433150e8f2
Rm redundant ECC dependencies in psa_crypto tests
...
Since _DERIVE can't be accelerated now, in
config_adjust_legacy_from_psa.h we will notice and auto-enable ECP_LIGHT
as well as the built-in version of each curve that's supported in this
build. So, we don't need to list those as dependencies here - and they
would cause issues when we add support for _DERIVE drivers.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-11-08 12:30:51 +01:00
59a8b41ca3
Fix incorrect RSA dependencies in psa_crypto tests
...
There's no reason the tests would depend specifically on our built-in
implementation and not work with drivers, so replace the RSA_C
dependency with the correct PSA_WANT dependencies.
Those 6 cases use two different test functions, but both of those
functions only do `psa_import()`, so all that's needed is PUBLIC_KEY or
KEYPAIR_IMPORT (which implies KEYPAIR_BASIC) depending on the kind of
key being tested.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-11-08 12:30:51 +01:00
0d9a3618bd
Rm unneeded dep on PK_PARSE_C in psa crypto tests
...
Most of them were removed in 7162, not sure how these ones slipped in.
There's no reason deterministic ECDSA verification would need PK parse
more than the other tests. The following finds no match:
grep -i pk_parse library/ecdsa.c library/psa_crypto_ecp.c
Even if PK parse was actually needed for this, the right way would be to
auto-enable it based on PSA_WANT symbols, and then only depend on
PSA_WANT symbols here.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-11-08 12:30:51 +01:00
65f7653bdd
tls1.3: early data: rephrase ChangeLog
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-11-08 18:48:33 +08:00
f95b678729
Remove unused *.cocci files
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-11-08 10:08:09 +01:00
c27a4ce3dd
Merge pull request #8429 from gilles-peskine-arm/fix-test_suite_constant_time_hmac-not-executed
...
Fix test suite never executed due to an undefined symbol
2023-11-08 09:05:12 +00:00
2bd56de3f4
ssl: replace MBEDTLS_SSL_HAVE_*_CBC with two seperate macros
...
MBEDTLS_SSL_HAVE_<block_cipher>_CBC equals
MBEDTLS_SSL_HAVE_<block_cipher> and MBEDTLS_SSL_HAVE_CBC.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-11-08 14:21:19 +08:00
ba6825e37b
ssl: use MBEDTLS_SSL_HAVE_* in tests
...
Done by commands:
```
sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-11-08 14:09:16 +08:00
eb61868878
tls1.3: early data: add ChangeLog entry
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-11-08 13:46:28 +08:00
65458fa969
ssl: MBEDTLS_SSL_HAVE_* in ssl_misc.h
...
Done by commands:
```
sed -i "300,$ s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
sed -i "300,$ s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
sed -i "300,$ s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-11-08 12:16:29 +08:00
829dd2048a
ssl: use MBEDTLS_SSL_HAVE_* in ssl_ciphersuites.c
...
Mainly done by the commands, with some manual adjust.
```
sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-11-08 12:01:26 +08:00
f1b86b088f
ssl: add macro to indicate CBC mode is available
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-11-08 11:28:42 +08:00
e870cc8c86
ssl: add macro for available key types
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-11-08 11:28:36 +08:00
7b320fa7c9
ssl-opt.sh: fix typo
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-11-08 10:33:32 +08:00
fe03a4071b
ssl_helper: fix missin initialization of cli_log_obj
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-11-08 10:30:48 +08:00
8636d471b3
config-tfm.h: License Change
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-11-08 10:07:03 +08:00
30769696e7
Merge remote-tracking branch 'origin/development' into adjust_tfm_configs
2023-11-08 10:00:24 +08:00
c55b500343
Changed notes in x509_csr.h to better describe the behavior of mbedtls_x509_csr_parse_der and mbedtls_x509_csr_parse_der_with_ext_cb.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com >
2023-11-07 16:47:37 +01:00
e92f6dcf5c
New test cases requested in https://github.com/Mbed-TLS/mbedtls/pull/8378#discussion_r1383779861
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com >
2023-11-07 15:16:35 +01:00
53199b1c0a
Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed
...
TLS 1.3: EarlyData SRV: Write early data extension in EncryptedExtension
2023-11-07 13:59:13 +00:00
7604915cce
Update Changelog with bugfix entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-07 12:33:17 +00:00
4122c16abd
Merge pull request #6945 from lpy4105/issue/6935/ticket_flags-kex-mode-determination
...
TLS 1.3: SRV: Check ticket_flags on kex mode determination when resumption
2023-11-07 09:26:21 +00:00
7ef9fd8989
fix various issues
...
- Debug message
- Improve comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-07 14:31:37 +08:00
2bea94ce2e
check the ticket version unconditional
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-07 14:18:17 +08:00
0751761b49
max_early_data_size: rename configuration function
...
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-11-07 11:49:34 +08:00
d5ed36ff24
early data: rename configuration function
...
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-11-07 11:49:24 +08:00
4ebf86e780
tls13-misc: Do not check kex mode for some cases
...
Ephemeral is preferred over pure PSK, the change is
to make CI happy.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-11-07 10:14:32 +08:00
44670c6eda
Revert "TLS 1.3: SRV: Don't select ephemeral mode on resumption"
...
This reverts commit dadeb20383pengyu.lv@arm.com >
2023-11-07 09:58:53 +08:00
1f00926142
Change base config to full
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-11-07 09:55:11 +08:00
a1023e2bd6
programs/test/metatest indirectly includes library/common.h
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-06 20:33:19 +01:00
4bc873f0a1
Add missing program to .gitignore
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-06 20:33:19 +01:00
102aea2ba8
Add metatests for mutex usage
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-06 20:33:19 +01:00
f0d5cf9a0c
Don't use %llx in printf
...
We still do MinGW builds on our CI whose printf doesn't support it!
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-06 20:33:19 +01:00
a1dfa14c06
Fix cast from pointer to integer of different size
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-06 20:33:19 +01:00
ee8109541a
Don't cast a function pointer to a data pointer
...
That's nonstandard. Instead, convert to an integer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-06 20:33:19 +01:00
6aa9f32124
Use casts when doing nonstandard pointer conversions
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-06 20:33:19 +01:00
6848d1709b
Run metatests in selected components
...
Run metatests in some components, covering both GCC and Clang, with ASan,
MSan or neither.
Note that this commit does not cover constant-flow testing builds or Valgrind.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-06 20:33:19 +01:00
69e8db0366
Strengthen against Clang optimizations
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-06 20:33:19 +01:00
b0f0a64de0
Metatests for basic Asan and Msan features
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-06 20:33:19 +01:00
f109664448
Script to run all the metatests (with platform filtering)
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-06 20:33:18 +01:00
80ba832be6
Metatests for null pointer dereference
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-06 20:33:09 +01:00
f309fbf0d5
Validate that test_fail causes a test failure
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-06 20:33:09 +01:00
33406b645d
Add a metatest program
...
This program can be used to validate that things that should be detected as
test failures are indeed caught, either by setting the test result to
MBEDTLS_TEST_RESULT_FAILED or by aborting the program.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-06 20:33:09 +01:00
b578514b03
Merge pull request #8470 from gilles-peskine-arm/check-files-license
...
Check copyright statements and SPDX license statements
2023-11-06 17:07:54 +00:00
4b67ac8adf
Merge pull request #8444 from Mbed-TLS/cvv-code-size
...
code size for mbedtls_cipher_validate_values
2023-11-06 12:50:37 +00:00
2ef7c30775
Update BRANCHES
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-06 11:47:15 +00:00
e03270f2e0
Merge pull request #8391 from paul-elliott-arm/full_no_platform
...
Add full_no_platform config preset
2023-11-06 11:35:28 +00:00
964dee6b3f
Merge pull request #8442 from lpy4105/issue/8355/driver-only-cipher_aead-x509
...
X.509: Support driver-only cipher+aead
2023-11-06 09:10:57 +00:00
9e47b268c4
Revert "ssl-opt.sh: Make record_outcome record the ssl-opt.sh file only"
...
This reverts commit cfe68a0cb65eb2b02862jerry.h.yu@arm.com >
2023-11-06 10:53:43 +08:00
50d07bdeec
Add test-suite parameter to filter tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-06 10:49:01 +08:00
