49c20954e4
Merge pull request #865 from davidhorstmann-arm/3.0-fix-session-copy-bug-chglog
...
Add changelog entry for session copy bugfix
2021-12-09 09:21:28 +01:00
3938fef25c
Indicate set nonce negative test failure reasons
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2021-12-08 20:09:09 +00:00
cfe74a37b9
mbedtls_ssl_handshake_params: move ecrs_ctx back further
...
"mbedtls_ssl_handshake_params: reorder fields to save code size" moved this
filed earlier along with byte-sized fields that should be in the 128-element
access window on Arm Thumb. This took away precious room in the 128-byte
window. Move it back further out.
Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2860 -> 2816 (diff: 44)
library/ssl_msg.o: 3080 -> 3076 (diff: 4)
library/ssl_srv.o: 3340 -> 3300 (diff: 40)
library/ssl_tls.o: 6546 -> 6478 (diff: 68)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-12-08 18:38:51 +01:00
b3ec69dba5
mbedtls_ssl_config: better document former bit-fields
...
Ensure that the documentation of fields affected by
"mbedtls_ssl_config: Replace bit-fields by separate bytes"
conveys information that may have been lost by removing the exact size of
the type. Extend the preexisting pattern "do this?" for formerly 1-bit
boolean fields. Indicate the possible values for non-boolean fields.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-12-08 18:32:12 +01:00
41139a2541
mbedtls_ssl_handshake_params: move group_list earlier to save code size
...
Placing group_list earlier seems to help significantly, not just as a matter
of placing it in the 128-element (512-byte) access window.
Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19559 -> 19551 (diff: 8)
library/ssl_msg.o: 24690 -> 24674 (diff: 16)
library/ssl_srv.o: 20418 -> 20406 (diff: 12)
library/ssl_tls.o: 20555 -> 20519 (diff: 36)
library/ssl_tls13_client.o: 7244 -> 7240 (diff: 4)
library/ssl_tls13_generic.o: 4693 -> 4697 (diff: -4)
Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2864 -> 2860 (diff: 4)
library/ssl_tls.o: 6566 -> 6546 (diff: 20)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-12-08 18:26:55 +01:00
1865585eab
Merge pull request #5212 from yuhaoth/pr/add-tls13-compat-testcases
...
TLS1.3 MVP:Add tls13 compat, not supported version , certificaterequest and HRR tests
2021-12-08 14:56:39 +01:00
e217edf49c
Add changelog entry for session copy bugfix
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2021-12-08 13:32:59 +00:00
5d9f42200f
Merge pull request #861 from ronald-cron-arm/fix-aead-nonce
...
psa: aead: Fix invalid output buffer usage in generate_nonce()
2021-12-08 13:30:21 +01:00
39c2aba920
Merge pull request #849 from ronald-cron-arm/fix-cipher-iv
...
Avoid using encryption output buffer to pass generated IV to PSA driver
2021-12-08 13:30:06 +01:00
2869c67d63
Make CMakeLists.txt discover if mbed TLS is being built as subproject
...
The main CMakeLists.txt is capable to detect if it's being built as
a subproject (i.e. through add_subdirectory()) hence allowing to
disable the package configuration, target export and installation
that generally are not required when mbed TLS is being built as
part of another project.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com >
2021-12-07 21:09:22 +00:00
392113434a
Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x
...
Forward port to 3.x: Introduce PSA test driver library to test PSA configuration
2021-12-07 12:52:20 +01:00
45b91c93f1
Merge pull request #5269 from daverodgman/fix-builds-with-only-mbedtls_bignum_c-defined-development
...
Fix builds when config.h only defines MBEDTLS_BIGNUM_C
2021-12-07 12:38:06 +01:00
d7c091060f
Merge pull request #5242 from paul-elliott-arm/explain_TLS13_decision
...
TLS1.3: Edit docs to explain not changing curve order.
2021-12-07 11:01:04 +00:00
0b4d12313a
Remove assertion on local nonce buffer size
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2021-12-07 10:45:00 +01:00
27d47713c9
tests: psa: Remove MD2, MD4 and ARC4 related code
...
MD2, MD4 and ARC4 are not supported anymore in
3.x.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2021-12-07 09:54:36 +01:00
0118627013
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2021-12-07 09:28:36 +01:00
a393619dc2
Change test on local nonce buffer size to an assertion
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2021-12-07 09:25:20 +01:00
6fd156aa6b
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2021-12-07 09:21:38 +01:00
aa1e9857a5
Add changelog entry for build error fixes
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-12-06 20:58:47 +01:00
3d5dfa598b
Reword documentation of CMAC operations
...
Change the wording of the documentation for some CMAC functions,
as the existing wording, while technically correct, can be
easy to misunderstand. The reworded docs explain the flow of
a CMAC computation a little more fully.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2021-12-06 18:58:02 +00:00
351c71b7f2
Fix builds when config.h only defines MBEDTLS_BIGNUM_C
...
Fixes #4929
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2021-12-06 17:50:53 +00:00
52a6e7ea00
Replace tls1_3 with tls13
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:42:47 +08:00
2c315a8591
remove unused function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:22:51 +08:00
c502dff71c
fix TLS1.3 name issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:22:51 +08:00
7918efe99a
Refactor to avoid duplicate add_*
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:20:43 +08:00
882c30da17
Merge CAFILE and Certificate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:20:43 +08:00
b4ac8f3c04
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:20:43 +08:00
dda036d8e0
rename ecdsa_secp*sha* to ecdsa_secp*
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:20:43 +08:00
7f5e5adfa3
fix pylint fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:20:43 +08:00
55ee769b51
Fix out-of-source build fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:20:43 +08:00
f17a60f147
Add opt-testcases into check list
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:20:43 +08:00
cdcb683568
Update generate scripts and tls13 test cases
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:20:43 +08:00
31018adb81
Add tls13 compat tests with bash scripts
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:20:43 +08:00
c4aa1520a2
tls13_compat_tests:Add generate all option
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:20:43 +08:00
d64e20de7f
fix wrong typo
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:20:43 +08:00
26fa7dcc4a
Remove rsa_pss_rsae_sha256 test from ssl-opt.sh
...
It has been covered by tls13 compat tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:20:43 +08:00
29deed4ddb
Add rsa_pss_rsae_sha256 into tls13 compat tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:16:30 +08:00
305bfc3dfd
Add tls13 compat tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:16:30 +08:00
0f99af8c19
Add keys for tls13 compat tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:16:30 +08:00
8c5559d700
Add HelloRetryRequst tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:16:30 +08:00
936dffd77e
Add certificate request check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:16:30 +08:00
6eaa41c15e
Fix overflow error
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:16:30 +08:00
8f9d7dbfd0
Add unsupported version check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-06 18:16:29 +08:00
8c8cea25c7
Merge pull request #5166 from xffbai/code-align
...
Align the TLS 1.3 code with coding rules
2021-12-06 10:54:00 +01:00
f467d6306c
psa: Fix obsolete code guard
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2021-12-06 07:50:27 +01:00
fd25ddbf58
psa: Fix and improve comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2021-12-06 07:50:27 +01:00
3a8714d5d4
all.sh: psa: Add cipher acceleration test component
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2021-12-06 07:50:27 +01:00
b231245ea8
all.sh: psa: Add hash acceleration test component
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2021-12-06 07:50:27 +01:00
c9586dbbcf
tests: psa: Add dependencies on built-in hash
...
Add dependencies on built-in hash of signature/
signature verification and asymmetric
encryption/decryption tests. The dependency is
not added for tests based on SHA-256 as SHA-256
is always present when PSA is involved (necessary
to the PSA core) and that way most of PSA signature
/verification tests are still run when PSA hash
operations are accelerated.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2021-12-06 07:50:27 +01:00
4c0ec7651b
tests: psa: Refine choice of default hash algorithm for signature
...
As PSA signatures rely on built-in hash implementations
(cannot take an advantage of an accelerator for the
time being), chose an available built-in hash for
tests exercising a signature key.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2021-12-06 07:50:27 +01:00
