In the `mbedtls_ssl_context` structure, merge the field `in_hsfraglen` into
`badmac_seen_or_in_hsfraglen`. This restores the ABI of `libmbedtls` as it
was in Mbed TLS 3.6.0 through 3.6.2.
The field `badmac_seen_or_in_hsfraglen` (formerly `badmac_seen`) was only
used for DTLS (despite being present in non-DTLS builds), and the field
`in_hsfraglen` was only used in non-DTLS TLS. Therefore the two values can
be stored in the same field.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the `mbedtls_ssl_context` structure, change the type of `in_hsfraglen`
from `size_t` to `unsigned`. This is in preparation for merging
`in_hsfraglen` into `badmac_seen_or_in_hsfraglen`, which has the type
`unsigned` and cannot change since we do not want to change the ABI.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Prepare to unify two fields of the `mbedtls_ssl_context` structure:
`badmac_seen` (always present but only used in DTLS) and
`in_hsfraglen` (always present but only used in non-DTLS TLS).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it.
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
The following files are moved to the framework repo (deleted here):
tests/scripts/test_psa_compliance.py
tests/scripts/test_psa_constant_names.py
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
These tests are about EC curves/groups, not DH ones, so the description
should be updated accordingly.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is the backport of commit b8ef2a4455 from the "development" branch
which adapts handshake_fragmentation() to use ECDHE-RSA instead of
DHE-RSA. However, since DHE-RSA is not removed in the mbedtls-3.6 branch,
here tests are added instead of replaced.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
PR #9916 adapt some DHE-RSA tests to use ECDHE-RSA instead. However,
since DHE-RSA is not deprecated in mbedtls-3.6 branch, this commit adds
these new tests alongside DHE-RSA ones intead of replacing them in order
to increase test coverage.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
We should not manually set the TLS version, the tests are supposed to
pass in 1.3-only builds as well. Instead do the normal thing of setting
defaults. This doesn't interfere with the rest of the testing, so I'm
not sure why we were not doing it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The following files are moved to the framework repo (deleted here):
tests/scripts/pkgconfig.sh
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This call into the "old" script that has been moved to the framework
repository. The *.requirements.txt files are kept on this repo though.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The following files are moved to the framework repo (deleted here):
scripts/min_requirements.py
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Detect attempts to do ECDSA with a Montgomery curve in psa_sign_hash_start()
and psa_verify_hash_start(), whereas before start() would succeed and
complete() would fail. This avoids an inconsistency between psa_sign_hash()
and psa_sign_hash_start() that would be annoying to handle in
test_suite_psa_crypto_op_fail.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The following files are moved to the framework repo (deleted here):
tests/scripts/check_names.py
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
