This is officially a 1.2-only ciphersuite, but we also support it with
1.0 and 1.1. However we don't support it with SSLv3 (see definition in
ssl_ciphersuites.c: mininum minor version is 1, that is TLS 1.0).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
No sure if it'd possible to build a version of OpenSSL that supports
both by tuning the config, but pretty sure improving testing for
single-DES ciphersuites is not the best use of our time in 2024.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The main fix here is that m->O and m->G should use `M_CIPHERS`. In order
to apply that though, we need to change the structure with a new for
loop and case statement. The new structure matches what's done when
actually running tests.
Note: this issue only exists in 2.28. In 3.x we now use the standard
name for display everywhere, but in 2.28 we use the name as seen by the
client for display.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
We always want to call 'filter' regardless of the values of FILTER
and EXCLUDE because it also performs standard-defined filtering like
removing RC4 ciphersuites with DTLS.
(AFAICS, not calling 'filter' when we thought it was not needed was
just a performance optimisation.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The guards for the declaration and use were not consistent. This could
be resolved either way; I chose the way that matches development.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
A previous commit backported the declaration of this field as part of
conflict resolution in the hope of preventing further conflicts in the
future. But if we backport it we should do it properly. This commit
finishes the job.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- "in-driver" test should depend on the present
of a driver.
- add new counter in key manangement driver test
hook which counts the calls of generate_key.
- We only care about the hits when processing
`psa_generate_key`.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- MBEDTS_X509_INFO is incorrect in all branches: the macro is called
REMOVE_INFO and also starts with MBEDTLS not MBEDTS... this caused the
test to be always skipped.
- !MBEDTLS_X509_REMOVE_INFO is the correct way to express this but info
functions are not optional in the 2.28 branch. Since this is a negative
dependency, I don't think it was causing the test to be skipped, but I'm
removing it anyway for clarity's sake.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
TLS-RSA-WITH-NULL-SHA256 is officially a cipher suite only since TLS 1.2,
but Mbed TLS allows it in 1.0/1.1, and so did ancient versions of GnuTLS.
This script was only considering it for GnuTLS interoperability if the
running version of GnuTLS supported it with older protocol versions.
Change to always considering it, and in particular always including it with
--list-test-cases, but skipping it at runtime if GnuTLS doesn't support it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Update the guards generated by the wrapper generation script to use
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS and regenerate the PSA test
wrappers.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Replace MBEDTLS_PSA_COPY_CALLER_BUFFERS with inverse:
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. This ensures that buffer
protection is enabled by default without any change to the Mbed TLS
config file.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Change to excluding mbedtls_psa_inject_entropy() (not a PSA function)
rather than explicitly including every PSA function.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
In test_suite_psa_crypto_op_fail.generated.function
the function key_agreement_fail was setting the
public_key_length variable to SIZE_MAX which meant that
a huge allocation was being attempted.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This check is intended to ensure that we do not write intermediate
results to the shared output buffer. This check will be made obselete
by generic memory-poisoning-based testing for all functions.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
