Gilles Peskine
ce8ccaf55b
Docker: Python requirements are now managed in-tree
...
Neither mbed-host-tests nor mock are currently used.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 13:07:58 +01:00
Gilles Peskine
e4d142f1e7
Script to install minimum versions of the requirements
...
Wherever we have a requirement on foo>=N, install foo==N. This is for
testing, to ensure that we don't accidentally depend on features that are
not present in the minimum version we declare support for.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 13:07:58 +01:00
Gilles Peskine
12fe74e360
Declare which Python packages we use
...
Add pip requirements files. We'll have separate requirements files for
different target audiences. Each file can use `-r` lines to include other
files.
This commit adds two requirement files: one with everything that's needed to
pass the CI, and one with additional tools that are suggested for Mbed TLS
maintainers to install locally.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 13:07:20 +01:00
Gilles Peskine
dbfc6510b0
Merge pull request #5232 from gilles-peskine-arm/dlopen-test-2.x
...
Dlopen test 2.x
2021-11-25 22:03:36 +01:00
Gilles Peskine
005887dcfd
Merge pull request #5231 from ronald-cron-arm/psa-opaque-key-checks-2.x
...
Backport 2.x: PSA opaque key checks
2021-11-25 22:03:13 +01:00
Gilles Peskine
3f5c2232f0
Merge pull request #5235 from paul-elliott-arm/fix_test_suite_ssl_2.x
...
Backport 2.x: Fix test_suite_ssl compilation errors with GCC11
2021-11-25 22:02:46 +01:00
Paul Elliott
14148c4fbe
Fix Changelog
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:08:30 +00:00
Paul Elliott
954578644f
Fix compilation errors.
...
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:08:23 +00:00
Gilles Peskine
6fa5c1d20c
Use the normal idiom to support MBEDTLS_CONFIG_FILE
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:12:44 +01:00
Gilles Peskine
8e8e96500a
Fix dynamic library extension on macOS
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:02:17 +01:00
Gilles Peskine
eea9c74d81
More explicit output for the test program
...
Without that, the logs were a bit hard to understand if you didn't know what
to expect.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:02:17 +01:00
Gilles Peskine
3dbb3e7e07
Avoid undefined variable warning without MBEDTLS_MD_C
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:02:17 +01:00
Gilles Peskine
99d8486f8e
Use CMake's knowledge of what system library has dlopen()
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:02:17 +01:00
Gilles Peskine
507c787b44
Don't build dlopen when building for Windows
...
Windows doesn't have dlopen, not even Linux emulation environments such as
MinGW.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:02:17 +01:00
Gilles Peskine
71fcb3c994
Only link with libdl on Linux
...
Requiring an extra library for dlopen is a Linux non-POSIX-compliance.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:00:53 +01:00
Gilles Peskine
27482f17f1
Run the dlopen test in shared library builds
...
Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126 :
libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509
and libmbedcrypto when built with make.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:00:53 +01:00
Gilles Peskine
e94335399f
New test app for dynamic loading of libmbed* with dlopen
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:00:53 +01:00
Ronald Cron
f8f425d95d
psa: Remove psa_key_slot_is_external()
...
Remove psa_key_slot_is_external() that is not used anymore.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-25 17:40:58 +01:00
Ronald Cron
41e8006fa2
psa: Remove buggy report of RSA public exponent for opaque keys
...
The report of RSA public exponent for opaque keys is not
supported. Do not attempt to compute the RSA public
exponent of an RSA opaque key associated to a driver
implementing the new driver interface when
MBEDTLS_PSA_CRYPTO_SE_C is disabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-25 17:40:58 +01:00
Ronald Cron
0518f61e1a
psa: Fix slot number key attribute
...
Slot number key attribute is specific of dynamically
registered drivers and should thus not be computed/
returned in case of keys associated to drivers
implementing the new unified driver interface.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-25 17:40:58 +01:00
Ronald Cron
8a0466a052
Clarify psa_get_and_lock_transparent_key_slot_with_policy() purpose
...
Clarify the purpose of
psa_get_and_lock_transparent_key_slot_with_policy() and
define it even when MBEDTLS_PSA_CRYPTO_SE_C is disabled
for the purpose of static drivers.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-25 17:40:58 +01:00
Gilles Peskine
c668de6f7f
Merge pull request #5200 from AndrzejKurek/fix-getting-started-2_x
...
Backport 2.x: Fix duplicate variable name in getting_started.md
2021-11-24 20:51:03 +01:00
Gilles Peskine
3107b337e1
Merge pull request #5154 from gabor-mezei-arm/3649_bp2x_move_constant_time_functions_into_separate_module
...
[Backport 2.x] Move constant-time functions into a separate module
2021-11-24 19:33:03 +01:00
Gilles Peskine
989a4e9388
Merge pull request #5132 from openluopworld/origin/development_2.x
...
Backport 2.x: Fix GCM calculation with very long IV
2021-11-22 22:22:47 +01:00
Gilles Peskine
b80aa7c609
Merge pull request #5214 from tom-cosgrove-arm/pr5105_2.x
...
Backport 2.x: doc improvements in aes and sha256 includes
2021-11-22 22:21:56 +01:00
Tom Cosgrove
8100bf5d67
further improvements to sha256 docs
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2021-11-22 15:35:58 +00:00
Tom Cosgrove
bcd2f67624
doc improvements in aes and sha256 includes
...
- Add return value description to the docs of mbedtls_sha256
- Remove description of non-existing "mode" parameter from the docs of mbedtls_aes_crypt_ctr
Backport of #5105
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2021-11-22 15:02:29 +00:00
Andrzej Kurek
f236bbb735
Fix duplicate variable name in getting_started.md
...
Rename the key id variables to not clash with the raw key data.
This was introduced in cf56a0a3
.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-11-19 13:50:35 +01:00
Manuel Pégourié-Gonnard
1d7f7a7c6e
Merge pull request #5194 from bensze01/invalid_nonce_error_2.x
...
Backport 2.x: PSA: Indicate in the error returned when we know that an AEAD nonce length is invalid, not just unsupported
2021-11-18 09:41:15 +01:00
Gilles Peskine
90321622e6
Merge pull request #5196 from bensze01/test_psa_compliance_2.x
...
Backport 2.x: Remove superfluous expected failure from test_psa_compliance
2021-11-17 17:14:22 +01:00
Bence Szépkúti
2be65d5134
Remove expected failure from test_psa_compliance
...
Issue #5143 was fixed in PR #5192 .
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 14:47:56 +01:00
Manuel Pégourié-Gonnard
394c65e0f0
Merge pull request #5169 from bensze01/test_psa_compliance_2.x
...
Backport 2.x: Run the PSA Compliance test suite in all.sh
2021-11-17 14:10:05 +01:00
Bence Szépkúti
358e0ea464
Indicate nonce sizes invalid for ChaCha20-Poly1305
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 14:03:08 +01:00
Manuel Pégourié-Gonnard
1a3201a7b9
Merge pull request #5192 from daverodgman/development_2.x
...
Backport 2.x: PSA error code fix
2021-11-17 13:09:43 +01:00
paul-elliott-arm
0372792415
Merge pull request #5165 from mprse/aps_mem_leak_2x
...
(Backport 2x) ssl_client2, ssl_server2: add check for psa memory leaks
2021-11-17 11:54:39 +00:00
Dave Rodgman
dc4e4b72c0
Fix derive_input test ignoring parameter
...
Fix derive_input test hardcoding key type instead of using test argument.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-11-17 10:02:52 +00:00
Dave Rodgman
bc92abed8c
Update test to handle changed error code
...
Update test to handle changed error code from psa_key_derivation_output_key
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-11-17 10:02:51 +00:00
Dave Rodgman
021e724936
Improve PSA error return code
...
psa_key_derivation_output_key: prioritize BAD_STATE over NOT_PERMITTED
If psa_key_derivation_output_key() is called on an operation which hasn't been
set up or which has been aborted, return PSA_ERROR_BAD_STATE. Only return
PSA_ERROR_NOT_PERMITTED if the operation state is ok for
psa_key_derivation_input_bytes() or psa_key_derivation_output_bytes() but not
ok to output a key.
Ideally psa_key_derivation_output_key() would return PSA_ERROR_NOT_PERMITTED
only when psa_key_derivation_output_bytes() is possible, but this is clumsier
to implement.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-11-17 10:02:48 +00:00
Gabor Mezei
2dcccbfc19
Fix function name in debug message
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-16 13:34:05 +01:00
Przemyslaw Stekiel
a226ac9738
ssl_client2/ssl_server2: Rework ordering of cleanup
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-14 20:03:24 +01:00
Przemyslaw Stekiel
e9dea7c3b0
ssl_client2: move memory leak check before rng_free()
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-14 20:03:24 +01:00
Przemyslaw Stekiel
b66bc0ad4a
Move psa_crypto_slot_management.h out from psa_crypto_helpers.h
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-14 20:03:23 +01:00
Przemyslaw Stekiel
d6e0a5824a
ssl_client2/ssl_server2: Move is_psa_leaking() before mbedtls_psa_crypto_free() (and rng_free())
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-14 20:03:23 +01:00
Przemyslaw Stekiel
7c7fb877c6
ssl_client2, ssl_server2: add check for psa memory leaks
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-14 20:03:23 +01:00
Bence Szépkúti
c1e79fd2e3
Enable CMAC for PSA crypto compliance tests
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-11 20:47:32 +01:00
Bence Szépkúti
24ec529f82
Multipart AEAD is not supported in Mbed TLS 2.x
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-11 20:47:29 +01:00
Bence Szépkúti
e30fcb6ed5
Remove superfluous expected failures from list
...
Issue #5144 doesn't affect development_2.x
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-11 16:24:19 +01:00
Gabor Mezei
b9e1f2a3cf
Update generated files
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 15:42:41 +01:00
Gabor Mezei
84d739846c
Update changelog with the new public API
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:33:19 +01:00
Gabor Mezei
dbe0f892b3
Fix documentation and comments
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:33:19 +01:00