1.3: SRV: Improve key exchange mode selection
2024-03-08 14:58:36 +00:00
52472104a2 tests: suite: early data: Add comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-08 14:51:20 +01:00
4facb0a9cd tests: ssl: Improve early data test code
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-08 14:51:20 +01:00
1a13e2f43e tests: ssl: Improve test code for very small max_early_data_size
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-08 14:51:20 +01:00
e14770fc42 ssl-opt.sh: Fix early data test option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-08 08:57:36 +01:00
1f63fe4d74 tls13: srv: Fix resume flag in case of cancelled PSK
If we prefer ephemeral key exchange mode over
the pure PSK one, make sure the resume flag is
disabled as eventually we are not going to
resume a session even if we aimed to at some
point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-08 08:43:41 +01:00
cf284565c5 tls13: srv: Determine best key exchange mode for a PSK
Determine best key exchange for for ticket based and
external PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-08 08:43:41 +01:00
12e72f1664 tls13: srv: Always parse the pre-shared key extension
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-08 08:43:41 +01:00
139a4185b1 Merge pull request #8587 from yanrayw/issue/4911/ssl_setup-check-RNG-configuration
TLS: check RNG when calling mbedtls_ssl_setup()
2024-03-08 07:38:39 +00:00
4c4f1f1428 Avoid recursion for relative paths
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-03-07 17:25:52 +00:00
c02c5b1520 Follow-up for less verbose logging
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-03-07 17:25:52 +00:00
d4c57c0ad2 Merge branch 'development-restricted' into key_agreement_buffer_protection
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
2024-03-06 16:47:13 +00:00
63c1cf7eaa Remove MBEDTLS_THREADING_C check in check_test_dependencies
At the moment our tests only check for MBEDTLS_THREADIN_PTHREAD

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-03-06 16:46:15 +00:00
16d5160504 Allow the use of threading dependancies in PSA tests.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-03-06 16:46:15 +00:00
b0b3c0d80a Disable MBEDTLS_SELF_TEST in the TSan config
Enabling this causes TSan warnings, as some self-tests use unprotected globals
(see X_count variables in ecp.c). This isn't an issue, as these globals are only
read in self tests, which do not use threads.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-03-06 16:46:08 +00:00
2066d0451f Add test cases for concurrently_generate_keys
For every generate_key test there is now a concurrently_generate_keys test.
8 threads per test, and 5 repetitions.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-03-06 16:46:00 +00:00
3a1b786d5d Add a concurrent key generation test function
Split into n threads, each thread will repeatedly generate,
exercise and destroy a key.
Then join the threads, and ensure using PSA_DONE that no keys still exist.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-03-06 16:45:36 +00:00
a4866945b8 Fix issue with large allocation in tests
In test_suite_psa_crypto_op_fail.generated.function
the function key_agreement_fail was setting the
public_key_length variable to SIZE_MAX which meant that
a huge allocation was being attempted.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-03-06 16:32:25 +00:00
8a2062c538 Merge pull request #8892 from paul-elliott-arm/add_threading_to_drivers
Ensure drivers have threading enabled if required
2024-03-06 14:35:49 +00:00
411cb6c30f test_suite_ssl: Added ssl_session_id_accessors_check.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-03-06 13:52:03 +00:00
a5175634b0 Merge branch 'development-restricted' into copying-pake
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-06 11:18:28 +00:00
31403a4ca8 Merge pull request #8678 from daverodgman/quietbuild
Make builds less verbose
2024-03-05 18:04:16 +00:00
71cc260563 Merge pull request #8728 from minosgalanakis/features/add_mbedtls_x509_crt_get_ca_istrue_accesor_6151
[MBEDTLS_PRIVATE] Add mbedtls_x509_crt_get_ca_istrue() accesor
2024-03-05 18:04:06 +00:00
3c4166aef3 Merge pull request #8863 from minosgalanakis/feature/add_ecdh_context_5016
[MBEDTLS_PRIVATE] Add a getter for the ECDH context->grp.id member.
2024-03-05 16:58:13 +00:00
581e63637a test_suite_x509parse: Added test-case for legacy certificate
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-03-05 14:39:23 +00:00
053b7886e5 Ensure drivers have threading enabled if required
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-03-05 14:27:23 +00:00
6caf84f717 Explicitely remove the deprecated driver interface from the TSan config
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-03-05 14:10:08 +00:00
8462146d01 Merge pull request #8867 from gilles-peskine-arm/psa_key_attributes-remove_core
Merge psa_core_key_attributes_t back into psa_key_attributes_t
2024-03-05 09:59:24 +00:00
de047b09fe Add docstrings to pacify pylint
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-03-04 17:12:59 +01:00
2aa63ea48c Support Git submodules
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-03-04 17:12:59 +01:00
1c13aa78c2 Framework submodule: fix the libtestdriver1 build
`make -C tests libtestdriver1` copies `library/Makefile` to
`tests/libtestdriver1/library/Makefile`, where `../framework` does not point
to the framework submodule.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-03-04 17:12:59 +01:00
716cf2d4e0 Merge branch 'development-restricted' into buffer_protection_for_cipher
Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>
2024-03-04 15:38:05 +00:00
987cf898db ssl_helpers: Restore rng_seed incrementation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-04 10:24:27 +01:00
fad79fcdd9 Merge remote-tracking branch 'development' into ecp-write-ext-3.6
Conflicts:
* library/pk.c: mbedtls_pk_wrap_as_opaque() changed in the feature branch
  and was removed in the target branch.
2024-03-04 08:52:08 +01:00
a83ada4eba tests: Added test for mbedtls_x509_crt_get_ca_istrue()
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-03-04 02:22:01 +00:00
e93cd1b580 tests: ssl: Free write/read test buffers
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-01 19:30:00 +01:00
7c07aab72e tests: write early data: Improve tls13_cli_max_early_data_size
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-01 19:07:40 +01:00
ae6f9a58a9 tests: write early data: Allocate buffer to write/read
Allocate the buffer to write/read early data. That
way in ASan builds. buffer overwrite/overread can
be detected.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-01 19:07:34 +01:00