c6d633ffbc
Merge pull request #8297 from valeriosetti/issue8064
...
Change accel_aead component to full config
2023-10-18 07:15:59 +00:00
2e37d7b238
Merge pull request #8121 from gilles-peskine-arm/ssl-test-no-legacy
...
Remove GNUTLS_LEGACY and OPENSSL_LEGACY
2023-10-18 07:13:12 +00:00
2f3f968033
fix wrong typo and indent issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-10-18 15:07:10 +08:00
ca3790d653
Add server9-bad-saltlen generate command
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-10-18 15:07:09 +08:00
09977e2307
Add asn1crypto to python maintainer requirements
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-10-18 15:07:09 +08:00
a3d911b0ae
add script for server9_bad_saltlen
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-10-18 15:07:09 +08:00
735794c745
analyze_outcomes: fix missing format for args/kwargs
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-18 08:05:15 +02:00
bbd92917d8
Close file on error path
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-17 18:12:31 +02:00
d681ffdb54
Use modern macros for calloc in test code
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-17 18:12:31 +02:00
bb7d92c4b2
Remove redundant null check
...
crl_file is a test argument and can't be null. Besides the code above
already assumes that it's non-null.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-17 17:26:44 +02:00
21e46b39cc
Fix missing initializations on some error paths
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-17 17:09:28 +02:00
a0e810de4b
Convey that it's ok for mbedtls_ssl_session_save to fail
...
mbedtls_ssl_session_save() always outputs the output length, even on error.
Here, we're only calling it to get the needed output length, so it's ok to
ignore the return value. Convey this to linters.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-17 16:04:27 +02:00
873a202d18
Now handling critical extensions similarly to how its done in x509_get_crt_ext just without the callback function to handle unknown extensions.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com >
2023-10-17 16:02:20 +02:00
9534dfd15b
Reword error message on format of SAN arguments
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-17 14:59:31 +01:00
4a493b267f
Reword error message on format of SAN arguments
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-17 14:57:23 +01:00
d7a39ae21e
Add plan for 3.6 to threading design
...
Signed-off-by: Janos Follath <janos.follath@arm.com >
2023-10-17 14:34:26 +01:00
574100bb0d
Add clarifications to thread safety design
...
Signed-off-by: Janos Follath <janos.follath@arm.com >
2023-10-17 12:50:28 +01:00
811a954383
Add reentrancy section to thread safety design
...
Signed-off-by: Janos Follath <janos.follath@arm.com >
2023-10-17 12:50:21 +01:00
0ca58e3c10
Added testcase with certificate that contains extensions with critical fields.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com >
2023-10-17 13:12:32 +02:00
781c23416e
analyze_oucomes: do not return Results instance passed as parameter
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-17 13:07:10 +02:00
9726aea88b
Merge pull request #8376 from mpg/ecp-light-check-config
...
Fix check_config for ECP_LIGHT
2023-10-17 10:54:49 +00:00
8070dbec6b
analyze_outcomes: keep print_line() method non-static
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-17 12:40:42 +02:00
cc923f307e
Added missing like between variables and function body.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com >
2023-10-17 12:36:56 +02:00
f6f64cfd81
analyze_outcomes: code style improvement
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-17 12:28:26 +02:00
8d178be66e
analyze_outcomes: fix return value in case of test failure
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-17 12:23:55 +02:00
adb3cc4d43
Fixes #8377 .
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com >
2023-10-17 11:57:10 +02:00
2f00b7a5da
cipher: reset MBEDTLS_CIPHER_HAVE_AEAD to MBEDTLS_CIPHER_MODE_AEAD
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-17 11:43:34 +02:00
9a4273099c
all.sh: fix comment
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-17 11:40:42 +02:00
40314fcc75
analyze_outcomes: fix newlines
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-17 11:34:31 +02:00
f075e47bc1
analyze_outcomes: reset name of TestLog to Results
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-17 11:33:21 +02:00
3f33989762
analyze_outcomes: use a single TestLog instance and do not delay output
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-17 11:32:23 +02:00
fb2750e98e
analyze_outcomes: exit immediately in case of invalid task
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-17 10:57:53 +02:00
745ec5d75e
Fix static initializer warning
...
In a hypothetical build with no curves, or in the future when we add a
new curve type and possibly forget updating this function with a new
block for the new type, we write to `ret` at the beginning or the
function then immediately overwrite it with MPI_CHK(check_privkey),
which static analyzers understandably find questionable.
Use `ret` here and check the key only if it was actually set.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-10-17 10:13:45 +02:00
6d42921633
Require at least on curve for ECP_LIGHT
...
ECP_LIGHT is not usable without any curve, just the same as ECP_C.
We forgot to update this check when introducing the ECP_LIGHT subset.
Note: the message doesn't mention ECP_LIGHT as that's not a public
config knob, hence the message with "ECP_C or a subset" (that's how it's
referred to in user-facing documentation such as
docs/driver-only-builds.md).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-10-17 10:01:33 +02:00
5329ff06b9
analyze_outcomes: print task list directly to stdout
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-17 09:44:36 +02:00
4b6595aa83
Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only
2023-10-17 11:13:00 +08:00
2fde39a22c
Merge pull request #8283 from daverodgman/more-aes-checks
...
More AES guards testing and some fixes
2023-10-16 18:22:51 +00:00
41bc798d7c
Tidy-up
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-10-16 14:04:21 +01:00
f3803a1f71
Cleanup validation interface
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-10-16 13:47:15 +01:00
9fc1f24331
md: restore md.h includes in source files directly using its elements
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-16 14:39:38 +02:00
b0c618e147
analyze_outcomes: minor improvements
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-16 14:19:49 +02:00
74cb404b0d
ssl: improve ssl_check_key_curve()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-16 13:40:50 +02:00
f2ea08ae50
Improve test for clang presence
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-10-16 11:37:28 +01:00
aa01ee303a
Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only
2023-10-16 17:38:32 +08:00
dcee98730b
cipher_wrap: add VIA_LEGACY_OR_USE_PSA to new internal symbols
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-16 11:35:57 +02:00
596ef6c0b1
cipher: reset MBEDTLS_CIPHER_HAVE_AEAD_LEGACY to previous naming
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-16 11:26:08 +02:00
d35b188a5c
Make component_build_aes_aesce_armcc silent
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-10-16 10:25:30 +01:00
0521633559
cipher: fix guards in mbedtls_cipher_auth_[encrypt/decrypt]_ext()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-16 11:22:21 +02:00
52e9548c22
Fix check for format supported by PSA
...
For non-Weierstrass curves there's only one format and it's supported.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-10-16 10:27:22 +02:00
f1b7633443
Use clearer function name
...
I went for "may be" as I was thinking just checking the tag technically
does not guarantee that what follows is correct, but I was wrong:
according to ASN.1, when there are variants, the tag does distinguish
unambiguously between variants, so we can be more positive here.
(Whether the thing inside that variant is correct is a different
question.)
As a welcome side effect, this makes the name more standard hence more
readable.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-10-16 10:27:22 +02:00
