2f386c55ff
Disable MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT for armclang
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-03-02 13:38:33 +00:00
136d25c416
Explicitly disable all DTLS options in tls13-only.h
...
This makes no difference when starting from the default configuration. It
allows tls13-only.h to be used with other base configurations such as `full`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-03-01 19:49:58 +01:00
7d3186d18a
Disable MBEDTLS_SSL_RENEGOTIATION in tls13-only configuration
...
There's no renegotiation in TLS 1.3, so this option should have no effect.
Insist on having it disabled, to avoid the risk of accidentally having
different behavior in TLS 1.3 if the option is enabled (as happened in
https://github.com/Mbed-TLS/mbedtls/issues/6200 ).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-03-01 19:47:23 +01:00
f4385faa6f
Merge pull request #7188 from paul-elliott-arm/interruptible_sign_hash_complete_after_start_fail
...
Interruptible {sign|verify} hash - Call complete() after start() failure.
2023-03-01 17:18:08 +00:00
42585f678b
Merge pull request #7176 from paul-elliott-arm/interruptible_sign_hash_verify_test_improvements
...
Interruptible {sign|verify} hash verification test improvements
2023-03-01 15:00:45 +00:00
ebf2e38662
Merge pull request #7177 from paul-elliott-arm/interruptible_sign_hash_improve_num_ops_testing
...
Interruptible sign hash improve num ops testing
2023-03-01 14:59:44 +00:00
de7c31e082
Improve comment wording
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-03-01 14:43:52 +00:00
f5dcb8886a
Rework pake input getters tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-03-01 12:28:21 +01:00
1eae11565d
Merge pull request #6949 from bensze01/replace_pkcs7_fuzzer_tests
...
Replace fuzzer-generated PKCS #7 memory management tests
2023-03-01 10:46:22 +01:00
c6298ad46a
Use parentheses to avoid executing the output
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-03-01 10:31:29 +08:00
c2b1864ceb
Revert "Check if the license server is available for armcc"
...
This reverts commit 55c4fa4f41pengyu.lv@arm.com >
2023-03-01 10:25:08 +08:00
7c17308253
Add num_ops tests to sign and verify interruptible hash
...
This is the only test usable for non-deterministic ECDSA, thus needs this
code path testing as well.
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-02-28 17:23:29 +00:00
8359c14c14
Add hash corruption test to interruptible verify test
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-02-28 17:23:29 +00:00
c1e0400bac
Add test to check not calling get_num_ops()
...
Make sure that not calling get_num_ops() inbetweeen calls to complete() does
not mean that ops get lost (Regression test for previous fix).
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-02-28 17:20:14 +00:00
9e8819f356
Move 'change max_ops' test into ops tests
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-02-28 17:20:14 +00:00
5770224ef3
Rename max ops tests to ops tests
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-02-28 17:20:14 +00:00
7e677fa2c5
Merge pull request #6389 from gilles-peskine-arm/ecdsa-use-psa-without-pkwrite
...
Remove pkwrite dependency in pk using PSA for ECDSA
2023-02-28 18:17:16 +01:00
b52b788e55
Merge pull request #6895 from yuhaoth/pr/add-aes-with-armv8-crypto-extension
...
Add AES with armv8 crypto extension
2023-02-28 18:16:37 +01:00
587e780812
Test calling complete() after {sign|verify}_hash_start fails
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-02-28 17:13:39 +00:00
e4616830b3
Merge pull request #7137 from lpy4105/issue/1785/ssl-test-script-fail
...
compat.sh: Skip static ECDH cases if unsupported in openssl
2023-02-28 18:11:39 +01:00
17152df58d
Merge pull request #7175 from paul-elliott-arm/interruptible_sign_hash_test_comments
...
Interruptible sign hash test comments
2023-02-28 17:09:43 +00:00
ebb63420cc
Merge pull request #7124 from oberon-microsystems/fix-test-output-length-on-success-only
...
Fix test to check output length on PSA_SUCCESS only
2023-02-28 18:09:33 +01:00
35d674a6ee
Replace usage of echo -e in pkcs7 data Makefile
...
This use of the shell builtin is not portable.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2023-02-28 17:01:21 +01:00
ffb4dc38c8
Merge pull request #7183 from paul-elliott-arm/interruptible_sign_hash_test_max_ops_0
...
Interruptible {sign|verify} hash : Change max_ops=min tests to use a value of zero.
2023-02-28 15:56:01 +00:00
4a2fff6369
Fix expected error code
...
This was overlooked during the rebase.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2023-02-28 16:40:27 +01:00
804cfd32ea
Follow the naming convention
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2023-02-27 16:50:09 +01:00
ac2251dad1
Merge pull request #7076 from mprse/parse_RFC822_name
...
Add parsing of x509 RFC822 name + test
2023-02-27 14:16:13 +00:00
cd7e8bce03
Change max_ops=min tests to use zero
...
Zero is the minimum value defined by the spec, just because the internal
implementation treats zero and one as the same thing does not mean that other
implementations will also do so.
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-02-27 12:21:36 +00:00
5819d2c141
Feedback from Arm: guarantee that output_length <= output_size even on error, to reduce the risk that a missing error check
...
escalates into a buffer overflow in the application code
Signed-off-by: Stephan Koch <koch@oberon.ch >
2023-02-27 11:49:13 +01:00
10c0f770ce
asymmetric_encrypt: check output length only if return code is PSA_SUCCESS.
...
Signed-off-by: Stephan Koch <koch@oberon.ch >
2023-02-27 11:48:51 +01:00
c2033502f5
Give edge case tests a better name
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-02-26 18:47:58 +00:00
c7f6882995
Add comments to each test case to show intent
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-02-26 18:47:58 +00:00
21dfce7a5c
Add tests
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-02-25 17:10:38 +00:00
a4e8fb0041
Add tests
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-02-24 15:57:30 +00:00
248971348b
Replace fuzzer-generated PKCS7 regression tests
...
This commit adds well-formed reproducers for the memory management
issues fixed in the following commits:
290f01b3f5e7f8c616d0f7641544eabence.szepkuti@arm.com >
2023-02-24 15:31:03 +01:00
7dc4130210
Improve GnuTLS client priority for resumption basic check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-02-24 12:10:09 +01:00
55c4fa4f41
Check if the license server is available for armcc
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-02-24 18:31:50 +08:00
6f2d1f419a
Further pake tests optimizations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-24 10:22:47 +01:00
df07003c49
all.sh: add support function for build_armcc
...
With this change, "--list-components" will not list
"build_armcc" on the system which is not installed
with Arm Compilers.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-02-24 16:03:31 +08:00
51b5f00a43
all.sh: Skip build_mingw correctly
...
If i686-w64-mingw32-gcc is not installed, then
build_mingw should be unsupported.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-02-24 15:38:52 +08:00
623c73b46d
Remove config.py call on now-internal option
...
It turns out config.py wouldn't complain, but it's still confusing.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-02-23 20:36:05 +01:00
083745e097
Fix code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-23 17:28:23 +01:00
df6e84a447
Test the PSA alternative header configuration macros
...
Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and
MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes
after the standard directory in the include file search path.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-02-23 17:18:33 +01:00
bdc21e623e
Disable MBEDTLS_PSA_CRYPTO_SE_C is ecdsa psa builds
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-23 17:12:19 +01:00
1af76d119d
ssl-opt: automatically detect requirements from the specified certificates
...
This moslty focus on tests using "server5*" cerificate. Several cases
are taken into account depending on:
- TLS version (1.2 or 1.3)
- server or client roles
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-02-23 16:55:59 +01:00
3f2309fea6
ssl-opt: remove redundant requires_config_enabled when force_ciphersuite is set
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-02-23 13:47:30 +01:00
0d4152186d
Make MBEDTLS_MD_LIGHT private for now.
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-02-23 13:02:13 +01:00
1aa6e8d6e9
Restore same PSK length enforcement
...
Restore same PSK length enforcement in
conf_psk and set_hs_psk, whether the
negotiated protocol is TLS 1.2 or TLS 1.3.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-02-23 09:48:50 +01:00
d1f991c879
ssl-opt: fix required configs in ECDSA related tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-02-23 09:31:41 +01:00
9e7bb2a92c
Update some comments
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-02-23 16:03:56 +08:00
