mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-22 00:40:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,103 Commits 172 Branches 263 Tags
Commit Graph

10923 Commits

Author SHA1 Message Date
Ronald Cron
47d4a52483 ssl-opt.sh: Remove m->O early data test based on external PSK 
Eventually we do not support early data with
external PSK thus no point to do a positive
test on that basis.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
05210086c0 ssl-opt.sh: Expand m->G resumption and early data tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
c893779bb5 ssl-opt.sh: Remove redundant early data test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
c8d604d0a1 ssl-opt.sh: Group TLS 1.3 resumption and early data m->G tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
f1ad73f6ca ssl-opt.sh: Group TLS 1.3 resumption and early data compat tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:05 +01:00
Ronald Cron
74191a56e8 ssl_server2: Split early data enablement from max_early_data_size setting 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:00:42 +01:00
Gilles Peskine
7b333f1e88
Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime 
TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime
 2024-03-14 15:59:25 +00:00
Gilles Peskine
1c5ebf4352
Merge pull request #8697 from BensonLiou/random_bye_on_hrr 
Do not generate new random number while receiving HRR
 2024-03-14 15:59:21 +00:00
Manuel Pégourié-Gonnard
e7c08af465
Merge pull request #8575 from lpy4105/issue/wrong-suite-name-in-check_test_cases_py 
Fix wrong suite name in check_test_cases.py
 2024-03-14 15:31:27 +00:00
Manuel Pégourié-Gonnard
93071cfeec
Merge pull request #8920 from valeriosetti/issue8919 
Generalize some PK functions from MBEDTLS_PSA_CRYPTO_C to MBEDTLS_PSA_CRYPTO_CLIENT
 2024-03-14 11:32:23 +00:00
BensonLiou
719c2ed9cb Bugfix 
* In TLS 1.3 clients, fix an interoperability problem due to the client
     generating a new random after a HelloRetryRequest. Fixes #8669.

Signed-off-by: BensonLiou <momo1208@gmail.com>
 2024-03-14 11:47:38 +08:00
BensonLiou
3720809d19
Merge branch 'development' into random_bye_on_hrr 
Signed-off-by: BensonLiou <momo1208@gmail.com>
 2024-03-14 11:44:21 +08:00
BensonLiou
368debd384 Merge branch 'development' of https://github.com/Mbed-TLS/mbedtls into random_bye_on_hrr 2024-03-14 11:42:25 +08:00
Dave Rodgman
775c7768ee
Merge pull request #8877 from gilles-peskine-arm/split-minimal-3.6 
Create a minimal framework submodule
 2024-03-13 14:30:09 +00:00
BensonLiou
bedd2519e6 fix code style 
Signed-off-by: BensonLiou <momo1208@gmail.com>
 2024-03-13 20:31:24 +08:00
Ronald Cron
40043d03a5
Merge pull request #8884 from ronald-cron-arm/improve-early-data-status 
TLS 1.3: CLI: Split early data user status and internal state
 2024-03-13 11:59:49 +00:00
Dave Rodgman
60c2f47f98
Merge pull request #8888 from minosgalanakis/features/add_ssl_session_accessor_8529 
[MBEDTLS_PRIVATE] Add accessor for session and ciphersuite_id
 2024-03-13 10:02:15 +00:00
Paul Elliott
4de4cc4a29
Merge pull request #8891 from Ryan-Everett-arm/document-SE_C-not-threadsafe 
Officially document non thread-safety of MBEDTLS_PSA_CRYPTO_SE_C
 2024-03-13 09:42:49 +00:00
Valerio Setti
13beaa2e60 psa_crypto_stubs: extend stub functions for the CRYPTO_CLIENT tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-13 09:52:36 +01:00
Valerio Setti
63097759f8 all.sh: modify/add test components for CRYPTO_CLIENT 
The already existing component_test_psa_crypto_client() is renamed
as component_test_default_psa_crypto_client_without_crypto_provider()
while component_build_full_psa_crypto_client_without_crypto_provider()
was added.

- Both of them check that the missing symbols at link time (if any)
  belong to the psa_xxx() family.
- The former builds with default config + CRYPTO_CLIENT - CRYPTO_C and
  then runs test suites.
- The latter only perform the builds using the full config and then
  it checks that PK-PSA bridge functions are present.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-13 09:52:36 +01:00
Manuel Pégourié-Gonnard
3b20bda352
Merge pull request #8899 from gilles-peskine-arm/pk_copy_public_from_psa 
New function mbedtls_pk_copy_public_from_psa
 2024-03-13 06:56:17 +00:00
Gilles Peskine
68f46414cb
Merge pull request #8894 from daverodgman/quietbuild2 
Follow-up non-verbose logs
 2024-03-13 00:50:42 +00:00
Ronald Cron
840de7ff2f tls13: cli: Rename STATUS_NOT_SENT to STATUS_NOT_INDICATED 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
3641df2980 tls13: cli: Rename STATE_SENT to STATE_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
3c5a68339b tls13: cli: Rename STATE_NOT_SENT to STATE_NO_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
0c80dc1ed5 tls13: cli: Rename STATUS_NOT_SENT to STATUS_NO_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
05d7cfbd9c tls13: cli: Rename STATE_UNKNOWN to STATE_IDLE 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
d2884662c1 tls13: cli: Split early data user status and internal state 
Do not use the return values of
mbedtls_ssl_get_early_data_status()
(MBEDTLS_SSL_EARLY_DATA_STATUS_ macros)
for the state of the negotiation and
transfer of early data during the
handshake.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:15 +01:00
Gilles Peskine
d6a710a397 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
0dc79a754d Fix and test pk_copy_from_psa with an unsupported algorithm 
Fix mbedtls_pk_copy_from_psa() and mbedtls_pk_copy_public_from_psa() to
still work when the algorithm in the key policy is not an RSA
algorithm (typically PSA_ALG_NONE). Add a dedicated test case and adjust the
test code. Fixes the test case "Copy from PSA: non-exportable -> public, RSA"
when MBEDTLS_PKCS1_V15 is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
17d5b6bda2 Test mbedtls_pk_copy_public_from_psa on non-exportable keys 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
bf69f2e682 New function mbedtls_pk_copy_public_from_psa 
Document and implement mbedtls_pk_copy_public_from_psa() to export the
public key of a PSA key into PK.

Unit-test it alongside mbedtls_pk_copy_from_psa().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:45 +01:00
Manuel Pégourié-Gonnard
d7e7f48323
Merge pull request #8774 from valeriosetti/issue8709 
Implement mbedtls_pk_copy_from_psa
 2024-03-12 13:45:27 +00:00
Dave Rodgman
235799bc23 Simplify locating original tool 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-12 13:33:09 +00:00
Dave Rodgman
294a3c2ccb Remove unnecessary use of export 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-12 13:32:36 +00:00
Ronald Cron
ec4ed8eae4
Merge pull request #8857 from ronald-cron-arm/tls13-cli-max-early-data-size 
TLS 1.3: Enforce max_early_data_size on client
 2024-03-12 13:31:20 +00:00
Dave Rodgman
a7f3c4e1d0
Merge pull request #8822 from daverodgman/sha3-perf 
SHA-3 performance & code size
 2024-03-12 13:14:40 +00:00
Valerio Setti
6fbde6e242 test_suite_pk: revert erroneous missing initialization of PSA key IDs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-12 11:00:39 +01:00
Valerio Setti
8b3c6fffa7 test_suite_pk: add comment for pk_copy_from_psa_builtin_fail 
Explain why this kind of test is possible for RSA keys, while
it is not possible for EC ones.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-12 06:05:03 +01:00
Janos Follath
43edc75e31
Merge pull request #8882 from Ryan-Everett-arm/threading-key-tests 
Test multi-threaded key generation
 2024-03-11 15:07:48 +00:00
Dave Rodgman
9cc01ccbf8
Merge pull request #8831 from yanesca/switch_to_new_exp 
Use mpi_core_exp_mod in bignum
 2024-03-11 13:40:46 +00:00
Valerio Setti
e095a67bb2 pk: improve mbedtls_pk_copy_from_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
6f5f9f5ce8 test_suite_pk: fix some comments 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
ab7ddbc812 test_suite_pk: when ANY_HASH is used then pick any available MD alg in the build 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
3433f832fb test_suite_pk: improve PSA alg selection in pk_copy_from_psa_success() 
Use the same hashing algorithm as md_for_test.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
039bbbac33 test_suite_pk: destroy original xkey after pk_copy_from_psa() in pk_copy_from_psa_success() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
4114a54403 test_suite_pk: add description for psa_pub_key_from_priv() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
42a58a5249 test_suite_pk: minor fixes for test failures 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
e700d8086e rsa: rsa_rsassa_pss_sign() to check MD alg both in parameters and RSA context 
This helps fixing a disparity between the legacy and the USE_PSA
case for rsa_sign_wrap() in pk_wrap.c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
f22eff99a6 test_suite_pk: add new test case for an algorithm only avaible in driver 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00