mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-21 15:41:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,877 Commits 173 Branches 263 Tags
Commit Graph

30877 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Valerio Setti
cca2d437d2 test_suite_pk: use look-up table instead of file for the predefined keys 
This helps dropping dependency on FS_IO.
This commit also removes DER files that were previusly added and which
are not more needed/used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-17 05:28:36 +02:00
Valerio Setti
5ec934119d test_suite_pk: remove PSA_WANT_KEY_TYPE_[ECC/RSA]_KEY_PAIR_GENERATE dependencies 
EC and RSA keys are now loaded from a file so there is no need
to generate them at runtime.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-17 05:28:36 +02:00
Valerio Setti
cdb5a7d4f4 test_suite_pk: modify pk_psa_genkey() in order to use predefined keys 
Use predefined keys instead of generating them at runtime as already
done for pk_genkey().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-17 05:28:36 +02:00
Valerio Setti
8bfa7fd930 test_suite_pk: use a single helper function to generate PSA keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-17 05:28:36 +02:00
Valerio Setti
dfc1915d39 test_suite_pk: modify pk_genkey() in order to use predefined keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-17 05:28:36 +02:00
Valerio Setti
8b3a272f93 test-data: add predefined RSA and EC keys 
Automatically generated with the following bash script:

```
LIST="secp521r1 brainpoolP512r1 secp384r1 brainpoolP384r1 secp256r1 secp256k1
    brainpoolP256r1 secp224r1 secp224k1 secp192r1 secp192k1 x25519 x448"

for item in $LIST; do
    ./programs/pkey/gen_key type=ec ec_curve=$item filename="tests/data_files/ec_$item.der" format=der
done

LIST="1024 1026 1028 1030 2048 4096"

for item in $LIST; do
    ./programs/pkey/gen_key type=rsa rsa_keysize=$item filename="tests/data_files/rsa_$item.der" format=der
done
```

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-17 05:28:36 +02:00
Manuel Pégourié-Gonnard
c50bf9549b
Merge pull request #9028 from ronald-cron-arm/openssl3-3.6 
Backport 3.6: Use latest installed OpenSSL 3 as OPENSSL_NEXT
 2024-04-15 08:32:48 +00:00
Ronald Cron
cfb9f4d7b2 ssl-opt.sh: Fix some test dependencies 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-12 13:37:23 +02:00
Ronald Cron
561181c235 Use latest installed OpenSSL 3 as OPENSSL_NEXT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-12 13:37:23 +02:00
Ronald Cron
b3cdd4b60f ssl-opt.sh: Adapt tests to OpenSSL 3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-12 13:37:23 +02:00
Ronald Cron
0e711e1ac0 Add RSA key certificates 
Add RSA key certificates using SHA256
instead of SHA1 for the signature
algorithm. Those are needed for some
TLS 1.3 compatibility tests with OpenSSL 3
to avoid having to enable in OpenSSL 3
the support for the deprecated SHA-1 based
signature algorithms.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-12 13:37:22 +02:00
Manuel Pégourié-Gonnard
48395bc88c compat.sh: properly skip unsupported DTLS 1.2 
Skipping DTLS 1.2 with old versions was already done, but now properly
test support only once and use the results.

Note that historically, this script's policy was that it's the user's
job to find the right value of -e (EXCLUDE) for their version for
OpenSSL & config. Now it's a weird mix of that and the script doing some
detection and skipping.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-11 10:21:43 +02:00
Manuel Pégourié-Gonnard
848825436d compat.sh: properly report skipped tests 
Don't just silently continue.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-11 09:56:24 +02:00
Gilles Peskine
974006b00d
Merge pull request #9000 from tom-cosgrove-arm/fix-compilation-when-memcpy-is-function-like-macro-3.6 
Backport 3.6: Fix compilation when memcpy() is a function-like macro
 2024-04-09 11:34:51 +00:00
Gilles Peskine
79d25877ff
Merge pull request #9009 from mpg/fix-wrong-dep-test-case-3.6 
[Backport 3.6]   Fix wrong dependencies in test cases + follow-up
 2024-04-09 11:34:10 +00:00
Manuel Pégourié-Gonnard
f05f7066a1
Merge pull request #9014 from ronald-cron-arm/nofa_no_session_tickets-3.6 
[Backport 3.6] Guard ticket specific TLS 1.3 function with macro
 2024-04-08 08:56:28 +00:00
Ronald Cron
05c1ba22f0 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
8d63084bd1 tls13: Do not initiate at all resumption if tickets not supported 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
fccfa69de8 tls13: Fix doc of mbedtls_ssl_session_set() - 2 
Fix documentation of mbedtls_ssl_session_set()
regarding its dependency on MBEDTLS_SSL_SESSION_TICKETS
in TLS 1.3 case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
7fb4343ee9 tls13: Fix doc of mbedtls_ssl_session_set() - 1 
It was eventually decided to not support multiple
tickets in TLS 1.3 ClientHello messages thus
removing the parts in mbedtls_ssl_session_set()
documentation that were anticipating that.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
e221f67f15 tls13: Fix doc of mbedtls_ssl_session_get() - 2 
Fix documentation of mbedtls_ssl_session_get()
regarding its interaction with session
ticket enablement.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
de4183f580 tls13: Fix doc of mbedtls_ssl_session_get() - 1 
The API has eventually not been changed to
return multiple tickets through multiple
subsequent call to it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
48e29a1271 tls: Fix doc of mbedtls_ssl_session_save() 
Fix documentation of mbedtls_ssl_session_save()
regarding its dependency on MBEDTLS_SSL_SESSION_TICKETS
in TLS 1.3 session case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
698c8e902e ssl_msg.c: Rename _check_new_session_ticket to _is_new_session_ticket 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
6a8e4eb8d1 all.sh: Use full instead of default as the base for the new component 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
f02af2d1c5 tests: ssl: Fix dependencies of SRV TLS 1.3 session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
54a9b11bb5 ssl-opt.sh: Add tests where tickets are ignored 
Add tests where we explicitely check that
tickets are ignored on client side when
the support is not enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
6071f611f6 tls13: cli: Ignore tickets if not supported 
If a TLS 1.3 client receives a ticket and
the feature is not enabled, ignore it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Norbert Fabritius
c93fc86517 ssl-opt.sh: Add missing MBEDTLS_SSL_SESSION_TICKETS dependencies 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Norbert Fabritius
06d9934b85 all.sh: Add component testing default minus session tickets 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
094f55333d tests: ssl: Fix dependencies of TLS 1.3 session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
346b81877d tests: ssl: Add hostname checks in session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:31 +02:00
Ronald Cron
1fb585492d tests: ssl: Remove redundant test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:31 +02:00
Ronald Cron
819636994e tests: ssl: Fix session field guards 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:31 +02:00
Norbert Fabritius
93b2c32ece Constify parameter of ssl_tls13_session_load 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-04-05 14:16:31 +02:00
Norbert Fabritius
ba1de9fa4e Enable ssl_tls13_get_ciphersuite_hash_alg only if macro is active 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-04-05 14:16:31 +02:00
Norbert Fabritius
b6ff6101d9 Unconditionally define session variable 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-04-05 14:16:31 +02:00
Ronald Cron
5e297b984d tls13: srv: Fix guards of _is_psk_(ephemeral_)available 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:31 +02:00
Norbert Fabritius
da0d169fae Guard ticket specific TLS 1.3 function with macro 
Guard ssl_tls13_write_new_session_ticket_coordinate with
MBEDTLS_SSL_SESSION_TICKETS macro.

Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-04-05 14:16:31 +02:00
Bence Szépkúti
4ee6ddca86
Merge pull request #9004 from valeriosetti/issue8903-backport 
[Backport 3.6] Test gap: mbedtls_pk_check_pair with MBEDTLS_PK_OPAQUE
 2024-04-04 13:44:31 +00:00
Bence Szépkúti
ec17c1c1ab
Merge pull request #9005 from valeriosetti/issue8712-backport 
[Backport 3.6] Clarify the documentation of mbedtls_pk_setup_opaque
 2024-04-04 13:41:15 +00:00
Manuel Pégourié-Gonnard
87747c7a82 Fix closing comment to match opening guard 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-04 12:57:07 +02:00
Manuel Pégourié-Gonnard
5aa6a64b17 Fix style of preprocessor expression 
We use logical '&&' everywhere, let's be consistent.

(Unless I'm mistaken, binary '&' happens to give the same results for
booleans so this wasn't an actual bug, just style/readability issue.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-04 12:57:06 +02:00
Pengyu Lv
3bb89dc935 Fix failures in psa_cryto_driver_wrappers suite 
- "in-driver" test should depend on the present
  of a driver.
- add new counter in key manangement driver test
  hook which counts the calls of generate_key.
- We only care about the hits when processing
  `psa_generate_key`.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:06 +02:00
Pengyu Lv
a44cab020e Add missing dependency of fallback test in driver wrappers suite 
To pass a fallback test, we need a dependency on built-in
implementation.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:06 +02:00
Pengyu Lv
b13c218b10 Add missing definition of AT_LEAST_ONE_BUILTIN_KDF 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:05 +02:00
Pengyu Lv
64b6e4dece Fix wrong dependency in psa_crypto_driver_wrappers suite 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:04 +02:00
Pengyu Lv
a9d3eaf4bb Fix wrong dependency in psa_crypto_pake suite 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:04 +02:00
Pengyu Lv
f3abbfe735 Fix typo in ssl test suite 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:04 +02:00
Pengyu Lv
0dfb5bbb31 Correct dependancy on MBEDTLS_X509_INFO for x509parse 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:04 +02:00