Merge pull request #5806 from josesimoes/fix-3031
Remove prompt to exit in all programs
diff --git a/.travis.yml b/.travis.yml
index 7b72515..67cb3ca 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -65,7 +65,7 @@
- gnutls-bin
coverity_scan:
project:
- name: "Mbed-TLS/mbedtls"
+ name: "ARMmbed/mbedtls"
notification_email: support-mbedtls@arm.com
build_command_prepend:
build_command: make
diff --git a/3rdparty/everest/README.md b/3rdparty/everest/README.md
index 0e25466..bcf12c0 100644
--- a/3rdparty/everest/README.md
+++ b/3rdparty/everest/README.md
@@ -2,4 +2,4 @@
This is a formally verified implementation of Curve25519-based handshakes. The C code is automatically derived from the (verified) [original implementation](https://github.com/project-everest/hacl-star/tree/master/code/curve25519) in the [F* language](https://github.com/fstarlang/fstar) by [KreMLin](https://github.com/fstarlang/kremlin). In addition to the improved safety and security of the implementation, it is also significantly faster than the default implementation of Curve25519 in mbedTLS.
-The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explictly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later).
+The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explicitly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later).
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0fccd3d..7550f45 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -6,7 +6,7 @@
# command but rather at the target level using the
# target_include_directories command. That way, it is easier to guarantee
# that targets are built using the proper list of include directories.
-# + Use the PUBLIC and PRIVATE keywords to specifiy the scope of include
+# + Use the PUBLIC and PRIVATE keywords to specify the scope of include
# directories. That way, a target linking to a library (using the
# target_link_librairies command) inherits from the library PUBLIC include
# directories and not from the PRIVATE ones.
diff --git a/SECURITY.md b/SECURITY.md
index bd18f6c..26b77ab 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -6,7 +6,7 @@
## Security Incident Handling Process
-Our security process is detailled in our
+Our security process is detailed in our
[security
center](https://developer.trustedfirmware.org/w/mbed-tls/security-center/).
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 68ccf10..35622fc 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -104,7 +104,7 @@
/*
* Save RAM at the expense of interoperability: do this only if you control
- * both ends of the connection! (See coments in "mbedtls/ssl.h".)
+ * both ends of the connection! (See comments in "mbedtls/ssl.h".)
* The minimum size here depends on the certificate chain used as well as the
* typical size of records.
*/
diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md
index 31adec3..f5b5700 100644
--- a/docs/architecture/psa-migration/psa-limitations.md
+++ b/docs/architecture/psa-migration/psa-limitations.md
@@ -84,7 +84,7 @@
- most commonly MGF1, which in turn is parametrized by a hash algorithm
- a salt length
- a trailer field - the value is fixed to 0xBC by PKCS#1 v2.1, but was left
- configurable in the original scheme; 0xBC is used everywhere in pratice.
+ configurable in the original scheme; 0xBC is used everywhere in practice.
Both the existing `mbedtls_` API and the PSA API support only MGF1 as the
generation function (and only 0xBC as the trailer field), but there are
@@ -317,7 +317,7 @@
HKDF: Expand not exposed on its own (TLS 1.3)
---------------------------------------------
-The HKDF function uses and Extract-then-Expand approch, that is:
+The HKDF function uses an Extract-then-Expand approach, that is:
HKDF(x, ...) = HKDF-Expand(HKDF-Extract(x, ...), ...)
diff --git a/docs/architecture/testing/psa-storage-format-testing.md b/docs/architecture/testing/psa-storage-format-testing.md
index 0e20a8b..5514dfa 100644
--- a/docs/architecture/testing/psa-storage-format-testing.md
+++ b/docs/architecture/testing/psa-storage-format-testing.md
@@ -40,7 +40,7 @@
## Storage architecture overview
-The PSA subsystem provides storage on top of the PSA trusted storage interface. The state of the storage is a mapping from file identifer (a 64-bit number) to file content (a byte array). These files include:
+The PSA subsystem provides storage on top of the PSA trusted storage interface. The state of the storage is a mapping from file identifier (a 64-bit number) to file content (a byte array). These files include:
* [Key files](#key-storage) (files containing one key's metadata and, except for some secure element keys, key material).
* The [random generator injected seed or state file](#random-generator-state) (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`).
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index 1a96d15..296f9a8 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -41,7 +41,7 @@
#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */
#define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */
-#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */
+#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maximum number of rounds in ARIA. */
#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
/** Bad input data. */
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 30b0ed2..be2cae7 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -228,7 +228,7 @@
* \return 0 if successful.
* \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
* would end beyond \p end.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
+ * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
*/
int mbedtls_asn1_get_len( unsigned char **p,
const unsigned char *end,
@@ -253,7 +253,7 @@
* with the requested tag.
* \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
* would end beyond \p end.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
+ * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
*/
int mbedtls_asn1_get_tag( unsigned char **p,
const unsigned char *end,
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 1ced6e5..88beaeb 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -146,11 +146,23 @@
#endif
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PKCS5_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_PKCS5_C defined, but not all prerequesites"
+#error "MBEDTLS_PKCS5_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PKCS12_C) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_PKCS12_C defined, but not all prerequesites"
+#endif
+
+#if defined(MBEDTLS_PKCS1_V15) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_PKCS1_V15 defined, but not all prerequesites"
+#endif
+
+#if defined(MBEDTLS_PKCS1_V21) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_PKCS1_V21 defined, but not all prerequesites"
#endif
#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \
@@ -322,11 +334,11 @@
#endif
#if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
+#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
+#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
@@ -342,7 +354,7 @@
#endif
#if defined(MBEDTLS_PK_C) && \
- ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
+ ( !defined(MBEDTLS_MD_C) || ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) ) )
#error "MBEDTLS_PK_C defined, but not all prerequisites"
#endif
@@ -780,12 +792,12 @@
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
+#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
+#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index 0aed596..5c8aba8 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -139,7 +139,7 @@
* discarded.
* (Default value: 0 = No debug )
*
- * \param threshold theshold level of messages to filter on. Messages at a
+ * \param threshold threshold level of messages to filter on. Messages at a
* higher level will be discarded.
* - Debug levels
* - 0 No debug
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index a73f624..7853a6a 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -65,7 +65,7 @@
* (KeyExchange) as defined by the Thread spec.
*
* In order to benefit from this symmetry, we choose a different naming
- * convetion from the Thread v1.0 spec. Correspondance is indicated in the
+ * convention from the Thread v1.0 spec. Correspondence is indicated in the
* description as a pair C: client name, S: server name
*/
typedef struct mbedtls_ecjpake_context
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 37702b5..f2cf2c0 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -204,7 +204,7 @@
size_t len );
/**
- * \brief Initilisation of simpified HMAC_DRBG (never reseeds).
+ * \brief Initialisation of simplified HMAC_DRBG (never reseeds).
*
* This function is meant for use in algorithms that need a pseudorandom
* input such as deterministic ECDSA.
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 2d32f67..5ec31f7 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -330,7 +330,7 @@
//#define MBEDTLS_SHA512_ALT
/*
- * When replacing the elliptic curve module, pleace consider, that it is
+ * When replacing the elliptic curve module, please consider, that it is
* implemented with two .c files:
* - ecp.c
* - ecp_curves.c
@@ -1129,7 +1129,7 @@
*
* Enable support for PKCS#1 v1.5 encoding.
*
- * Requires: MBEDTLS_RSA_C
+ * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
*
* This enables support for PKCS#1 v1.5 operations.
*/
@@ -1416,7 +1416,7 @@
* Enable support for RFC 7627: Session Hash and Extended Master Secret
* Extension.
*
- * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * This was introduced as "the proper fix" to the Triple Handshake family of
* attacks, but it is recommended to always use it (even if you disable
* renegotiation), since it actually fixes a more fundamental issue in the
* original SSL/TLS design, and has implications beyond Triple Handshake.
@@ -1442,7 +1442,7 @@
* \note This option has no influence on the protection against the
* triple handshake attack. Even if it is disabled, Mbed TLS will
* still ensure that certificates do not change during renegotiation,
- * for exaple by keeping a hash of the peer's certificate.
+ * for example by keeping a hash of the peer's certificate.
*
* Comment this macro to disable storing the peer's certificate
* after the handshake.
@@ -1576,7 +1576,7 @@
* unless you know for sure amplification cannot be a problem in the
* environment in which your server operates.
*
- * \warning Disabling this can ba a security risk! (see above)
+ * \warning Disabling this can be a security risk! (see above)
*
* Requires: MBEDTLS_SSL_PROTO_DTLS
*
@@ -2401,7 +2401,24 @@
* Enable the generic message digest layer.
*
* Module: library/md.c
- * Caller:
+ * Caller: library/constant_time.c
+ * library/ecdsa.c
+ * library/ecjpake.c
+ * library/hkdf.c
+ * library/hmac_drbg.c
+ * library/pk.c
+ * library/pkcs5.c
+ * library/pkcs12.c
+ * library/psa_crypto_ecp.c
+ * library/psa_crypto_rsa.c
+ * library/rsa.c
+ * library/ssl_cookie.c
+ * library/ssl_msg.c
+ * library/ssl_tls.c
+ * library/x509.c
+ * library/x509_crt.c
+ * library/x509write_crt.c
+ * library/x509write_csr.c
*
* Uncomment to enable generic message digest wrappers.
*/
@@ -2537,7 +2554,7 @@
/**
* \def MBEDTLS_PK_C
*
- * Enable the generic public (asymetric) key layer.
+ * Enable the generic public (asymmetric) key layer.
*
* Module: library/pk.c
* Caller: library/psa_crypto_rsa.c
@@ -2546,7 +2563,7 @@
* library/ssl*_server.c
* library/x509.c
*
- * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
+ * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C or MBEDTLS_ECP_C
*
* Uncomment to enable generic public key wrappers.
*/
@@ -2555,7 +2572,7 @@
/**
* \def MBEDTLS_PK_PARSE_C
*
- * Enable the generic public (asymetric) key parser.
+ * Enable the generic public (asymmetric) key parser.
*
* Module: library/pkparse.c
* Caller: library/x509_crt.c
@@ -2570,7 +2587,7 @@
/**
* \def MBEDTLS_PK_WRITE_C
*
- * Enable the generic public (asymetric) key writer.
+ * Enable the generic public (asymmetric) key writer.
*
* Module: library/pkwrite.c
* Caller: library/x509write.c
diff --git a/include/mbedtls/private_access.h b/include/mbedtls/private_access.h
index 98d3419..85461f6 100644
--- a/include/mbedtls/private_access.h
+++ b/include/mbedtls/private_access.h
@@ -1,7 +1,7 @@
/**
* \file private_access.h
*
- * \brief Macro wrapper for struct's memebrs.
+ * \brief Macro wrapper for struct's members.
*/
/*
* Copyright The Mbed TLS Contributors
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index d03c31d..7562d1c 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -74,7 +74,7 @@
/*
* The above constants may be used even if the RSA module is compile out,
- * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
+ * eg for alternative (PKCS#11) RSA implementations in the PK layers.
*/
#ifdef __cplusplus
@@ -540,7 +540,7 @@
*
* \note Blinding is used if and only if a PRNG is provided.
*
- * \note If blinding is used, both the base of exponentation
+ * \note If blinding is used, both the base of exponentiation
* and the exponent are blinded, providing protection
* against some side-channel attacks.
*
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 6dac3d1..c882371 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1428,7 +1428,6 @@
* configured, this has value \c 0.
*/
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should
* only be set via mbedtls_ssl_conf_psk().
* If either no PSK or an opaque PSK
@@ -2131,7 +2130,7 @@
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/**
- * \brief Set the Maximum Tranport Unit (MTU).
+ * \brief Set the Maximum Transport Unit (MTU).
* Special value: 0 means unset (no limit).
* This represents the maximum size of a datagram payload
* handled by the transport layer (usually UDP) as determined
@@ -2736,7 +2735,7 @@
* ones going through the authentication-decryption phase.
*
* \note This is a security trade-off related to the fact that it's
- * often relatively easy for an active attacker ot inject UDP
+ * often relatively easy for an active attacker to inject UDP
* datagrams. On one hand, setting a low limit here makes it
* easier for such an attacker to forcibly terminated a
* connection. On the other hand, a high limit or no limit
@@ -3455,7 +3454,7 @@
* Both sides: limits the set of curves accepted for use in
* ECDHE and in the peer's end-entity certificate.
*
- * \deprecated Superseeded by mbedtls_ssl_conf_groups().
+ * \deprecated Superseded by mbedtls_ssl_conf_groups().
*
* \note This has no influence on which curves are allowed inside the
* certificate chains, see \c mbedtls_ssl_conf_cert_profile()
@@ -3726,7 +3725,7 @@
* \param protos Pointer to a NULL-terminated list of supported protocols,
* in decreasing preference order. The pointer to the list is
* recorded by the library for later reference as required, so
- * the lifetime of the table must be atleast as long as the
+ * the lifetime of the table must be at least as long as the
* lifetime of the SSL configuration structure.
*
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
@@ -3740,7 +3739,7 @@
*
* \param ssl SSL context
*
- * \return Protcol name, or NULL if no protocol was negotiated.
+ * \return Protocol name, or NULL if no protocol was negotiated.
*/
const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_ALPN */
@@ -3823,7 +3822,7 @@
unsigned char *mki_value,
uint16_t mki_len );
/**
- * \brief Get the negotiated DTLS-SRTP informations:
+ * \brief Get the negotiated DTLS-SRTP information:
* Protection profile and MKI value.
*
* \warning This function must be called after the handshake is
@@ -3831,7 +3830,7 @@
* not be trusted or acted upon before the handshake completes.
*
* \param ssl The SSL context to query.
- * \param dtls_srtp_info The negotiated DTLS-SRTP informations:
+ * \param dtls_srtp_info The negotiated DTLS-SRTP information:
* - Protection profile in use.
* A direct mapping of the iana defined value for protection
* profile on an uint16_t.
@@ -4054,7 +4053,7 @@
* initiated by peer
* (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
*
- * \warning It is recommended to always disable renegotation unless you
+ * \warning It is recommended to always disable renegotiation unless you
* know you need it and you know what you're doing. In the
* past, there have been several issues associated with
* renegotiation or a poor understanding of its properties.
@@ -4117,7 +4116,7 @@
* scenario.
*
* \note With DTLS and server-initiated renegotiation, the
- * HelloRequest is retransmited every time mbedtls_ssl_read() times
+ * HelloRequest is retransmitted every time mbedtls_ssl_read() times
* out or receives Application Data, until:
* - max_records records have beens seen, if it is >= 0, or
* - the number of retransmits that would happen during an
@@ -4776,7 +4775,7 @@
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
* \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
- * while reseting the context.
+ * while resetting the context.
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
* progress, or there is pending data for reading or sending,
* or the connection does not use DTLS 1.2 with an AEAD
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index c5b80d9..a1ca74b 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -90,7 +90,7 @@
* \brief Set expiration delay for cookies
* (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
*
- * \param ctx Cookie contex
+ * \param ctx Cookie context
* \param delay Delay, in seconds if HAVE_TIME, or in number of cookies
* issued in the meantime.
* 0 to disable expiration (NOT recommended)
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 51ce257..9ed2bbe 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -968,7 +968,7 @@
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
/**
- * \brief Set the verion for a Certificate
+ * \brief Set the version for a Certificate
* Default: MBEDTLS_X509_CRT_VERSION_3
*
* \param ctx CRT context to use
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 20a516e..44b7aab 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -184,7 +184,7 @@
* private key used to sign the CSR when writing it)
*
* \param ctx CSR context to use
- * \param key Asymetric key to include
+ * \param key Asymmetric key to include
*/
void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 5f4a9be..211ea8a 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -1023,7 +1023,7 @@
* This function calculates the hash of the message formed by concatenating
* the inputs passed to preceding calls to psa_hash_update().
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_hash_abort().
*
@@ -1073,7 +1073,7 @@
* compares the calculated hash with the expected hash passed as a
* parameter to this function.
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_hash_abort().
*
@@ -1458,7 +1458,7 @@
* This function calculates the MAC of the message formed by concatenating
* the inputs passed to preceding calls to psa_mac_update().
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_mac_abort().
*
@@ -1511,7 +1511,7 @@
* compares the calculated MAC with the expected MAC passed as a
* parameter to this function.
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_mac_abort().
*
@@ -1971,7 +1971,7 @@
* formed by concatenating the inputs passed to preceding calls to
* psa_cipher_update().
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_cipher_abort().
*
@@ -2638,7 +2638,7 @@
* preceding calls to psa_aead_update().
* - \p tag contains the authentication tag.
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_aead_abort().
*
@@ -2728,7 +2728,7 @@
* plaintext and reports success. If the authentication tag is not correct,
* this function returns #PSA_ERROR_INVALID_SIGNATURE.
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_aead_abort().
*
@@ -3026,7 +3026,7 @@
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_SIGNATURE
- * The calculation was perfomed successfully, but the passed
+ * The calculation was performed successfully, but the passed
* signature is not a valid signature.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -3050,7 +3050,7 @@
/**
* \brief Encrypt a short message with a public key.
*
- * \param key Identifer of the key to use for the operation.
+ * \param key Identifier of the key to use for the operation.
* It must be a public key or an asymmetric key
* pair. It must allow the usage
* #PSA_KEY_USAGE_ENCRYPT.
@@ -3783,7 +3783,7 @@
*
* \param[in,out] operation The key derivation operation object to read from.
* \param[in] expected_output Buffer containing the expected derivation output.
- * \param output_length Length ot the expected output; this is also the
+ * \param output_length Length of the expected output; this is also the
* number of bytes that will be read.
*
* \retval #PSA_SUCCESS
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index df28fef..8fb1a21 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -348,7 +348,7 @@
* length of the byte string is the private key size in bytes (leading zeroes
* are not stripped).
*
- * Determinstic DSA key derivation with psa_generate_derived_key follows
+ * Deterministic DSA key derivation with psa_generate_derived_key follows
* FIPS 186-4 §B.1.2: interpret the byte string as integer
* in big-endian order. Discard it if it is not in the range
* [0, *N* - 2] where *N* is the boundary of the private key domain
@@ -1145,7 +1145,7 @@
*/
#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03)
-/** The type of the data strucure for PAKE cipher suites.
+/** The type of the data structure for PAKE cipher suites.
*
* This is an implementation-defined \c struct. Applications should not
* make any assumptions about the content of this structure.
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index f333db1..434554d 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -462,7 +462,7 @@
}
else
{
- /* Call the bigger function to free the old domain paramteres.
+ /* Call the bigger function to free the old domain parameters.
* Ignore any errors which may arise due to type requiring
* non-default domain parameters, since this function can't
* report errors. */
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 2f9a15a..6f83cc2 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -1456,7 +1456,7 @@
* with a random per-message secret number (*k*).
*
* The representation of the signature as a byte string consists of
- * the concatentation of the signature values *r* and *s*. Each of
+ * the concatenation of the signature values *r* and *s*. Each of
* *r* and *s* is encoded as an *N*-octet string, where *N* is the length
* of the base point of the curve in octets. Each value is represented
* in big-endian order (most significant octet first).
@@ -2269,8 +2269,8 @@
#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
#define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } )
-#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).key_id )
-#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).owner )
+#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).MBEDTLS_PRIVATE(key_id) )
+#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).MBEDTLS_PRIVATE(owner) )
/** Utility to initialize a key identifier at runtime.
*
diff --git a/library/aes.c b/library/aes.c
index d2b05e2..bf5d432 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1089,7 +1089,7 @@
*
* This function multiplies a field element by x in the polynomial field
* representation. It uses 64-bit word operations to gain speed but compensates
- * for machine endianess and hence works correctly on both big and little
+ * for machine endianness and hence works correctly on both big and little
* endian machines.
*/
static void mbedtls_gf128mul_x_ble( unsigned char r[16],
@@ -1189,7 +1189,7 @@
unsigned char *prev_output = output - 16;
/* Copy ciphertext bytes from the previous block to our output for each
- * byte of cyphertext we won't steal. At the same time, copy the
+ * byte of ciphertext we won't steal. At the same time, copy the
* remainder of the input for this final round (since the loop bounds
* are the same). */
for( i = 0; i < leftover; i++ )
diff --git a/library/bignum.c b/library/bignum.c
index f06eff0..11acc01 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -2278,7 +2278,7 @@
* TA-TB is even so the division by 2 has an integer result.
* Invariant (I) is preserved since any odd divisor of both TA and TB
* also divides |TA-TB|/2, and any odd divisor of both TA and |TA-TB|/2
- * also divides TB, and any odd divisior of both TB and |TA-TB|/2 also
+ * also divides TB, and any odd divisor of both TB and |TA-TB|/2 also
* divides TA.
*/
if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 )
diff --git a/library/constant_time.c b/library/constant_time.c
index a6451bb..8475b0c 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -690,7 +690,7 @@
/*
* Conditionally swap X and Y, without leaking information
* about whether the swap was made or not.
- * Here it is not ok to simply swap the pointers, which whould lead to
+ * Here it is not ok to simply swap the pointers, which would lead to
* different memory access patterns when X and Y are used afterwards.
*/
int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X,
diff --git a/library/ecjpake.c b/library/ecjpake.c
index 738a977..d467a65 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -449,7 +449,7 @@
/*
* Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs
- * Ouputs: verified peer public keys Xa, Xb
+ * Outputs: verified peer public keys Xa, Xb
*/
static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info,
const mbedtls_ecp_group *grp,
diff --git a/library/ecp.c b/library/ecp.c
index f39cb02..8b32caa 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -1267,7 +1267,7 @@
* For curves in short Weierstrass form, we do all the internal operations in
* Jacobian coordinates.
*
- * For multiplication, we'll use a comb method with coutermeasueres against
+ * For multiplication, we'll use a comb method with countermeasures against
* SPA, hence timing attacks.
*/
@@ -2231,7 +2231,7 @@
* This function is mainly responsible for administrative work:
* - managing the restart context if enabled
* - managing the table of precomputed points (passed between the below two
- * functions): allocation, computation, ownership tranfer, freeing.
+ * functions): allocation, computation, ownership transfer, freeing.
*
* It delegates the actual arithmetic work to:
* ecp_precompute_comb() and ecp_mul_comb_with_precomp()
@@ -2365,7 +2365,7 @@
/*
* For Montgomery curves, we do all the internal arithmetic in projective
* coordinates. Import/export of points uses only the x coordinates, which is
- * internaly represented as X / Z.
+ * internally represented as X / Z.
*
* For scalar multiplication, we'll use a Montgomery ladder.
*/
@@ -2519,7 +2519,7 @@
MPI_ECP_LSET( &R->Z, 0 );
mbedtls_mpi_free( &R->Y );
- /* RP.X might be sligtly larger than P, so reduce it */
+ /* RP.X might be slightly larger than P, so reduce it */
MOD_ADD( &RP.X );
/* Randomize coordinates of the starting point */
diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c
index 8c6b442..61432d8 100644
--- a/library/memory_buffer_alloc.c
+++ b/library/memory_buffer_alloc.c
@@ -561,8 +561,8 @@
static void buffer_alloc_free_mutexed( void *ptr )
{
- /* We have to good option here, but corrupting the heap seems
- * worse than loosing memory. */
+ /* We have no good option here, but corrupting the heap seems
+ * worse than losing memory. */
if( mbedtls_mutex_lock( &heap.mutex ) )
return;
buffer_alloc_free( ptr );
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 852c46e..e234a8d 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -100,7 +100,8 @@
}
}
-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
int mbedtls_pk_error_from_psa_rsa( psa_status_t status )
{
switch( status )
@@ -121,7 +122,7 @@
return( mbedtls_pk_error_from_psa( status ) );
}
}
-#endif
+#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
#endif /* MBEDTLS_PSA_CRYPTO_C */
@@ -1602,6 +1603,32 @@
NULL, /* debug - could be done later, or even left NULL */
};
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
+static int pk_opaque_rsa_decrypt( void *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx;
+ psa_status_t status;
+
+ /* PSA has its own RNG */
+ (void) f_rng;
+ (void) p_rng;
+
+ status = psa_asymmetric_decrypt( *key, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ input, ilen,
+ NULL, 0,
+ output, osize, olen );
+ if( status != PSA_SUCCESS )
+ {
+ return( mbedtls_pk_error_from_psa_rsa( status ) );
+ }
+
+ return 0;
+}
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
+
const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info = {
MBEDTLS_PK_OPAQUE,
"Opaque",
@@ -1613,7 +1640,11 @@
NULL, /* restartable verify - not relevant */
NULL, /* restartable sign - not relevant */
#endif
- NULL, /* decrypt - will be done later */
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
+ pk_opaque_rsa_decrypt,
+#else
+ NULL, /* decrypt - not available */
+#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
NULL, /* encrypt - will be done later */
NULL, /* check_pair - could be done later or left NULL */
pk_opaque_alloc_wrap,
diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index 5e81a65..fc756db 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h
@@ -148,9 +148,10 @@
#if defined(MBEDTLS_PSA_CRYPTO_C)
int mbedtls_pk_error_from_psa( psa_status_t status );
-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
int mbedtls_pk_error_from_psa_rsa( psa_status_t status );
-#endif
+#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
#if defined(MBEDTLS_RSA_C)
int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t psa_alg_md,
diff --git a/library/pkparse.c b/library/pkparse.c
index 22dab3a..89398b7 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -475,7 +475,7 @@
}
/*
- * grp may already be initilialized; if so, make sure IDs match
+ * grp may already be initialized; if so, make sure IDs match
*/
if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
@@ -808,7 +808,7 @@
goto cleanup;
#else
- /* Verify existance of the CRT params */
+ /* Verify existence of the CRT params */
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 )
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index d58923d..635981d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -913,7 +913,7 @@
goto error;
}
- /* Enforce that the usage policy permits the requested algortihm. */
+ /* Enforce that the usage policy permits the requested algorithm. */
if( alg != 0 )
{
status = psa_key_policy_permits( &slot->attr.policy,
@@ -4810,7 +4810,7 @@
/* 4. If k > N - 2, discard the result and return to step 1.
* Result of comparison is returned. When it indicates error
- * then this fuction is called again.
+ * then this function is called again.
*/
MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( &diff_N_2, &k, &key_out_of_range ) );
}
@@ -5371,7 +5371,6 @@
*cur++ = MBEDTLS_BYTE_1( data_length );
*cur++ = MBEDTLS_BYTE_0( data_length );
memcpy( cur, data, data_length );
- mbedtls_platform_zeroize( (void*) data, data_length );
cur += data_length;
status = psa_tls12_prf_set_key( prf, pms, cur - pms );
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index e82e1cc..17b3953 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -428,7 +428,7 @@
* preceding calls to mbedtls_psa_aead_update().
* - \p tag contains the authentication tag.
*
- * Whether or not this function returns successfuly, the PSA core subsequently
+ * Whether or not this function returns successfully, the PSA core subsequently
* calls mbedtls_psa_aead_abort() to deactivate the operation.
*
* \param[in,out] operation Active AEAD operation.
diff --git a/library/psa_crypto_hash.h b/library/psa_crypto_hash.h
index 7091dc5..3bcea59 100644
--- a/library/psa_crypto_hash.h
+++ b/library/psa_crypto_hash.h
@@ -175,7 +175,7 @@
* This function calculates the hash of the message formed by concatenating
* the inputs passed to preceding calls to mbedtls_psa_hash_update().
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling mbedtls_psa_hash_abort().
*
diff --git a/library/rsa.c b/library/rsa.c
index 36f487f..6a9e402 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -49,10 +49,6 @@
#include <string.h>
-#if defined(MBEDTLS_PKCS1_V21)
-#include "mbedtls/md.h"
-#endif
-
#if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__) && !defined(__NetBSD__)
#include <stdlib.h>
#endif
@@ -852,10 +848,10 @@
* the more bits of the key can be recovered. See [3].
*
* Collecting n collisions with m bit long blinding value requires 2^(m-m/n)
- * observations on avarage.
+ * observations on average.
*
* For example with 28 byte blinding to achieve 2 collisions the adversary has
- * to make 2^112 observations on avarage.
+ * to make 2^112 observations on average.
*
* (With the currently (as of 2017 April) known best algorithms breaking 2048
* bit RSA requires approximately as much time as trying out 2^112 random keys.
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 0c32f07..22ca57c 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -308,110 +308,6 @@
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-/*
- * Function for writing a signature algorithm extension.
- *
- * The `extension_data` field of signature algorithm contains a `SignatureSchemeList`
- * value (TLS 1.3 RFC8446):
- * enum {
- * ....
- * ecdsa_secp256r1_sha256( 0x0403 ),
- * ecdsa_secp384r1_sha384( 0x0503 ),
- * ecdsa_secp521r1_sha512( 0x0603 ),
- * ....
- * } SignatureScheme;
- *
- * struct {
- * SignatureScheme supported_signature_algorithms<2..2^16-2>;
- * } SignatureSchemeList;
- *
- * The `extension_data` field of signature algorithm contains a `SignatureAndHashAlgorithm`
- * value (TLS 1.2 RFC5246):
- * enum {
- * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
- * sha512(6), (255)
- * } HashAlgorithm;
- *
- * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
- * SignatureAlgorithm;
- *
- * struct {
- * HashAlgorithm hash;
- * SignatureAlgorithm signature;
- * } SignatureAndHashAlgorithm;
- *
- * SignatureAndHashAlgorithm
- * supported_signature_algorithms<2..2^16-2>;
- *
- * The TLS 1.3 signature algorithm extension was defined to be a compatible
- * generalization of the TLS 1.2 signature algorithm extension.
- * `SignatureAndHashAlgorithm` field of TLS 1.2 can be represented by
- * `SignatureScheme` field of TLS 1.3
- *
- */
-static int ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
- const unsigned char *end, size_t *out_len )
-{
- unsigned char *p = buf;
- unsigned char *supported_sig_alg; /* Start of supported_signature_algorithms */
- size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */
-
- *out_len = 0;
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) );
-
- /* Check if we have space for header and length field:
- * - extension_type (2 bytes)
- * - extension_data_length (2 bytes)
- * - supported_signature_algorithms_length (2 bytes)
- */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
- p += 6;
-
- /*
- * Write supported_signature_algorithms
- */
- supported_sig_alg = p;
- const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
- if( sig_alg == NULL )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
- for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
- {
- if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
- continue;
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
- MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
- p += 2;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) );
- }
-
- /* Length of supported_signature_algorithms */
- supported_sig_alg_len = p - supported_sig_alg;
- if( supported_sig_alg_len == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
-
- /* Write extension_type */
- MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 );
- /* Write extension_data_length */
- MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len + 2, buf, 2 );
- /* Write length of supported_signature_algorithms */
- MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 );
-
- /* Output the total length of signature algorithms extension. */
- *out_len = p - buf;
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
- return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
static int ssl_write_client_hello_cipher_suites(
mbedtls_ssl_context *ssl,
unsigned char *buf,
@@ -721,7 +617,7 @@
#endif
0 )
{
- ret = ssl_write_sig_alg_ext( ssl, p, end, &output_len );
+ ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &output_len );
if( ret != 0 )
return( ret );
p += output_len;
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 3be4b45..0f2bc60 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -62,7 +62,7 @@
/*
* Cookies are formed of a 4-bytes timestamp (or serial number) and
- * an HMAC of timestemp and client ID.
+ * an HMAC of timestamp and client ID.
*/
#define COOKIE_LEN ( 4 + COOKIE_HMAC_LEN )
diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h
index 29b64dc..9f1df73 100644
--- a/library/ssl_debug_helpers.h
+++ b/library/ssl_debug_helpers.h
@@ -41,6 +41,8 @@
const char *mbedtls_ssl_sig_alg_to_str( uint16_t in );
+const char *mbedtls_ssl_named_group_to_str( uint16_t in );
+
#endif /* MBEDTLS_DEBUG_C */
#endif /* SSL_DEBUG_HELPERS_H */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index e8acc23..ce41a45 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -585,17 +585,14 @@
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
int tls13_kex_modes; /*!< key exchange modes for TLS 1.3 */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-#if defined(MBEDTLS_SSL_CLI_C)
- /** Number of Hello Retry Request messages received from the server. */
+ /** Number of HelloRetryRequest messages received/sent from/to the server. */
int hello_retry_request_count;
-#endif /* MBEDTLS_SSL_CLI_C */
-
#if defined(MBEDTLS_SSL_SRV_C)
/** selected_group of key_share extension in HelloRetryRequest message. */
uint16_t hrr_selected_group;
#endif /* MBEDTLS_SSL_SRV_C */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@@ -652,9 +649,11 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t psk_opaque; /*!< Opaque PSK from the callback */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ uint8_t psk_opaque_is_internal;
+#else
unsigned char *psk; /*!< PSK from the callback */
size_t psk_len; /*!< Length of PSK from callback */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
@@ -1305,12 +1304,34 @@
size_t msg_len );
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl,
mbedtls_key_exchange_type_t key_ex );
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf );
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/**
+ * Get the first defined opaque PSK by order of precedence:
+ * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in the PSK
+ * callback
+ * 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque()
+ * Return an opaque PSK
+ */
+static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk(
+ const mbedtls_ssl_context *ssl )
+{
+ if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
+ return( ssl->handshake->psk_opaque );
+
+ if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
+ return( ssl->conf->psk_opaque );
+
+ return( MBEDTLS_SVC_KEY_ID_INIT );
+}
+#else
/**
* Get the first defined PSK by order of precedence:
* 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
@@ -1341,27 +1362,6 @@
return( 0 );
}
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * Get the first defined opaque PSK by order of precedence:
- * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in the PSK
- * callback
- * 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque()
- * Return an opaque PSK
- */
-static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk(
- const mbedtls_ssl_context *ssl )
-{
- if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
- return( ssl->handshake->psk_opaque );
-
- if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
- return( ssl->conf->psk_opaque );
-
- return( MBEDTLS_SVC_KEY_ID_INIT );
-}
-
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
@@ -1631,7 +1631,8 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-
+extern const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
+ MBEDTLS_SERVER_HELLO_RANDOM_LEN ];
int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl );
int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl );
void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl );
@@ -1853,7 +1854,7 @@
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 ||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 ||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 ||
- /* Below deprected curves should be removed with notice to users */
+ /* Below deprecated curves should be removed with notice to users */
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 ||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 ||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 ||
@@ -2166,7 +2167,7 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL.
- * Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is
+ * Same value is used for PSA_ALG_CATEGORY_CIPHER, hence it is
* guaranteed to not be a valid PSA algorithm identifier.
*/
#define MBEDTLS_SSL_NULL_CIPHER 0x04000000
@@ -2290,4 +2291,7 @@
mbedtls_ssl_protocol_version min_tls_version,
mbedtls_ssl_protocol_version max_tls_version );
+int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
+ const unsigned char *end, size_t *out_len );
+
#endif /* ssl_misc.h */
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 083c8d2..e1ea440 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1234,7 +1234,7 @@
add_data, add_data_len );
/* Because of the check above, we know that there are
- * explicit_iv_len Bytes preceeding data, and taglen
+ * explicit_iv_len Bytes preceding data, and taglen
* bytes following data + data_len. This justifies
* the debug message and the invocation of
* mbedtls_cipher_auth_decrypt_ext() below. */
@@ -2404,7 +2404,7 @@
unsigned char **buf, size_t *buf_len )
{
/*
- * Reserve 4 bytes for hanshake header. ( Section 4,RFC 8446 )
+ * Reserve 4 bytes for handshake header. ( Section 4,RFC 8446 )
* ...
* HandshakeType msg_type;
* uint24 length;
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 1c05001..e1439f0 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -37,7 +37,7 @@
#include <string.h>
/*
- * Initialze context
+ * Initialize context
*/
void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
{
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 250bae9..a1a0003 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1528,7 +1528,6 @@
if( !mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
return( 1 );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
if( conf->psk != NULL )
return( 1 );
@@ -1545,11 +1544,6 @@
* user's responsibility. */
conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
}
- /* This and the following branch should never
- * be taken simultaenously as we maintain the
- * invariant that raw and opaque PSKs are never
- * configured simultaneously. As a safeguard,
- * though, `else` is omitted here. */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( conf->psk != NULL )
{
@@ -1631,10 +1625,16 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
{
+ /* The maintenance of the external PSK key slot is the
+ * user's responsibility. */
+ if( ssl->handshake->psk_opaque_is_internal )
+ {
+ psa_destroy_key( ssl->handshake->psk_opaque );
+ ssl->handshake->psk_opaque_is_internal = 0;
+ }
ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
}
- else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#else
if( ssl->handshake->psk != NULL )
{
mbedtls_platform_zeroize( ssl->handshake->psk,
@@ -1642,11 +1642,19 @@
mbedtls_free( ssl->handshake->psk );
ssl->handshake->psk_len = 0;
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
const unsigned char *psk, size_t psk_len )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_attributes_t key_attributes = psa_key_attributes_init();
+ psa_status_t status;
+ psa_algorithm_t alg;
+ mbedtls_svc_key_id_t key;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if( psk == NULL || ssl->handshake == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -1655,6 +1663,24 @@
ssl_remove_psk( ssl );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384)
+ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
+ else
+ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
+
+ psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
+ psa_set_key_algorithm( &key_attributes, alg );
+ psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE );
+
+ status = psa_import_key( &key_attributes, psk, psk_len, &key );
+ if( status != PSA_SUCCESS )
+ return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+
+ /* Allow calling psa_destroy_key() on psk remove */
+ ssl->handshake->psk_opaque_is_internal = 1;
+ return mbedtls_ssl_set_hs_psk_opaque( ssl, key );
+#else
if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
@@ -1662,6 +1688,7 @@
memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len );
return( 0 );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -2891,7 +2918,7 @@
* In the case of TLS 1.3, handshake step handlers do not send data to the
* peer. Data are only sent here and through
* `mbedtls_ssl_handle_pending_alert` in case an error that triggered an
- * alert occured.
+ * alert occurred.
*/
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
return( ret );
@@ -3231,11 +3258,25 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
+ {
+ /* The maintenance of the external PSK key slot is the
+ * user's responsibility. */
+ if( ssl->handshake->psk_opaque_is_internal )
+ {
+ psa_destroy_key( ssl->handshake->psk_opaque );
+ ssl->handshake->psk_opaque_is_internal = 0;
+ }
+ ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
+ }
+#else
if( handshake->psk != NULL )
{
mbedtls_platform_zeroize( handshake->psk, handshake->psk_len );
mbedtls_free( handshake->psk );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
@@ -3976,7 +4017,7 @@
}
/*
- * Initialze mbedtls_ssl_config
+ * Initialize mbedtls_ssl_config
*/
void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
{
@@ -4424,6 +4465,12 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
+ {
+ conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( conf->psk != NULL )
{
mbedtls_platform_zeroize( conf->psk, conf->psk_len );
@@ -4812,6 +4859,7 @@
static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation,
mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
+ const unsigned char* raw_psk, size_t raw_psk_length,
const unsigned char* seed, size_t seed_length,
const unsigned char* label, size_t label_length,
const unsigned char* other_secret,
@@ -4845,7 +4893,7 @@
{
status = psa_key_derivation_input_bytes(
derivation, PSA_KEY_DERIVATION_INPUT_SECRET,
- NULL, 0 );
+ raw_psk, raw_psk_length );
}
else
{
@@ -4911,6 +4959,7 @@
status = setup_psa_key_derivation( &derivation,
master_key, alg,
+ NULL, 0,
random, rlen,
(unsigned char const *) label,
(size_t) strlen( label ),
@@ -5100,30 +5149,6 @@
return( 0 );
}
-
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED )
-static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
-{
- if( ssl->conf->f_psk != NULL )
- {
- /* If we've used a callback to select the PSK,
- * the static configuration is irrelevant. */
- if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
- return( 1 );
-
- return( 0 );
- }
-
- if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
- return( 1 );
-
- return( 0 );
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
- MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
/*
* Compute master secret if needed
*
@@ -5196,8 +5221,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( mbedtls_ssl_ciphersuite_uses_psk( handshake->ciphersuite_info ) == 1 &&
- ssl_use_opaque_psk( ssl ) == 1 )
+ if( mbedtls_ssl_ciphersuite_uses_psk( handshake->ciphersuite_info ) == 1 )
{
/* Perform PSK-to-MS expansion in a single step. */
psa_status_t status;
@@ -5240,6 +5264,7 @@
}
status = setup_psa_key_derivation( &derivation, psk, alg,
+ ssl->conf->psk, ssl->conf->psk_len,
seed, seed_len,
(unsigned char const *) lbl,
(size_t) strlen( lbl ),
@@ -5472,7 +5497,8 @@
}
#endif /* MBEDTLS_SHA384_C */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex )
{
unsigned char *p = ssl->handshake->premaster;
@@ -5481,11 +5507,6 @@
size_t psk_len = 0;
int psk_ret = mbedtls_ssl_get_psk( ssl, &psk, &psk_len );
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
- (void) key_ex;
-#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-
if( psk_ret == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
{
/*
@@ -5560,19 +5581,10 @@
p += 2 + len;
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
-
- /* For opaque PSK fill premaster with the the shared secret without PSK. */
- if( psk_ret == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "skip PMS generation for opaque DHE-PSK" ) );
- return( 0 );
- }
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -5593,7 +5605,7 @@
MBEDTLS_DEBUG_ECDH_Z );
}
else
-#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -5616,7 +5628,7 @@
return( 0 );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
static int ssl_write_hello_request( mbedtls_ssl_context *ssl );
@@ -6602,7 +6614,7 @@
ssl->handshake = NULL;
/*
- * Free the previous transform and swith in the current one
+ * Free the previous transform and switch in the current one
*/
if( ssl->transform )
{
@@ -7998,4 +8010,104 @@
return( 0 );
}
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+/*
+ * Function for writing a signature algorithm extension.
+ *
+ * The `extension_data` field of signature algorithm contains a `SignatureSchemeList`
+ * value (TLS 1.3 RFC8446):
+ * enum {
+ * ....
+ * ecdsa_secp256r1_sha256( 0x0403 ),
+ * ecdsa_secp384r1_sha384( 0x0503 ),
+ * ecdsa_secp521r1_sha512( 0x0603 ),
+ * ....
+ * } SignatureScheme;
+ *
+ * struct {
+ * SignatureScheme supported_signature_algorithms<2..2^16-2>;
+ * } SignatureSchemeList;
+ *
+ * The `extension_data` field of signature algorithm contains a `SignatureAndHashAlgorithm`
+ * value (TLS 1.2 RFC5246):
+ * enum {
+ * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
+ * sha512(6), (255)
+ * } HashAlgorithm;
+ *
+ * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
+ * SignatureAlgorithm;
+ *
+ * struct {
+ * HashAlgorithm hash;
+ * SignatureAlgorithm signature;
+ * } SignatureAndHashAlgorithm;
+ *
+ * SignatureAndHashAlgorithm
+ * supported_signature_algorithms<2..2^16-2>;
+ *
+ * The TLS 1.3 signature algorithm extension was defined to be a compatible
+ * generalization of the TLS 1.2 signature algorithm extension.
+ * `SignatureAndHashAlgorithm` field of TLS 1.2 can be represented by
+ * `SignatureScheme` field of TLS 1.3
+ *
+ */
+int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
+ const unsigned char *end, size_t *out_len )
+{
+ unsigned char *p = buf;
+ unsigned char *supported_sig_alg; /* Start of supported_signature_algorithms */
+ size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */
+
+ *out_len = 0;
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding signature_algorithms extension" ) );
+
+ /* Check if we have space for header and length field:
+ * - extension_type (2 bytes)
+ * - extension_data_length (2 bytes)
+ * - supported_signature_algorithms_length (2 bytes)
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
+ p += 6;
+
+ /*
+ * Write supported_signature_algorithms
+ */
+ supported_sig_alg = p;
+ const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
+ if( sig_alg == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
+ {
+ if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
+ continue;
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+ MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
+ p += 2;
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "signature scheme [%x]", *sig_alg ) );
+ }
+
+ /* Length of supported_signature_algorithms */
+ supported_sig_alg_len = p - supported_sig_alg;
+ if( supported_sig_alg_len == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "No signature algorithms defined." ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, buf, 0 );
+ MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len + 2, buf, 2 );
+ MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 );
+
+ *out_len = p - buf;
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+ return( 0 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
#endif /* MBEDTLS_SSL_TLS_C */
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index d286764..f516efa 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -62,37 +62,16 @@
return( 0 );
}
- if( conf->psk != NULL && conf->psk_len != 0 )
- return( 1 );
-
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
return( 1 );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- return( 0 );
-}
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ) || \
- defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) )
-static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf )
-{
- if( conf->psk_identity == NULL ||
- conf->psk_identity_len == 0 )
- {
- return( 0 );
- }
-
if( conf->psk != NULL && conf->psk_len != 0 )
return( 1 );
return( 0 );
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
- ( MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_PSK_ENABLED ) */
-
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -2297,7 +2276,7 @@
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
- } /* FALLTROUGH */
+ } /* FALLTHROUGH */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
@@ -3067,41 +3046,6 @@
/* Write the ECDH computation length before the ECDH computation */
MBEDTLS_PUT_UINT16_BE( zlen, pms, 0 );
pms += zlen_size + zlen;
-
- /* In case of opaque psk skip writting psk to pms.
- * Opaque key will be handled later. */
- if( ssl_conf_has_static_raw_psk( ssl->conf ) == 1 )
- {
- const unsigned char *psk = NULL;
- size_t psk_len = 0;
-
- if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len )
- == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
- /*
- * This should never happen because the existence of a PSK is always
- * checked before calling this function
- */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-
- /* opaque psk<0..2^16-1>; */
- if( (size_t)( pms_end - pms ) < ( 2 + psk_len ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- /* Write the PSK length as uint16 */
- MBEDTLS_PUT_UINT16_BE( psk_len, pms, 0 );
- pms += 2;
-
- /* Write the PSK itself */
- memcpy( pms, psk, psk_len );
- pms += psk_len;
-
- ssl->handshake->pmslen = pms - ssl->handshake->premaster;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "skip PMS generation for opaque ECDHE-PSK" ) );
- }
}
else
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
@@ -3182,6 +3126,25 @@
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
return( ret );
}
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ unsigned char *pms = ssl->handshake->premaster;
+ unsigned char *pms_end = pms + sizeof( ssl->handshake->premaster );
+ size_t pms_len;
+
+ /* Write length only when we know the actual value */
+ if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
+ pms + 2, pms_end - ( pms + 2 ), &pms_len,
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
+ return( ret );
+ }
+ MBEDTLS_PUT_UINT16_BE( pms_len, pms, 0 );
+ pms += 2 + pms_len;
+
+ MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
+#endif
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
@@ -3213,31 +3176,15 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
- ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "skip PMS generation for opaque PSK" ) );
- }
- else
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK &&
- ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "skip PMS generation for opaque RSA-PSK" ) );
- }
- else
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
- MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
- "mbedtls_ssl_psk_derive_premaster", ret );
+ "mbedtls_ssl_psk_derive_premaster", ret );
return( ret );
}
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index a60b5ad..590c874 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -160,43 +160,17 @@
if( conf->psk_identity_len == 0 || conf->psk_identity == NULL )
return( 0 );
- if( conf->psk != NULL && conf->psk_len != 0 )
- return( 1 );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
return( 1 );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- return( 0 );
-}
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
- ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ) || \
- defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) )
-static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
-{
- if( ssl->conf->f_psk != NULL )
- {
- /* If we've used a callback to select the PSK,
- * the static configuration is irrelevant. */
-
- if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
- return( 1 );
-
- return( 0 );
- }
-
- if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
+ if( conf->psk != NULL && conf->psk_len != 0 )
return( 1 );
return( 0 );
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
- ( MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_PSK_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
@@ -1287,7 +1261,7 @@
* Handshake layer:
* 0 . 0 handshake type
* 1 . 3 handshake length
- * 4 . 5 DTLS only: message seqence number
+ * 4 . 5 DTLS only: message sequence number
* 6 . 8 DTLS only: fragment offset
* 9 . 11 DTLS only: fragment length
*/
@@ -4009,19 +3983,14 @@
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- /* For opaque PSKs, we perform the PSK-to-MS derivation atomatically
- * and skip the intermediate PMS. */
- if( ssl_use_opaque_psk( ssl ) == 1 )
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque PSK" ) );
- else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
return( ret );
}
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
@@ -4053,19 +4022,14 @@
return( ret );
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- /* For opaque PSKs, we perform the PSK-to-MS derivation automatically
- * and skip the intermediate PMS. */
- if( ssl_use_opaque_psk( ssl ) == 1 )
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque RSA-PSK" ) );
- else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
return( ret );
}
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
@@ -4089,12 +4053,31 @@
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ unsigned char *pms = ssl->handshake->premaster;
+ unsigned char *pms_end = pms + sizeof( ssl->handshake->premaster );
+ size_t pms_len;
+
+ /* Write length only when we know the actual value */
+ if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
+ pms + 2, pms_end - ( pms + 2 ), &pms_len,
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
+ return( ret );
+ }
+ MBEDTLS_PUT_UINT16_BE( pms_len, pms, 0 );
+ pms += 2 + pms_len;
+
+ MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
+#else
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
@@ -4175,40 +4158,6 @@
MBEDTLS_PUT_UINT16_BE( zlen, psm, 0 );
psm += zlen_size + zlen;
- const unsigned char *psk = NULL;
- size_t psk_len = 0;
-
- /* In case of opaque psk skip writting psk to pms.
- * Opaque key will be handled later. */
- if( ssl_use_opaque_psk( ssl ) == 0 )
- {
- if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len )
- == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
- /*
- * This should never happen because the existence of a PSK is always
- * checked before calling this function
- */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-
- /* opaque psk<0..2^16-1>; */
- if( (size_t)( psm_end - psm ) < ( 2 + psk_len ) )
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
- /* Write the PSK length as uint16 */
- MBEDTLS_PUT_UINT16_BE( psk_len, psm, 0 );
- psm += 2;
-
- /* Write the PSK itself */
- memcpy( psm, psk, psk_len );
- psm += psk_len;
-
- ssl->handshake->pmslen = psm - ssl->handshake->premaster;
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "skip PMS generation for opaque ECDHE-PSK" ) );
- }
#else /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
{
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 59e42c8..320c5b4 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -750,11 +750,6 @@
const unsigned char *buf,
const unsigned char *end )
{
- static const unsigned char magic_hrr_string[MBEDTLS_SERVER_HELLO_RANDOM_LEN] =
- { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
- 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
- 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
- 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33 ,0x9C };
/* Check whether this message is a HelloRetryRequest ( HRR ) message.
*
@@ -771,9 +766,11 @@
* } ServerHello;
*
*/
- MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2 + sizeof( magic_hrr_string ) );
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end,
+ 2 + sizeof( mbedtls_ssl_tls13_hello_retry_request_magic ) );
- if( memcmp( buf + 2, magic_hrr_string, sizeof( magic_hrr_string ) ) == 0 )
+ if( memcmp( buf + 2, mbedtls_ssl_tls13_hello_retry_request_magic,
+ sizeof( mbedtls_ssl_tls13_hello_retry_request_magic ) ) == 0 )
{
return( SSL_SERVER_HELLO_COORDINATE_HRR );
}
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index f5d791f..9de9d6d 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -34,6 +34,13 @@
#include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h"
+const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
+ MBEDTLS_SERVER_HELLO_RANDOM_LEN ] =
+ { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
+ 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
+ 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
+ 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C };
+
int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char **buf,
@@ -975,7 +982,7 @@
#endif /* MBEDTLS_RSA_C */
default:
MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "unkown signature type : %u", sig ) );
+ ( "unknown signature type : %u", sig ) );
break;
}
return( -1 );
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 8ffd9a1..072c869 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1110,7 +1110,7 @@
transform->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
/* We add the true record content type (1 Byte) to the plaintext and
- * then pad to the configured granularity. The mimimum length of the
+ * then pad to the configured granularity. The minimum length of the
* type-extended and padded plaintext is therefore the padding
* granularity. */
transform->minlen =
@@ -1425,7 +1425,7 @@
hash_alg = mbedtls_psa_translate_md( handshake->ciphersuite_info->mac );
hash_len = PSA_HASH_LENGTH( hash_alg );
- /* Compute current handshake transcript. It's the caller's responsiblity
+ /* Compute current handshake transcript. It's the caller's responsibility
* to call this at the right time, that is, after the ServerFinished. */
ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index b2a5cfc..46a6a49 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -25,6 +25,10 @@
#include "mbedtls/error.h"
#include "mbedtls/platform.h"
+#include "ssl_misc.h"
+#include "ssl_tls13_keys.h"
+#include "ssl_debug_helpers.h"
+
#if defined(MBEDTLS_ECP_C)
#include "mbedtls/ecp.h"
#endif /* MBEDTLS_ECP_C */
@@ -102,9 +106,9 @@
* NamedGroup named_group_list<2..2^16-1>;
* } NamedGroupList;
*/
-static int ssl_tls13_parse_supported_groups_ext(
- mbedtls_ssl_context *ssl,
- const unsigned char *buf, const unsigned char *end )
+static int ssl_tls13_parse_supported_groups_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
{
const unsigned char *p = buf;
size_t named_group_list_len;
@@ -125,7 +129,10 @@
named_group = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "got named group: %d", named_group ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2,
+ ( "got named group: %s(%04x)",
+ mbedtls_ssl_named_group_to_str( named_group ),
+ named_group ) );
if( ! mbedtls_ssl_named_group_is_offered( ssl, named_group ) ||
! mbedtls_ssl_named_group_is_supported( named_group ) ||
@@ -134,9 +141,11 @@
continue;
}
- MBEDTLS_SSL_DEBUG_MSG(
- 2, ( "add named group (%04x) into received list.",
- named_group ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2,
+ ( "add named group %s(%04x) into received list.",
+ mbedtls_ssl_named_group_to_str( named_group ),
+ named_group ) );
+
ssl->handshake->hrr_selected_group = named_group;
}
@@ -158,8 +167,7 @@
* does not match a group supported by the server. A HelloRetryRequest will
* be needed.
* - A negative value for fatal errors.
-*/
-
+ */
static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@@ -167,8 +175,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char const *p = buf;
unsigned char const *client_shares_end;
- size_t client_shares_len, key_exchange_len;
- int match_found = 0;
+ size_t client_shares_len;
/* From RFC 8446:
*
@@ -192,9 +199,11 @@
* dismiss it and send a HelloRetryRequest message.
*/
- for( ; p < client_shares_end; p += key_exchange_len )
+ while( p < client_shares_end )
{
uint16_t group;
+ size_t key_exchange_len;
+ const unsigned char *key_exchange;
/*
* struct {
@@ -204,19 +213,18 @@
*/
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, client_shares_end, 4 );
group = MBEDTLS_GET_UINT16_BE( p, 0 );
- p += 2;
- key_exchange_len = MBEDTLS_GET_UINT16_BE( p, 0 );
- p += 2;
+ key_exchange_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+ p += 4;
+ key_exchange = p;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, client_shares_end, key_exchange_len );
+ p += key_exchange_len;
/* Continue parsing even if we have already found a match,
* for input validation purposes.
*/
- if( match_found == 1 )
- continue;
-
if( ! mbedtls_ssl_named_group_is_offered( ssl, group ) ||
- ! mbedtls_ssl_named_group_is_supported( group ) )
+ ! mbedtls_ssl_named_group_is_supported( group ) ||
+ ssl->handshake->offered_group_id != 0 )
{
continue;
}
@@ -226,16 +234,14 @@
*/
if( mbedtls_ssl_tls13_named_group_is_ecdhe( group ) )
{
- const mbedtls_ecp_curve_info *curve_info =
- mbedtls_ecp_curve_info_from_tls_id( group );
- ((void) curve_info);
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH group: %s (%04x)",
+ mbedtls_ssl_named_group_to_str( group ),
+ group ) );
ret = mbedtls_ssl_tls13_read_public_ecdhe_share(
- ssl, p - 2, key_exchange_len + 2 );
+ ssl, key_exchange - 2, key_exchange_len + 2 );
if( ret != 0 )
return( ret );
- match_found = 1;
}
else
{
@@ -247,7 +253,8 @@
ssl->handshake->offered_group_id = group;
}
- if( match_found == 0 )
+
+ if( ssl->handshake->offered_group_id == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching key share" ) );
return( SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH );
@@ -384,6 +391,7 @@
const unsigned char *cipher_suites_end;
size_t extensions_len;
const unsigned char *extensions_end;
+ int hrr_required = 0;
const mbedtls_ssl_ciphersuite_t* ciphersuite_info;
@@ -431,9 +439,9 @@
*/
ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
- /* ---
- * Random random;
- * ---
+ /* ...
+ * Random random;
+ * ...
* with Random defined as:
* opaque Random[32];
*/
@@ -443,9 +451,9 @@
memcpy( &ssl->handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
- /* ---
+ /* ...
* opaque legacy_session_id<0..32>;
- * ---
+ * ...
*/
legacy_session_id_len = p[0];
p++;
@@ -476,9 +484,9 @@
*/
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cipher_suites_len + 2 + 2 );
- /* ---
+ /* ...
* CipherSuite cipher_suites<2..2^16-2>;
- * ---
+ * ...
* with CipherSuite defined as:
* uint8 CipherSuite[2];
*/
@@ -500,10 +508,12 @@
* Check whether this ciphersuite is valid and offered.
*/
if( ( mbedtls_ssl_validate_ciphersuite(
- ssl, ciphersuite_info, ssl->tls_version,
- ssl->tls_version ) != 0 ) ||
- !mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
+ ssl, ciphersuite_info, ssl->tls_version,
+ ssl->tls_version ) != 0 ) ||
+ ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
+ {
continue;
+ }
ssl->session_negotiate->ciphersuite = cipher_suite;
ssl->handshake->ciphersuite_info = ciphersuite_info;
@@ -513,7 +523,7 @@
}
- if( !ciphersuite_match )
+ if( ! ciphersuite_match )
{
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
@@ -524,6 +534,7 @@
ciphersuite_info->name ) );
p = cipher_suites + cipher_suites_len;
+
/* ...
* opaque legacy_compression_methods<1..2^8-1>;
* ...
@@ -537,9 +548,9 @@
}
p += 2;
- /* ---
+ /* ...
* Extension extensions<8..2^16-1>;
- * ---
+ * ...
* with Extension defined as:
* struct {
* ExtensionType extension_type;
@@ -579,8 +590,8 @@
* indicates the named groups which the client supports,
* ordered from most preferred to least preferred.
*/
- ret = ssl_tls13_parse_supported_groups_ext( ssl, p,
- extension_data_end );
+ ret = ssl_tls13_parse_supported_groups_ext(
+ ssl, p, extension_data_end );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
@@ -603,15 +614,20 @@
* contains the endpoint's cryptographic parameters for
* ECDHE/DHE key establishment methods.
*/
- ret = ssl_tls13_parse_key_shares_ext( ssl, p, extension_data_end );
+ ret = ssl_tls13_parse_key_shares_ext(
+ ssl, p, extension_data_end );
if( ret == SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "HRR needed " ) );
- ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ hrr_required = 1;
}
- if( ret != 0 )
+ if( ret < 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "ssl_tls13_parse_key_shares_ext", ret );
return( ret );
+ }
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE;
break;
@@ -621,7 +637,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported versions extension" ) );
ret = ssl_tls13_parse_supported_versions_ext(
- ssl, p, extension_data_end );
+ ssl, p, extension_data_end );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
@@ -635,8 +651,8 @@
case MBEDTLS_TLS_EXT_SIG_ALG:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
- ret = mbedtls_ssl_tls13_parse_sig_alg_ext( ssl, p,
- extension_data_end );
+ ret = mbedtls_ssl_tls13_parse_sig_alg_ext(
+ ssl, p, extension_data_end );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
@@ -683,9 +699,11 @@
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
- return( 0 );
+ return( hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK );
}
+/* Update the handshake state machine */
+
static int ssl_tls13_postprocess_client_hello( mbedtls_ssl_context* ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -712,6 +730,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char* buf = NULL;
size_t buflen = 0;
+ int parse_client_hello_ret;
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg(
@@ -720,8 +740,18 @@
MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_parse_client_hello( ssl, buf,
buf + buflen ) );
+ parse_client_hello_ret = ret; /* Store return value of parse_client_hello,
+ * only SSL_CLIENT_HELLO_OK or
+ * SSL_CLIENT_HELLO_HRR_REQUIRED at this
+ * stage as negative error codes are handled
+ * by MBEDTLS_SSL_PROC_CHK_NEG. */
+
MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_client_hello( ssl ) );
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
+
+ if( parse_client_hello_ret == SSL_CLIENT_HELLO_OK )
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
+ else
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HELLO_RETRY_REQUEST );
cleanup:
@@ -890,6 +920,7 @@
if( ret != 0 )
return( ret );
p += key_exchange_length;
+
MBEDTLS_PUT_UINT16_BE( key_exchange_length, server_share + 2, 0 );
MBEDTLS_PUT_UINT16_BE( p - server_share, buf, 2 );
@@ -899,6 +930,68 @@
return( 0 );
}
+static int ssl_tls13_write_hrr_key_share_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ uint16_t selected_group = ssl->handshake->hrr_selected_group;
+ /* key_share Extension
+ *
+ * struct {
+ * select (Handshake.msg_type) {
+ * ...
+ * case hello_retry_request:
+ * NamedGroup selected_group;
+ * ...
+ * };
+ * } KeyShare;
+ */
+
+ *out_len = 0;
+
+ /*
+ * For a pure PSK key exchange, there is no group to agree upon. The purpose
+ * of the HRR is then to transmit a cookie to force the client to demonstrate
+ * reachability at their apparent network address (primarily useful for DTLS).
+ */
+ if( ! mbedtls_ssl_tls13_some_ephemeral_enabled( ssl ) )
+ return( 0 );
+
+ /* We should only send the key_share extension if the client's initial
+ * key share was not acceptable. */
+ if( ssl->handshake->offered_group_id != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "Skip key_share extension in HRR" ) );
+ return( 0 );
+ }
+
+ if( selected_group == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching named group found" ) );
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
+
+ /* Check if we have enough space:
+ * - extension_type (2 bytes)
+ * - extension_data_length (2 bytes)
+ * - selected_group (2 bytes)
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 6 );
+
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0 );
+ MBEDTLS_PUT_UINT16_BE( 2, buf, 2 );
+ MBEDTLS_PUT_UINT16_BE( selected_group, buf, 4 );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "HRR selected_group: %s (%x)",
+ mbedtls_ssl_named_group_to_str( selected_group ),
+ selected_group ) );
+
+ *out_len = 6;
+
+ return( 0 );
+}
/*
* Structure of ServerHello message:
@@ -915,12 +1008,13 @@
static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
- size_t *out_len )
+ size_t *out_len,
+ int is_hrr )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
unsigned char *p_extensions_len;
- size_t output_len; /* Length of buffer used by function */
+ size_t output_len;
*out_len = 0;
@@ -941,8 +1035,16 @@
* opaque Random[MBEDTLS_SERVER_HELLO_RANDOM_LEN];
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN );
- memcpy( p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN],
- MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+ if( is_hrr )
+ {
+ memcpy( p, mbedtls_ssl_tls13_hello_retry_request_magic,
+ MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+ }
+ else
+ {
+ memcpy( p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN],
+ MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+ }
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes",
p, MBEDTLS_SERVER_HELLO_RANDOM_LEN );
p += MBEDTLS_SERVER_HELLO_RANDOM_LEN;
@@ -1008,7 +1110,10 @@
if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
{
- ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
+ if( is_hrr )
+ ret = ssl_tls13_write_hrr_key_share_ext( ssl, p, end, &output_len );
+ else
+ ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
if( ret != 0 )
return( ret );
p += output_len;
@@ -1061,7 +1166,8 @@
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_server_hello_body( ssl, buf,
buf + buf_len,
- &msg_len ) );
+ &msg_len,
+ 0 ) );
mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len );
@@ -1140,7 +1246,7 @@
if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) )
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
else
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
#else
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
#endif
@@ -1151,6 +1257,192 @@
return( ret );
}
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#define SSL_CERTIFICATE_REQUEST_SEND_REQUEST 0
+#define SSL_CERTIFICATE_REQUEST_SKIP 1
+/* Coordination:
+ * Check whether a CertificateRequest message should be written.
+ * Returns a negative code on failure, or
+ * - SSL_CERTIFICATE_REQUEST_SEND_REQUEST
+ * - SSL_CERTIFICATE_REQUEST_SKIP
+ * indicating if the writing of the CertificateRequest
+ * should be skipped or not.
+ */
+static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
+{
+ int authmode;
+
+ authmode = ssl->conf->authmode;
+
+ if( authmode == MBEDTLS_SSL_VERIFY_NONE )
+ return( SSL_CERTIFICATE_REQUEST_SKIP );
+
+ return( SSL_CERTIFICATE_REQUEST_SEND_REQUEST );
+}
+
+/*
+ * struct {
+ * opaque certificate_request_context<0..2^8-1>;
+ * Extension extensions<2..2^16-1>;
+ * } CertificateRequest;
+ *
+ */
+static int ssl_tls13_write_certificate_request_body( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *out_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *p = buf;
+ size_t output_len = 0;
+ unsigned char *p_extensions_len;
+
+ *out_len = 0;
+
+ /* Check if we have enough space:
+ * - certificate_request_context (1 byte)
+ * - extensions length (2 bytes)
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 );
+
+ /*
+ * Write certificate_request_context
+ */
+ /*
+ * We use a zero length context for the normal handshake
+ * messages. For post-authentication handshake messages
+ * this request context would be set to a non-zero value.
+ */
+ *p++ = 0x0;
+
+ /*
+ * Write extensions
+ */
+ /* The extensions must contain the signature_algorithms. */
+ p_extensions_len = p;
+ p += 2;
+ ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &output_len );
+ if( ret != 0 )
+ return( ret );
+
+ p += output_len;
+ MBEDTLS_PUT_UINT16_BE( p - p_extensions_len - 2, p_extensions_len, 0 );
+
+ *out_len = p - buf;
+
+ return( 0 );
+}
+
+static int ssl_tls13_write_certificate_request( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
+
+ MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_certificate_request_coordinate( ssl ) );
+
+ if( ret == SSL_CERTIFICATE_REQUEST_SEND_REQUEST )
+ {
+ unsigned char *buf;
+ size_t buf_len, msg_len;
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
+ MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, &buf, &buf_len ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_request_body(
+ ssl, buf, buf + buf_len, &msg_len ) );
+
+ mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
+ ssl, buf_len, msg_len ) );
+ }
+ else if( ret == SSL_CERTIFICATE_REQUEST_SKIP )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
+ ret = 0;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_CERTIFICATE );
+cleanup:
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
+ return( ret );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+/*
+ * Handler for MBEDTLS_SSL_HELLO_RETRY_REQUEST
+ */
+
+static int ssl_tls13_write_hello_retry_request_coordinate(
+ mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ if( ssl->handshake->hello_retry_request_count > 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Too many HRRs" ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+ MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
+
+ /*
+ * Create stateless transcript hash for HRR
+ */
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "Reset transcript for HRR" ) );
+ ret = mbedtls_ssl_reset_transcript_for_hrr( ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_reset_transcript_for_hrr", ret );
+ return( ret );
+ }
+ mbedtls_ssl_session_reset_msg_layer( ssl, 0 );
+
+ return( 0 );
+}
+
+static int ssl_tls13_write_hello_retry_request( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *buf;
+ size_t buf_len, msg_len;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello retry request" ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_hello_retry_request_coordinate( ssl ) );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
+ &buf, &buf_len ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_server_hello_body( ssl, buf,
+ buf + buf_len,
+ &msg_len,
+ 1 ) );
+ mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len );
+
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl, buf_len,
+ msg_len ) );
+
+ ssl->handshake->hello_retry_request_count++;
+
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+
+cleanup:
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello retry request" ) );
+ return( ret );
+}
+
/*
* TLS 1.3 State Machine -- server side
*/
@@ -1170,16 +1462,22 @@
/* start state */
case MBEDTLS_SSL_HELLO_REQUEST:
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
-
ret = 0;
break;
case MBEDTLS_SSL_CLIENT_HELLO:
-
ret = ssl_tls13_process_client_hello( ssl );
if( ret != 0 )
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_process_client_hello", ret );
+ break;
+ case MBEDTLS_SSL_HELLO_RETRY_REQUEST:
+ ret = ssl_tls13_write_hello_retry_request( ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_hello_retry_request", ret );
+ return( ret );
+ }
break;
case MBEDTLS_SSL_SERVER_HELLO:
@@ -1195,6 +1493,12 @@
}
break;
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ case MBEDTLS_SSL_CERTIFICATE_REQUEST:
+ ret = ssl_tls13_write_certificate_request( ssl );
+ break;
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
default:
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
diff --git a/programs/fuzz/README.md b/programs/fuzz/README.md
index b6a4333..aaef030 100644
--- a/programs/fuzz/README.md
+++ b/programs/fuzz/README.md
@@ -35,10 +35,10 @@
Finally, you can run the targets like `./test/fuzz/fuzz_client`.
-Corpus generation for network trafic targets
+Corpus generation for network traffic targets
------
-These targets use network trafic as inputs :
+These targets use network traffic as inputs :
* client : simulates a client against (fuzzed) server traffic
* server : simulates a server against (fuzzed) client traffic
* dtls_client
@@ -48,7 +48,7 @@
To generate corpus for these targets, you can do the following, not fully automated steps :
* Build mbedtls programs ssl_server2 and ssl_client2
-* Run them one against the other with `reproducible` option turned on while capturing trafic into test.pcap
+* Run them one against the other with `reproducible` option turned on while capturing traffic into test.pcap
* Extract tcp payloads, for instance with tshark : `tshark -Tfields -e tcp.dstport -e tcp.payload -r test.pcap > test.txt`
* Run a dummy python script to output either client or server corpus file like `python dummy.py test.txt > test.cor`
* Finally, you can add the options by appending the last bytes to the file test.cor
diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c
index efd8dbb..730be36 100644
--- a/programs/fuzz/onefile.c
+++ b/programs/fuzz/onefile.c
@@ -47,7 +47,7 @@
return 2;
}
- //lauch fuzzer
+ //launch fuzzer
LLVMFuzzerTestOneInput(Data, Size);
free(Data);
fclose(fp);
diff --git a/programs/psa/aead_demo.c b/programs/psa/aead_demo.c
index 5bc0af0..c4ed0dd 100644
--- a/programs/psa/aead_demo.c
+++ b/programs/psa/aead_demo.c
@@ -156,7 +156,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
- /* Prepare key attibutes */
+ /* Prepare key attributes */
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
psa_set_key_algorithm( &attributes, *alg );
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 97bfe68..8f2fed8 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -37,7 +37,7 @@
* dominate memory usage in small configurations. For the sake of simplicity,
* only a Unix version is implemented.
*
- * Warning: we are breaking some of the abtractions from the NET layer here.
+ * Warning: we are breaking some of the abstractions from the NET layer here.
* This is not a good example for general use. This programs has the specific
* goal of minimizing use of the libc functions on full-blown OSes.
*/
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index cecd4cb..97b786a 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -115,6 +115,7 @@
#define DFL_USE_SRTP 0
#define DFL_SRTP_FORCE_PROFILE 0
#define DFL_SRTP_MKI ""
+#define DFL_KEY_OPAQUE_ALG "none"
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n"
@@ -343,6 +344,13 @@
#define USAGE_SERIALIZATION ""
#endif
+#define USAGE_KEY_OPAQUE_ALGS \
+ " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
+ " comma-separated pair of values among the following:\n" \
+ " rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \
+ " ecdsa-sign, ecdh, none (only acceptable for\n" \
+ " the second value).\n" \
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
" tls13_kex_modes=%%s default: all\n" \
@@ -411,6 +419,7 @@
USAGE_CURVES \
USAGE_SIG_ALGS \
USAGE_DHMLEN \
+ USAGE_KEY_OPAQUE_ALGS \
"\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -498,7 +507,7 @@
int transport; /* TLS or DTLS? */
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
uint32_t hs_to_max; /* Max value of DTLS handshake timer */
- int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
+ int dtls_mtu; /* UDP Maximum transport unit for DTLS */
int fallback; /* is this a fallback connection? */
int dgram_packing; /* allow/forbid datagram packing */
int extended_ms; /* negotiate extended master secret? */
@@ -523,6 +532,8 @@
int use_srtp; /* Support SRTP */
int force_srtp_profile; /* SRTP protection profile to use or all */
const char *mki; /* The dtls mki value to use */
+ const char *key_opaque_alg1; /* Allowed opaque key alg 1 */
+ const char *key_opaque_alg2; /* Allowed Opaque key alg 2 */
} opt;
#include "ssl_test_common_source.c"
@@ -885,6 +896,8 @@
opt.use_srtp = DFL_USE_SRTP;
opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
opt.mki = DFL_SRTP_MKI;
+ opt.key_opaque_alg1 = DFL_KEY_OPAQUE_ALG;
+ opt.key_opaque_alg2 = DFL_KEY_OPAQUE_ALG;
for( i = 1; i < argc; i++ )
{
@@ -1308,6 +1321,12 @@
{
opt.mki = q;
}
+ else if( strcmp( p, "key_opaque_algs" ) == 0 )
+ {
+ if( key_opaque_alg_parse( q, &opt.key_opaque_alg1,
+ &opt.key_opaque_alg2 ) != 0 )
+ goto usage;
+ }
else
goto usage;
}
@@ -1698,26 +1717,24 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.key_opaque != 0 )
{
- psa_algorithm_t psa_alg, psa_alg2;
+ psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
+ psa_key_usage_t usage = 0;
- if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
+ if( key_opaque_set_alg_usage( opt.key_opaque_alg1,
+ opt.key_opaque_alg2,
+ &psa_alg, &psa_alg2,
+ &usage,
+ mbedtls_pk_get_type( &pkey ) ) == 0 )
{
- psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
- psa_alg2 = PSA_ALG_NONE;
- }
- else
- {
- psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
- psa_alg2 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
- }
-
- if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, psa_alg,
- PSA_KEY_USAGE_SIGN_HASH,
- psa_alg2 ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! "
- "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
- goto exit;
+ ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, psa_alg,
+ usage, psa_alg2 );
+ if( ret != 0 )
+ {
+ mbedtls_printf( " failed\n ! "
+ "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
+ (unsigned int) -ret );
+ goto exit;
+ }
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 770f87f..c144b05 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -151,6 +151,7 @@
#define DFL_USE_SRTP 0
#define DFL_SRTP_FORCE_PROFILE 0
#define DFL_SRTP_SUPPORT_MKI 0
+#define DFL_KEY_OPAQUE_ALG "none"
#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
"02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
@@ -455,6 +456,17 @@
#define USAGE_SERIALIZATION ""
#endif
+#define USAGE_KEY_OPAQUE_ALGS \
+ " key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \
+ " comma-separated pair of values among the following:\n" \
+ " rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \
+ " ecdsa-sign, ecdh, none (only acceptable for\n" \
+ " the second value).\n" \
+ " key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \
+ " comma-separated pair of values among the following:\n" \
+ " rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \
+ " ecdsa-sign, ecdh, none (only acceptable for\n" \
+ " the second value).\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
" tls13_kex_modes=%%s default: all\n" \
@@ -519,6 +531,7 @@
USAGE_ETM \
USAGE_CURVES \
USAGE_SIG_ALGS \
+ USAGE_KEY_OPAQUE_ALGS \
"\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -638,7 +651,7 @@
int anti_replay; /* Use anti-replay for DTLS? -1 for default */
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
uint32_t hs_to_max; /* Max value of DTLS handshake timer */
- int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
+ int dtls_mtu; /* UDP Maximum transport unit for DTLS */
int dgram_packing; /* allow/forbid datagram packing */
int badmac_limit; /* Limit of records with bad MAC */
int eap_tls; /* derive EAP-TLS keying material? */
@@ -659,6 +672,10 @@
int use_srtp; /* Support SRTP */
int force_srtp_profile; /* SRTP protection profile to use or all */
int support_mki; /* The dtls mki mki support */
+ const char *key1_opaque_alg1; /* Allowed opaque key 1 alg 1 */
+ const char *key1_opaque_alg2; /* Allowed Opaque key 1 alg 2 */
+ const char *key2_opaque_alg1; /* Allowed opaque key 2 alg 1 */
+ const char *key2_opaque_alg2; /* Allowed Opaque key 2 alg 2 */
} opt;
#include "ssl_test_common_source.c"
@@ -679,7 +696,7 @@
}
/*
- * Used by sni_parse and psk_parse to handle coma-separated lists
+ * Used by sni_parse and psk_parse to handle comma-separated lists
*/
#define GET_ITEM( dst ) \
do \
@@ -1615,6 +1632,10 @@
opt.use_srtp = DFL_USE_SRTP;
opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
opt.support_mki = DFL_SRTP_SUPPORT_MKI;
+ opt.key1_opaque_alg1 = DFL_KEY_OPAQUE_ALG;
+ opt.key1_opaque_alg2 = DFL_KEY_OPAQUE_ALG;
+ opt.key2_opaque_alg1 = DFL_KEY_OPAQUE_ALG;
+ opt.key2_opaque_alg2 = DFL_KEY_OPAQUE_ALG;
for( i = 1; i < argc; i++ )
{
@@ -2088,6 +2109,18 @@
{
opt.support_mki = atoi( q );
}
+ else if( strcmp( p, "key_opaque_algs" ) == 0 )
+ {
+ if( key_opaque_alg_parse( q, &opt.key1_opaque_alg1,
+ &opt.key1_opaque_alg2 ) != 0 )
+ goto usage;
+ }
+ else if( strcmp( p, "key_opaque_algs2" ) == 0 )
+ {
+ if( key_opaque_alg_parse( q, &opt.key2_opaque_alg1,
+ &opt.key2_opaque_alg2 ) != 0 )
+ goto usage;
+ }
else
goto usage;
}
@@ -2564,59 +2597,44 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.key_opaque != 0 )
{
- psa_algorithm_t psa_alg, psa_alg2;
- psa_key_usage_t psa_usage;
+ psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
+ psa_key_usage_t psa_usage = 0;
- if ( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY ||
- mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA )
+ if( key_opaque_set_alg_usage( opt.key1_opaque_alg1,
+ opt.key1_opaque_alg2,
+ &psa_alg, &psa_alg2,
+ &psa_usage,
+ mbedtls_pk_get_type( &pkey ) ) == 0 )
{
- if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
- {
- psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
- psa_alg2 = PSA_ALG_ECDH;
- psa_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
- }
- else
- {
- psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
- psa_alg2 = PSA_ALG_NONE;
- psa_usage = PSA_KEY_USAGE_SIGN_HASH;
- }
+ ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
+ psa_alg, psa_usage, psa_alg2 );
- if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
- psa_alg,
- psa_usage,
- psa_alg2 ) ) != 0 )
+ if( ret != 0 )
{
mbedtls_printf( " failed\n ! "
- "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
+ "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
+ (unsigned int) -ret );
goto exit;
}
}
- if ( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY ||
- mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_RSA )
- {
- if( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY )
- {
- psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
- psa_alg2 = PSA_ALG_ECDH;
- psa_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
- }
- else
- {
- psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
- psa_alg2 = PSA_ALG_NONE;
- psa_usage = PSA_KEY_USAGE_SIGN_HASH;
- }
+ psa_alg = PSA_ALG_NONE; psa_alg2 = PSA_ALG_NONE;
+ psa_usage = 0;
- if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2,
- psa_alg,
- psa_usage,
- psa_alg2 ) ) != 0 )
+ if( key_opaque_set_alg_usage( opt.key2_opaque_alg1,
+ opt.key2_opaque_alg2,
+ &psa_alg, &psa_alg2,
+ &psa_usage,
+ mbedtls_pk_get_type( &pkey2 ) ) == 0 )
+ {
+ ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2,
+ psa_alg, psa_usage, psa_alg2 );
+
+ if( ret != 0 )
{
mbedtls_printf( " failed\n ! "
- "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
+ "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
+ (unsigned int) -ret );
goto exit;
}
}
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index a28a477..a7f3d0e 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -193,6 +193,103 @@
#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
}
+int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 )
+{
+ char* separator;
+ if( ( separator = strchr( arg, ',' ) ) == NULL )
+ return 1;
+ *separator = '\0';
+
+ *alg1 = arg;
+ *alg2 = separator + 1;
+
+ if( strcmp( *alg1, "rsa-sign-pkcs1" ) != 0 &&
+ strcmp( *alg1, "rsa-sign-pss" ) != 0 &&
+ strcmp( *alg1, "rsa-decrypt" ) != 0 &&
+ strcmp( *alg1, "ecdsa-sign" ) != 0 &&
+ strcmp( *alg1, "ecdh" ) != 0 )
+ return 1;
+
+ if( strcmp( *alg2, "rsa-sign-pkcs1" ) != 0 &&
+ strcmp( *alg2, "rsa-sign-pss" ) != 0 &&
+ strcmp( *alg2, "rsa-decrypt" ) != 0 &&
+ strcmp( *alg2, "ecdsa-sign" ) != 0 &&
+ strcmp( *alg2, "ecdh" ) != 0 &&
+ strcmp( *alg2, "none" ) != 0 )
+ return 1;
+
+ return 0;
+}
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+int key_opaque_set_alg_usage( const char *alg1, const char *alg2,
+ psa_algorithm_t *psa_alg1,
+ psa_algorithm_t *psa_alg2,
+ psa_key_usage_t *usage,
+ mbedtls_pk_type_t key_type )
+{
+ if( strcmp( alg1, "none" ) != 0 )
+ {
+ const char * algs[] = { alg1, alg2 };
+ psa_algorithm_t *psa_algs[] = { psa_alg1, psa_alg2 };
+
+ for ( int i = 0; i < 2; i++ )
+ {
+ if( strcmp( algs[i], "rsa-sign-pkcs1" ) == 0 )
+ {
+ *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
+ *usage |= PSA_KEY_USAGE_SIGN_HASH;
+ }
+ else if( strcmp( algs[i], "rsa-sign-pss" ) == 0 )
+ {
+ *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
+ *usage |= PSA_KEY_USAGE_SIGN_HASH;
+ }
+ else if( strcmp( algs[i], "rsa-decrypt" ) == 0 )
+ {
+ *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT;
+ *usage |= PSA_KEY_USAGE_DECRYPT;
+ }
+ else if( strcmp( algs[i], "ecdsa-sign" ) == 0 )
+ {
+ *psa_algs[i] = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
+ *usage |= PSA_KEY_USAGE_SIGN_HASH;
+ }
+ else if( strcmp( algs[i], "ecdh" ) == 0 )
+ {
+ *psa_algs[i] = PSA_ALG_ECDH;
+ *usage |= PSA_KEY_USAGE_DERIVE;
+ }
+ else if( strcmp( algs[i], "none" ) == 0 )
+ {
+ *psa_algs[i] = PSA_ALG_NONE;
+ }
+ }
+ }
+ else
+ {
+ if( key_type == MBEDTLS_PK_ECKEY )
+ {
+ *psa_alg1 = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
+ *psa_alg2 = PSA_ALG_ECDH;
+ *usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
+ }
+ else if( key_type == MBEDTLS_PK_RSA )
+ {
+ *psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
+ *psa_alg2 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
+ *usage = PSA_KEY_USAGE_SIGN_HASH;
+ }
+ else
+ {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback( void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates )
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index a359b3f..48da1bf 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -221,6 +221,48 @@
*/
int rng_get( void *p_rng, unsigned char *output, size_t output_len );
+/** Parse command-line option: key_opaque_algs
+ *
+ *
+ * \param arg String value of key_opaque_algs
+ * Coma-separated pair of values among the following:
+ * - "rsa-sign-pkcs1"
+ * - "rsa-sign-pss"
+ * - "rsa-decrypt"
+ * - "ecdsa-sign"
+ * - "ecdh"
+ * - "none" (only acceptable for the second value).
+ * \param alg1 Address of pointer to alg #1
+ * \param alg2 Address of pointer to alg #2
+ *
+ * \return \c 0 on success.
+ * \return \c 1 on parse failure.
+ */
+int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/** Parse given opaque key algoritms to obtain psa algs and usage
+ * that will be passed to mbedtls_pk_wrap_as_opaque().
+ *
+ *
+ * \param alg1 input string opaque key algorithm #1
+ * \param alg2 input string opaque key algorithm #2
+ * \param psa_alg1 output PSA algorithm #1
+ * \param psa_alg2 output PSA algorithm #2
+ * \param usage output key usage
+ * \param key_type key type used to set default psa algorithm/usage
+ * when alg1 in "none"
+ *
+ * \return \c 0 on success.
+ * \return \c 1 on parse failure.
+ */
+int key_opaque_set_alg_usage( const char *alg1, const char *alg2,
+ psa_algorithm_t *psa_alg1,
+ psa_algorithm_t *psa_alg2,
+ psa_key_usage_t *usage,
+ mbedtls_pk_type_t key_type );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/* The test implementation of the PSA external RNG is insecure. When
* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto
@@ -236,7 +278,7 @@
/*
* Test recv/send functions that make sure each try returns
- * WANT_READ/WANT_WRITE at least once before sucesseding
+ * WANT_READ/WANT_WRITE at least once before succeeding
*/
int delayed_recv( void *ctx, unsigned char *buf, size_t len );
int delayed_send( void *ctx, const unsigned char *buf, size_t len );
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index b88c381..a6d83e7 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -179,7 +179,7 @@
*
* This computes the maximum length of a title +3, because we appends "/s" and
* want at least one space. (If the value is too small, the only consequence
- * is poor alignement.) */
+ * is poor alignment.) */
#define TITLE_SPACE 17
#define MEMORY_MEASURE_INIT \
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index fadcd38..fd71e18 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -1,5 +1,5 @@
/*
- * UDP proxy: emulate an unreliable UDP connexion for DTLS testing
+ * UDP proxy: emulate an unreliable UDP connection for DTLS testing
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c
index a44099d..d6e5561 100644
--- a/programs/test/zeroize.c
+++ b/programs/test/zeroize.c
@@ -63,7 +63,7 @@
if( argc != 2 )
{
- mbedtls_printf( "This program takes exactly 1 agument\n" );
+ mbedtls_printf( "This program takes exactly 1 argument\n" );
usage();
mbedtls_exit( exit_code );
}
diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py
index 85393d0..0ef438d 100755
--- a/scripts/code_size_compare.py
+++ b/scripts/code_size_compare.py
@@ -37,7 +37,7 @@
"""
old_revision: revision to compare against
new_revision:
- result_dir: directory for comparision result
+ result_dir: directory for comparison result
"""
self.repo_path = "."
self.result_dir = os.path.abspath(result_dir)
@@ -140,7 +140,7 @@
+ "-" + self.new_rev + ".csv"), "w")
res_file.write("file_name, this_size, old_size, change, change %\n")
- print("Generating comparision results.")
+ print("Generating comparison results.")
old_ds = {}
for line in old_file.readlines()[1:]:
@@ -199,7 +199,7 @@
parser.add_argument(
"-n", "--new-rev", type=str, default=None,
help="new revision for comparison, default is the current work \
- directory, including uncommited changes."
+ directory, including uncommitted changes."
)
comp_args = parser.parse_args()
diff --git a/scripts/config.py b/scripts/config.py
index c09212b..356b998 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -418,7 +418,7 @@
value = setting.value
if value is None:
value = ''
- # Normally the whitespace to separte the symbol name from the
+ # Normally the whitespace to separate the symbol name from the
# value is part of middle, and there's no whitespace for a symbol
# with no value. But if a symbol has been changed from having a
# value to not having one, the whitespace is wrong, so fix it.
diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py
index 42331ac..71b881e 100755
--- a/scripts/generate_driver_wrappers.py
+++ b/scripts/generate_driver_wrappers.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python3
"""Generate library/psa_crypto_driver_wrappers.c
- This module is invoked by the build sripts to auto generate the
+ This module is invoked by the build scripts to auto generate the
psa_crypto_driver_wrappers.c based on template files in
script/data_files/driver_templates/.
"""
diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py
index 42e4fc8..959cbbc 100755
--- a/scripts/generate_ssl_debug_helpers.py
+++ b/scripts/generate_ssl_debug_helpers.py
@@ -53,7 +53,7 @@
"""
Simple preprocessor for C source code.
- Only processses condition directives without expanding them.
+ Only processes condition directives without expanding them.
Yield object according to the classes input. Most match firstly
If the directive pair does not match , raise CondDirectiveNotMatch.
@@ -234,6 +234,7 @@
prototype=self._prototype)
return body
+
class SignatureAlgorithmDefinition:
"""
Generate helper functions for signature algorithms.
@@ -267,6 +268,7 @@
def span(self):
return self._definitions[0].span()
+
def __str__(self):
"""
Generate function for translating value to string
@@ -277,7 +279,7 @@
translation_table.append(
'\tcase {}:\n\t return "{}";'.format(name,
name[len('MBEDTLS_TLS1_3_SIG_'):].lower())
- )
+ )
body = textwrap.dedent('''\
const char *mbedtls_ssl_sig_alg_to_str( uint16_t in )
@@ -287,11 +289,70 @@
{translation_table}
}};
+ return "UNKNOWN";
+ }}''')
+ body = body.format(translation_table='\n'.join(translation_table))
+ return body
+
+
+class NamedGroupDefinition:
+ """
+ Generate helper functions for named group
+
+ It generates translation function from named group define to string.
+ Named group definition looks like:
+ #define MBEDTLS_SSL_IANA_TLS_GROUP_[ upper case named group ] [ value(hex) ]
+
+ Known limitation:
+ - the definitions SHOULD exist in same macro blocks.
+ """
+
+ @classmethod
+ def extract(cls, source_code, start=0, end=-1):
+ named_group_pattern = re.compile(r'#define\s+(?P<name>MBEDTLS_SSL_IANA_TLS_GROUP_\w+)\s+' +
+ r'(?P<value>0[xX][0-9a-fA-F]+)$',
+ re.MULTILINE | re.DOTALL)
+ matches = list(named_group_pattern.finditer(source_code, start, end))
+ if matches:
+ yield NamedGroupDefinition(source_code, definitions=matches)
+
+ def __init__(self, source_code, definitions=None):
+ if definitions is None:
+ definitions = []
+ assert isinstance(definitions, list) and definitions
+ self._definitions = definitions
+ self._source = source_code
+
+ def __repr__(self):
+ return 'NamedGroup({})'.format(self._definitions[0].span())
+
+ def span(self):
+ return self._definitions[0].span()
+
+ def __str__(self):
+ """
+ Generate function for translating value to string
+ """
+ translation_table = []
+ for m in self._definitions:
+ name = m.groupdict()['name']
+ iana_name = name[len('MBEDTLS_SSL_IANA_TLS_GROUP_'):].lower()
+ translation_table.append('\tcase {}:\n\t return "{}";'.format(name, iana_name))
+
+ body = textwrap.dedent('''\
+ const char *mbedtls_ssl_named_group_to_str( uint16_t in )
+ {{
+ switch( in )
+ {{
+ {translation_table}
+ }};
+
return "UNKOWN";
}}''')
body = body.format(translation_table='\n'.join(translation_table))
return body
+
OUTPUT_C_TEMPLATE = '''\
/* Automatically generated by generate_ssl_debug_helpers.py. DO NOT EDIT. */
@@ -335,14 +396,16 @@
"""
Generate functions of debug helps
"""
- mbedtls_root = os.path.abspath(mbedtls_root or build_tree.guess_mbedtls_root())
+ mbedtls_root = os.path.abspath(
+ mbedtls_root or build_tree.guess_mbedtls_root())
with open(os.path.join(mbedtls_root, 'include/mbedtls/ssl.h')) as f:
source_code = remove_c_comments(f.read())
definitions = dict()
for start, instance in preprocess_c_source_code(source_code,
EnumDefinition,
- SignatureAlgorithmDefinition):
+ SignatureAlgorithmDefinition,
+ NamedGroupDefinition):
if start in definitions:
continue
if isinstance(instance, EnumDefinition):
diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt
index d07241a..84c775f 100644
--- a/tests/data_files/Readme-x509.txt
+++ b/tests/data_files/Readme-x509.txt
@@ -89,8 +89,8 @@
_int-ca.crt: S7 + I1
_int-ca_ca2.crt: S7 + I1 + 2
_all_space.crt: S7 + I1 both with misplaced spaces (invalid PEM)
- _pem_space.crt: S7 with misplace space (invalid PEM) + I1
- _trailing_space.crt: S7 + I1 both with trainling space (valid PEM)
+ _pem_space.crt: S7 with misplaced space (invalid PEM) + I1
+ _trailing_space.crt: S7 + I1 both with trailing space (valid PEM)
_spurious_int-ca.crt: S7 + I2(spurious) + I1
- server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2)
- server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS
diff --git a/tests/data_files/base64/def_b64_too_big_1.txt b/tests/data_files/base64/def_b64_too_big_1.txt
index 0fe8a18..47be05c 100644
--- a/tests/data_files/base64/def_b64_too_big_1.txt
+++ b/tests/data_files/base64/def_b64_too_big_1.txt
@@ -1,2 +1,2 @@
-// Context with added '1234' at the begining to simulate too much data in the base64 code
+// Context with added '1234' at the beginning to simulate too much data in the base64 code
1234AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1e5cd65..29a6201 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -259,7 +259,7 @@
--no-force Refuse to overwrite modified files (default).
--no-keep-going Stop at the first error (default).
--no-memory No additional memory tests (default).
- --no-quiet Print full ouput from components.
+ --no-quiet Print full output from components.
--out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
--outcome-file=<path> File where test outcomes are written (not done if
empty; default: \$MBEDTLS_TEST_OUTCOME_FILE).
@@ -1203,6 +1203,30 @@
tests/ssl-opt.sh -f 'Default\|opaque'
}
+component_test_crypto_full_no_md () {
+ msg "build: crypto_full minus MD"
+ scripts/config.py crypto_full
+ scripts/config.py unset MBEDTLS_MD_C
+ # Direct dependencies
+ scripts/config.py unset MBEDTLS_ECJPAKE_C
+ scripts/config.py unset MBEDTLS_HKDF_C
+ scripts/config.py unset MBEDTLS_HMAC_DRBG_C
+ scripts/config.py unset MBEDTLS_PK_C
+ scripts/config.py unset MBEDTLS_PKCS1_V15
+ scripts/config.py unset MBEDTLS_PKCS1_V21
+ scripts/config.py unset MBEDTLS_PKCS5_C
+ scripts/config.py unset MBEDTLS_PKCS12_C
+ # Indirect dependencies
+ scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC
+ scripts/config.py unset MBEDTLS_PK_PARSE_C
+ scripts/config.py unset MBEDTLS_PK_WRITE_C
+ scripts/config.py unset MBEDTLS_RSA_C
+ make
+
+ msg "test: crypto_full minus MD"
+ make test
+}
+
component_test_psa_external_rng_use_psa_crypto () {
msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
scripts/config.py full
diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py
index 8857e00..a0f5e1f 100755
--- a/tests/scripts/check_files.py
+++ b/tests/scripts/check_files.py
@@ -187,7 +187,7 @@
# Allow either /bin/sh, /bin/bash, or /usr/bin/env.
# Allow at most one argument (this is a Linux limitation).
# For sh and bash, the argument if present must be options.
- # For env, the argument must be the base name of the interpeter.
+ # For env, the argument must be the base name of the interpreter.
_shebang_re = re.compile(rb'^#! ?(?:/bin/(bash|sh)(?: -[^\n ]*)?'
rb'|/usr/bin/env ([^\n /]+))$')
_extensions = {
diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 8bb4923..96117a2 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -813,7 +813,7 @@
def check_for_typos(self):
"""
- Perform a check that all words in the soure code beginning with MBED are
+ Perform a check that all words in the source code beginning with MBED are
either defined as macros, or as enum constants.
Assumes parse_names_in_source() was called before this.
diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl
index cd17066..68297a6 100755
--- a/tests/scripts/depends-hashes.pl
+++ b/tests/scripts/depends-hashes.pl
@@ -46,12 +46,12 @@
# as many SSL options depend on specific hashes,
# and SSL is not in the test suites anyways,
-# disable it to avoid dependcies issues
+# disable it to avoid dependency issues
my $ssl_sed_cmd = 's/^#define \(MBEDTLS_SSL.*\)/\1/p';
my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` );
# Each element of this array holds list of configuration options that
-# should be tested together. Certain options depend on eachother and
+# should be tested together. Certain options depend on each other and
# separating them would generate invalid configurations.
my @hash_configs = (
['unset MBEDTLS_MD5_C'],
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 492810b..3d23edd 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -165,6 +165,7 @@
ALWAYS_SUPPORTED = frozenset([
'PSA_KEY_TYPE_DERIVE',
'PSA_KEY_TYPE_RAW_DATA',
+ 'PSA_KEY_TYPE_HMAC'
])
def test_cases_for_key_type_not_supported(
self,
@@ -830,7 +831,7 @@
def gather_key_types_for_sign_alg(self) -> Dict[str, List[str]]:
# pylint: disable=too-many-locals
"""Match possible key types for sign algorithms."""
- # To create a valid combinaton both the algorithms and key types
+ # To create a valid combination both the algorithms and key types
# must be filtered. Pair them with keywords created from its names.
incompatible_alg_keyword = frozenset(['RAW', 'ANY', 'PURE'])
incompatible_key_type_keywords = frozenset(['MONTGOMERY'])
@@ -854,7 +855,7 @@
if re.match(pattern, keyword):
alg_keywords.remove(keyword)
alg_keywords.add(replace)
- # Filter out incompatible algortihms
+ # Filter out incompatible algorithms
if not alg_keywords.isdisjoint(incompatible_alg_keyword):
continue
@@ -862,7 +863,7 @@
# Generate keywords from the of the key type
key_type_keywords = set(key_type.translate(translation_table).split(sep='_')[3:])
- # Remove ambigious keywords
+ # Remove ambiguous keywords
for keyword1, keyword2 in exclusive_keywords.items():
if keyword1 in key_type_keywords:
key_type_keywords.remove(keyword2)
@@ -879,7 +880,7 @@
"""Generate test keys for usage flag extensions."""
# Generate a key type and algorithm pair for each extendable usage
# flag to generate a valid key for exercising. The key is generated
- # without usage extension to check the extension compatiblity.
+ # without usage extension to check the extension compatibility.
alg_with_keys = self.gather_key_types_for_sign_alg()
for usage in sorted(StorageKey.IMPLICIT_USAGE_FLAGS, key=str):
@@ -922,7 +923,7 @@
filename = self.filename_for(basename)
test_case.write_data_file(filename, test_cases)
- # Note that targets whose name containns 'test_format' have their content
+ # Note that targets whose names contain 'test_format' have their content
# validated by `abi_check.py`.
TARGETS = {
'test_suite_psa_crypto_generate_key.generated':
diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl
index e4b2d94..2a7dba5 100755
--- a/tests/scripts/recursion.pl
+++ b/tests/scripts/recursion.pl
@@ -4,7 +4,7 @@
# (Multiple recursion where a() calls b() which calls a() not covered.)
#
# When the recursion depth might depend on data controlled by the attacker in
-# an unbounded way, those functions should use interation instead.
+# an unbounded way, those functions should use iteration instead.
#
# Typical usage: scripts/recursion.pl library/*.c
#
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 3e7a9a6..55529c8 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -1,5 +1,5 @@
#!/usr/bin/env python3
-"""Run the PSA Cryto API compliance test suite.
+"""Run the PSA Crypto API compliance test suite.
Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF,
then complie and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests.
Known defects in either the test suite or mbedtls - identified by their test number - are ignored,
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index 9576afd..d1650f1 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -221,7 +221,7 @@
sizeof( decrypted ) - part_length,
&part_length );
/* For a stream cipher, all inputs are valid. For a block cipher,
- * if the input is some aribtrary data rather than an actual
+ * if the input is some arbitrary data rather than an actual
ciphertext, a padding error is likely. */
if( maybe_invalid_padding )
TEST_ASSERT( status == PSA_SUCCESS ||
@@ -929,7 +929,7 @@
return( 0 );
if( alg == 0 )
- ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */
+ ok = 1; /* If no algorithm, do nothing (used for raw data "keys"). */
else if( PSA_ALG_IS_MAC( alg ) )
ok = exercise_mac_key( key, usage, alg );
else if( PSA_ALG_IS_CIPHER( alg ) )
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 07ad1b3..fc49b06 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -4580,7 +4580,7 @@
-C "error" \
-s "Extra-header:"
-# Test for the "secure renegotation" extension only (no actual renegotiation)
+# Test for the "secure renegotiation" extension only (no actual renegotiation)
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@@ -5317,7 +5317,7 @@
-s "use CA callback for X.509 CRT verification" \
-S "X509 - A fatal error occurred"
-# Tests for certificate selection based on SHA verson
+# Tests for certificate selection based on SHA version
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
@@ -6399,8 +6399,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque PSK"\
- -S "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6414,8 +6412,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque PSK"\
- -S "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6429,8 +6425,6 @@
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque PSK"\
- -S "skip PMS generation for opaque PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6444,8 +6438,6 @@
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque PSK"\
- -S "skip PMS generation for opaque PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6459,8 +6451,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque RSA-PSK"\
- -S "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6474,8 +6464,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque RSA-PSK"\
- -S "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6489,8 +6477,6 @@
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque RSA-PSK"\
- -S "skip PMS generation for opaque RSA-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6504,8 +6490,6 @@
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque RSA-PSK"\
- -S "skip PMS generation for opaque RSA-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6519,8 +6503,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque ECDHE-PSK"\
- -S "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6534,8 +6516,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque ECDHE-PSK"\
- -S "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6549,8 +6529,6 @@
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque ECDHE-PSK"\
- -S "skip PMS generation for opaque ECDHE-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6564,8 +6542,6 @@
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque ECDHE-PSK"\
- -S "skip PMS generation for opaque ECDHE-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6579,8 +6555,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque DHE-PSK"\
- -S "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6594,8 +6568,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque DHE-PSK"\
- -S "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6609,8 +6581,6 @@
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque DHE-PSK"\
- -S "skip PMS generation for opaque DHE-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6624,8 +6594,6 @@
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque DHE-PSK"\
- -S "skip PMS generation for opaque DHE-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6639,8 +6607,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6654,8 +6620,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123" \
0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6672,8 +6636,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6688,8 +6650,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6701,8 +6661,6 @@
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
0 \
- -C "skip PMS generation for opaque RSA-PSK"\
- -s "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6716,8 +6674,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123" \
0 \
- -C "skip PMS generation for opaque RSA-PSK"\
- -s "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6734,8 +6690,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque RSA-PSK"\
- -s "skip PMS generation for opaque RSA-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6750,8 +6704,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque RSA-PSK"\
- -s "skip PMS generation for opaque RSA-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6763,8 +6715,6 @@
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
0 \
- -C "skip PMS generation for opaque ECDHE-PSK"\
- -s "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6778,8 +6728,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123" \
0 \
- -C "skip PMS generation for opaque ECDHE-PSK"\
- -s "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6796,8 +6744,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque ECDHE-PSK"\
- -s "skip PMS generation for opaque ECDHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6812,8 +6758,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque ECDHE-PSK"\
- -s "skip PMS generation for opaque ECDHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6825,8 +6769,6 @@
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
0 \
- -C "skip PMS generation for opaque DHE-PSK"\
- -s "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6840,8 +6782,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123" \
0 \
- -C "skip PMS generation for opaque DHE-PSK"\
- -s "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6858,8 +6798,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque DHE-PSK"\
- -s "skip PMS generation for opaque DHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6874,8 +6812,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque DHE-PSK"\
- -s "skip PMS generation for opaque DHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6887,8 +6823,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6902,8 +6836,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6920,8 +6852,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6936,8 +6866,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6949,8 +6877,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque RSA-PSK"\
- -s "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6964,8 +6890,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque RSA-PSK"\
- -s "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6982,8 +6906,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque RSA-PSK"\
- -s "skip PMS generation for opaque RSA-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6998,8 +6920,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque RSA-PSK"\
- -s "skip PMS generation for opaque RSA-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -7011,8 +6931,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque ECDHE-PSK"\
- -s "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -7026,8 +6944,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque ECDHE-PSK"\
- -s "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -7044,8 +6960,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque ECDHE-PSK"\
- -s "skip PMS generation for opaque ECDHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -7060,8 +6974,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque ECDHE-PSK"\
- -s "skip PMS generation for opaque ECDHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -7073,8 +6985,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque DHE-PSK"\
- -s "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -7088,8 +6998,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque DHE-PSK"\
- -s "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -7106,8 +7014,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque DHE-PSK"\
- -s "skip PMS generation for opaque DHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -7122,8 +7028,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque DHE-PSK"\
- -s "skip PMS generation for opaque DHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -7135,8 +7039,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -7150,8 +7052,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -7165,7 +7065,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -7179,7 +7078,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -9170,7 +9068,7 @@
# certificate obtained from the server. Here, however, it
# connects to 127.0.0.1 while our test certificates use 'localhost'
# as the server name in the certificate. This will make the
-# certifiate validation fail, but passing --insecure makes
+# certificate validation fail, but passing --insecure makes
# GnuTLS continue the connection nonetheless.
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
@@ -10941,7 +10839,7 @@
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "signature algorithm not in received or offered list." \
- -C "unkown pk type"
+ -C "unknown pk type"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -10959,7 +10857,7 @@
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "signature algorithm not in received or offered list." \
- -C "unkown pk type"
+ -C "unknown pk type"
# Test using an opaque private key for client authentication
requires_openssl_tls1_3
@@ -11312,6 +11210,24 @@
-s "=> parse client hello" \
-s "<= parse client hello"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_openssl_tls1_3
+run_test "TLS 1.3: Server side check - openssl with client authentication" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$O_NEXT_CLI -msg -debug -cert data_files/server5.crt -key data_files/server5.key -tls1_3" \
+ 1 \
+ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
+ -s "=> write certificate request" \
+ -s "SSL - The requested feature is not available" \
+ -s "=> parse client hello" \
+ -s "<= parse client hello"
+
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -11329,6 +11245,25 @@
-s "=> parse client hello" \
-s "<= parse client hello"
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+run_test "TLS 1.3: Server side check - gnutls with client authentication" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$G_NEXT_CLI localhost -d 4 --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
+ 1 \
+ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
+ -s "=> write certificate request" \
+ -s "SSL - The requested feature is not available" \
+ -s "=> parse client hello" \
+ -s "<= parse client hello"
+
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
@@ -11341,11 +11276,48 @@
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
-s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
+ -s "=> write certificate request" \
-c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
-s "SSL - The requested feature is not available" \
-s "=> parse client hello" \
-s "<= parse client hello"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: Server side check - mbedtls with client authentication" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \
+ "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13" \
+ 1 \
+ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
+ -s "SSL - The requested feature is not available" \
+ -s "=> parse client hello" \
+ -s "<= parse client hello"
+
+
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+run_test "TLS 1.3: server: HRR check - mbedtls" \
+ "$P_SRV debug_level=4 force_version=tls13 curves=secp384r1" \
+ "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \
+ 1 \
+ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \
+ -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -s "selected_group: secp384r1" \
+ -s "SSL - The requested feature is not available" \
+ -s "=> write hello retry request" \
+ -s "<= write hello retry request"
+
for i in opt-testcases/*.sh
do
TEST_SUITE_NAME=${i##*/}
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index 17926eb..b9ea3d6 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -519,7 +519,7 @@
FILE *file;
char buf[5000];
char *params[50];
- /* Store for proccessed integer params. */
+ /* Store for processed integer params. */
int32_t int_params[50];
void *pointer;
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function
index 0426324..ad7c773 100644
--- a/tests/suites/test_suite_aria.function
+++ b/tests/suites/test_suite_aria.function
@@ -1,7 +1,7 @@
/* BEGIN_HEADER */
#include "mbedtls/aria.h"
-/* Maxium size of data used by test vectors
+/* Maximum size of data used by test vectors
* WARNING: to be adapted if and when adding larger test cases */
#define ARIA_MAX_DATASIZE 160
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index 6893bcf..68db8fe 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -262,7 +262,7 @@
rnd_info_B.buf = dB->x;
rnd_info_B.length = dB->len;
- /* The ECDH context is not guaranteed ot have an mbedtls_ecp_group structure
+ /* The ECDH context is not guaranteed to have an mbedtls_ecp_group structure
* in every configuration, therefore we load it separately. */
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
diff --git a/tests/suites/test_suite_ecjpake.data b/tests/suites/test_suite_ecjpake.data
index fe14f88..73808c9 100644
--- a/tests/suites/test_suite_ecjpake.data
+++ b/tests/suites/test_suite_ecjpake.data
@@ -49,7 +49,7 @@
ECJPAKE round one: KKP1: no second point data
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b0104":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
-ECJPAKE round one: KKP1: unknow second point format
+ECJPAKE round one: KKP1: unknown second point format
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410509f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb516":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
ECJPAKE round one: KKP1: nothing after second point
@@ -97,7 +97,7 @@
ECJPAKE round one: KKP2: no second point data
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b0104":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
-ECJPAKE round one: KKP2: unknow second point format
+ECJPAKE round one: KKP2: unknown second point format
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410509f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb516":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
ECJPAKE round one: KKP2: nothing after second point
@@ -190,7 +190,7 @@
ECJPAKE round two server: no data
read_round_two_srv:"":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
-ECJPAKE round two server: length of forst point too small
+ECJPAKE round two server: length of first point too small
read_round_two_srv:"00":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
ECJPAKE round two server: length of first point too big
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index 2deb92a..602afa4 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -21,7 +21,7 @@
/*
* Very minimal testing of mbedtls_md_process, just make sure the various
* xxx_process_wrap() function pointers are valid. (Testing that they
- * indeed do the right thing whould require messing with the internal
+ * indeed do the right thing would require messing with the internal
* state of the underlying mbedtls_md/sha context.)
*
* Also tests that mbedtls_md_list() only returns valid MDs.
diff --git a/tests/suites/test_suite_net.function b/tests/suites/test_suite_net.function
index 513b723..08d48b3 100644
--- a/tests/suites/test_suite_net.function
+++ b/tests/suites/test_suite_net.function
@@ -28,7 +28,7 @@
* On success, it refers to the opened file (\p wanted_fd).
* \param wanted_fd The desired file descriptor.
*
- * \return \c 0 on succes, a negative error code on error.
+ * \return \c 0 on success, a negative error code on error.
*/
static int open_file_on_fd( mbedtls_net_context *ctx, int wanted_fd )
{
diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function
index 5c56ef4..a255530 100644
--- a/tests/suites/test_suite_oid.function
+++ b/tests/suites/test_suite_oid.function
@@ -82,7 +82,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_MD_C */
void oid_get_md_alg_id( data_t *oid, int exp_md_id )
{
mbedtls_asn1_buf md_oid = { 0, 0, NULL };
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index a0844ea..f17711d 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -153,6 +153,14 @@
depends_on:MBEDTLS_PKCS1_V15
pk_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404feb284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING
+RSA Opaque decrypt test vector #1
+depends_on:MBEDTLS_PKCS1_V15
+pk_wrap_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":0
+
+RSA Opaque decrypt test vector #2
+depends_on:MBEDTLS_PKCS1_V15
+pk_wrap_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404feb284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING
+
EC nocrypt
depends_on:MBEDTLS_ECP_C
pk_ec_nocrypt:MBEDTLS_PK_ECKEY
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 32c2644..7587d6c 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -168,12 +168,12 @@
if( key_is_rsa )
{
- bitlen = 1024; /* harcoded in genkey() */
+ bitlen = 1024; /* hardcoded in genkey() */
key = pk_psa_genkey_rsa();
}
else
{
- bitlen = 256; /* harcoded in genkey() */
+ bitlen = 256; /* hardcoded in genkey() */
key = pk_psa_genkey_ecc();
}
if( mbedtls_svc_key_id_is_null( key ) )
@@ -204,10 +204,13 @@
TEST_ASSERT( mbedtls_pk_verify( &pk, md_alg,
b1, sizeof( b1), b2, sizeof( b2 ) )
== MBEDTLS_ERR_PK_TYPE_MISMATCH );
- TEST_ASSERT( mbedtls_pk_decrypt( &pk, b1, sizeof( b1 ),
- b2, &len, sizeof( b2 ),
- NULL, NULL )
- == MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ if( key_is_rsa == 0 )
+ {
+ TEST_ASSERT( mbedtls_pk_decrypt( &pk, b1, sizeof( b1 ),
+ b2, &len, sizeof( b2 ),
+ NULL, NULL )
+ == MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ }
TEST_ASSERT( mbedtls_pk_encrypt( &pk, b1, sizeof( b1 ),
b2, &len, sizeof( b2 ),
NULL, NULL )
@@ -916,6 +919,72 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_USE_PSA_CRYPTO */
+void pk_wrap_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P,
+ char * input_P, int radix_Q, char * input_Q,
+ int radix_N, char * input_N, int radix_E,
+ char * input_E, data_t * clear, int ret )
+{
+ unsigned char output[256];
+ mbedtls_test_rnd_pseudo_info rnd_info;
+ mbedtls_mpi N, P, Q, E;
+ mbedtls_rsa_context *rsa;
+ mbedtls_pk_context pk;
+ mbedtls_svc_key_id_t key_id;
+ size_t olen;
+
+ USE_PSA_INIT( );
+
+ mbedtls_pk_init( &pk );
+ mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
+ mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
+
+ memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
+
+ /* init pk-rsa context */
+ TEST_EQUAL( mbedtls_pk_setup( &pk,
+ mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ), 0 );
+ rsa = mbedtls_pk_rsa( pk );
+
+ /* load public key */
+ TEST_EQUAL( mbedtls_test_read_mpi( &N, radix_N, input_N ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &E, radix_E, input_E ), 0 );
+
+ /* load private key */
+ TEST_EQUAL( mbedtls_test_read_mpi( &P, radix_P, input_P ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ), 0 );
+ TEST_EQUAL( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ), 0 );
+ TEST_EQUAL( mbedtls_rsa_get_len( rsa ), (size_t) ( mod / 8 ) );
+ TEST_EQUAL( mbedtls_rsa_complete( rsa ), 0 );
+
+ /* Turn PK context into an opaque one. */
+ TEST_EQUAL( mbedtls_pk_wrap_as_opaque( &pk, &key_id,
+ PSA_ALG_RSA_PKCS1V15_CRYPT,
+ PSA_KEY_USAGE_DECRYPT,
+ PSA_ALG_NONE ), 0 );
+
+ /* decryption test */
+ memset( output, 0, sizeof( output ) );
+ olen = 0;
+ TEST_EQUAL( mbedtls_pk_decrypt( &pk, cipher->x, cipher->len,
+ output, &olen, sizeof( output ),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info ), ret );
+ if( ret == 0 )
+ {
+ TEST_EQUAL( olen, clear->len );
+ TEST_EQUAL( memcmp( output, clear->x, olen ), 0 );
+ }
+
+ TEST_EQUAL( PSA_SUCCESS, psa_destroy_key( key_id ) );
+
+exit:
+ mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
+ mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
+ mbedtls_pk_free( &pk );
+ USE_PSA_DONE( );
+}
+/* END_CASE */
+
/* BEGIN_CASE */
void pk_ec_nocrypt( int type )
{
@@ -1011,7 +1080,7 @@
memset( ciph, 0, sizeof ciph );
memset( test, 0, sizeof test );
- /* Initiliaze PK RSA context with random key */
+ /* Initialize PK RSA context with random key */
TEST_ASSERT( mbedtls_pk_setup( &rsa,
mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
TEST_ASSERT( pk_genkey( &rsa, RSA_KEY_SIZE ) == 0 );
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 14343aa..513e7a6 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2259,7 +2259,7 @@
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
cipher_decrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
-PSA symetric decrypt: CCM*-no-tag, input too short (15 bytes)
+PSA symmetric decrypt: CCM*-no-tag, input too short (15 bytes)
depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:MBEDTLS_AES_C
cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"2a2a2a2a2a2a2a2a":PSA_ERROR_INVALID_ARGUMENT
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 6cd6bee..8dd8e39 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -834,7 +834,7 @@
size_t n;
/* Skip the test case if the target running the test cannot
- * accomodate large keys due to heap size constraints */
+ * accommodate large keys due to heap size constraints */
ASSERT_ALLOC_WEAK( buffer, buffer_size );
memset( buffer, 'K', byte_size );
@@ -1198,7 +1198,7 @@
/* Test each valid way of initializing the object, except for `= {0}`, as
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
- * to supress the Clang warning for the test. */
+ * to suppress the Clang warning for the test. */
psa_key_attributes_t func = psa_key_attributes_init( );
psa_key_attributes_t init = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t zero;
@@ -1989,7 +1989,7 @@
/* Test each valid way of initializing the object, except for `= {0}`, as
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
- * to supress the Clang warning for the test. */
+ * to suppress the Clang warning for the test. */
psa_hash_operation_t func = psa_hash_operation_init( );
psa_hash_operation_t init = PSA_HASH_OPERATION_INIT;
psa_hash_operation_t zero;
@@ -2518,7 +2518,7 @@
/* Test each valid way of initializing the object, except for `= {0}`, as
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
- * to supress the Clang warning for the test. */
+ * to suppress the Clang warning for the test. */
psa_mac_operation_t func = psa_mac_operation_init( );
psa_mac_operation_t init = PSA_MAC_OPERATION_INIT;
psa_mac_operation_t zero;
@@ -2941,7 +2941,7 @@
/* Test each valid way of initializing the object, except for `= {0}`, as
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
- * to supress the Clang warning for the test. */
+ * to suppress the Clang warning for the test. */
psa_cipher_operation_t func = psa_cipher_operation_init( );
psa_cipher_operation_t init = PSA_CIPHER_OPERATION_INIT;
psa_cipher_operation_t zero;
@@ -5964,7 +5964,7 @@
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
- /* Allocate a buffer which has the size advertized by the
+ /* Allocate a buffer which has the size advertised by the
* library. */
signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
key_bits, alg );
@@ -6063,7 +6063,7 @@
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
- /* Allocate a buffer which has the size advertized by the
+ /* Allocate a buffer which has the size advertised by the
* library. */
signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
key_bits, alg );
@@ -6697,7 +6697,7 @@
/* Test each valid way of initializing the object, except for `= {0}`, as
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
- * to supress the Clang warning for the test. */
+ * to suppress the Clang warning for the test. */
size_t capacity;
psa_key_derivation_operation_t func = psa_key_derivation_operation_init( );
psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT;
@@ -7617,7 +7617,7 @@
NULL, 0 ) );
}
- /* Test the advertized capacity. */
+ /* Test the advertised capacity. */
PSA_ASSERT( psa_key_derivation_get_capacity(
&operation, &actual_capacity ) );
TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg );
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index a5ea840..128352b 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -995,7 +995,7 @@
/*
* Test encrypt failure
* First test that if we don't force a driver error, encryption is
- * successfull, then force driver error.
+ * successful, then force driver error.
*/
status = psa_cipher_encrypt(
key, alg, input->x, input->len,
diff --git a/tests/suites/test_suite_psa_crypto_entropy.data b/tests/suites/test_suite_psa_crypto_entropy.data
index 49d3f69..322363d 100644
--- a/tests/suites/test_suite_psa_crypto_entropy.data
+++ b/tests/suites/test_suite_psa_crypto_entropy.data
@@ -7,7 +7,7 @@
# randomization for (e.g.) blinding. An external implementation could use
# its own randomness source which is not affected by the forced failure of
# the RNG driver.
-# Key types and non-randomized auxilary algorithms (in practice, hashes) can
+# Key types and non-randomized auxiliary algorithms (in practice, hashes) can
# use an external implementation.
PSA external RNG failure: randomized ECDSA
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index 79d658f..9f68491 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -170,6 +170,7 @@
}
/* Null import: do nothing, but pretend it worked. */
+#if defined(AT_LEAST_ONE_BUILTIN_KDF)
static psa_status_t null_import( psa_drv_se_context_t *context,
psa_key_slot_number_t slot_number,
const psa_key_attributes_t *attributes,
@@ -186,8 +187,10 @@
*bits = PSA_BYTES_TO_BITS( data_length );
return( PSA_SUCCESS );
}
+#endif /* AT_LEAST_ONE_BUILTIN_KDF */
/* Null generate: do nothing, but pretend it worked. */
+#if defined(AT_LEAST_ONE_BUILTIN_KDF)
static psa_status_t null_generate( psa_drv_se_context_t *context,
psa_key_slot_number_t slot_number,
const psa_key_attributes_t *attributes,
@@ -208,6 +211,7 @@
return( PSA_SUCCESS );
}
+#endif /* AT_LEAST_ONE_BUILTIN_KDF */
/* Null destroy: do nothing, but pretend it worked. */
static psa_status_t null_destroy( psa_drv_se_context_t *context,
@@ -635,6 +639,7 @@
/* Check that a function's return status is "smoke-free", i.e. that
* it's an acceptable error code when calling an API function that operates
* on a key with potentially bogus parameters. */
+#if defined(AT_LEAST_ONE_BUILTIN_KDF)
static int is_status_smoke_free( psa_status_t status )
{
switch( status )
@@ -651,6 +656,8 @@
return( 0 );
}
}
+#endif /* AT_LEAST_ONE_BUILTIN_KDF */
+
#define SMOKE_ASSERT( expr ) \
TEST_ASSERT( is_status_smoke_free( expr ) )
@@ -658,6 +665,7 @@
* mostly bogus parameters: the goal is to ensure that there is no memory
* corruption or crash. This test function is most useful when run under
* an environment with sanity checks such as ASan or MSan. */
+#if defined(AT_LEAST_ONE_BUILTIN_KDF)
static int smoke_test_key( mbedtls_svc_key_id_t key )
{
int ok = 0;
@@ -766,6 +774,7 @@
return( ok );
}
+#endif /* AT_LEAST_ONE_BUILTIN_KDF */
static void psa_purge_storage( void )
{
@@ -1073,7 +1082,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:AT_LEAST_ONE_BUILTIN_KDF */
void import_key_smoke( int type_arg, int alg_arg,
data_t *key_material )
{
@@ -1186,7 +1195,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:AT_LEAST_ONE_BUILTIN_KDF */
void generate_key_smoke( int type_arg, int bits_arg, int alg_arg )
{
psa_key_type_t type = type_arg;
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index aa3ce28..d577663 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -325,7 +325,7 @@
case INVALIDATE_BY_DESTROYING:
case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN:
/*
- * Test that the key handle and identifier are now not refering to an
+ * Test that the key handle and identifier are now not referring to an
* existing key.
*/
TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ),
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 848a497..274f0de 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -10,7 +10,7 @@
Attempt to register multiple PSKs, incl. opaque PSK, #2
test_multiple_psks_opaque:2
-Test calback buffer sanity
+Test callback buffer sanity
test_callback_buffer_sanity:
Callback buffer test: Exercise simple write/read
@@ -624,7 +624,7 @@
SSL DTLS replay: delayed
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340002":0
-SSL DTLS replay: lastest replayed
+SSL DTLS replay: last replayed
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340003":-1
SSL DTLS replay: older replayed
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index e42f8ba..2685e6a 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -2229,7 +2229,7 @@
/* After calling mbedtls_ssl_renegotiate for the client all renegotiation
* should happen inside this function. However in this test, we cannot
- * perform simultaneous communication betwen client and server so this
+ * perform simultaneous communication between client and server so this
* function will return waiting error on the socket. All rest of
* renegotiation should happen during data exchanging */
ret = mbedtls_ssl_renegotiate( &(client.ssl) );
@@ -2321,7 +2321,7 @@
TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
/* Make sure calling put and get on a buffer that hasn't been set up results
- * in eror. */
+ * in error. */
mbedtls_test_buffer_init( &buf );
TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
@@ -5310,6 +5310,7 @@
mbedtls_ssl_config conf;
+ USE_PSA_INIT( );
mbedtls_ssl_config_init( &conf );
TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
@@ -5323,6 +5324,8 @@
exit:
mbedtls_ssl_config_free( &conf );
+
+ USE_PSA_DONE( );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 0ce4a2e..da12382 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,4 +1,4 @@
-Check compiletime library version
+Check compile time library version
check_compiletime_version:"3.1.0"
Check runtime library version
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 33591d3..8605b63 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -87,7 +87,7 @@
return -1;
}
-
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
int ca_callback( void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates )
{
@@ -141,6 +141,7 @@
*candidates = first;
return( ret );
}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )