Commit graph

23559 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
6b9503a32d
Merge pull request #7064 from valeriosetti/issue6860
driver-only ECDSA: get testing parity in SSL
2023-02-14 09:31:07 +01:00
Ronald Cron
70341c17b7
Merge pull request #6773 from yanrayw/6675-change-early_secrets-to-local
TLS 1.3: Key Generation: Change tls13_early_secrets to local variable
2023-02-14 09:03:32 +01:00
Pengyu Lv
e19b51bc53 Improve readability
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-14 10:29:53 +08:00
Paul Elliott
1748de160a Fix IAR Warnings
IAR was warning that conditional execution could bypass initialisation of
variables, although those same variables were not used uninitialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-13 15:35:35 +00:00
Gabor Mezei
a264831cff
Update documentation and add comments
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-13 16:29:05 +01:00
Andrzej Kurek
3e8f65a7e2 Add a changelog entry for URI SAN parsing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-13 10:21:20 -05:00
Andrzej Kurek
50836c4dfb Fix a comment in x509_crt.h
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-13 10:21:14 -05:00
Andrzej Kurek
4077372b98 Fix SHA requirement for SAN URI tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-13 10:18:17 -05:00
Andrzej Kurek
7a05fab716 Added the uniformResourceIdentifier subtype for the subjectAltName.
Co-authored-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-13 10:03:07 -05:00
Valerio Setti
1b08d421a7 test: fix: replace CAN_ECDSA_SOME with CAN_ECDSA_SIGN+CAN_ECDSA_VERIFY when both are needed
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Valerio Setti
16f02e0196 test: adjust include after PK_CAN_ECDSA_SOME was moved
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Valerio Setti
d928aeb9ac test_suite_ssl: use new macros for ECDSA capabilities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Valerio Setti
ed02bb1f95 test_suite_debug: replace ECDSA_C with new ECDSA macros
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Valerio Setti
5dc6867f7e test: don't skip debug and ssl suites in test parity for driver only ECDSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Manuel Pégourié-Gonnard
d3d8c852a0
Merge pull request #6997 from valeriosetti/issue6858
driver-only ECDSA: get testing parity in X.509
2023-02-13 15:30:06 +01:00
Gabor Mezei
5c9f401e47
Add more test cases
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-13 14:15:08 +01:00
Gabor Mezei
23d4b8baee
Add check for test
Check the bit length of the output of p192_raw.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-13 14:13:33 +01:00
Gabor Mezei
a9d82dd0a2
Keep the description in one place, just refer it
Delete the duplicated file description and refer to the original one
in generate_bignum_tests.py.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-13 14:10:23 +01:00
Valerio Setti
178b5bdddf pk: move MBEDTLS_PK_CAN_ECDSA_SOME macro to pk.h and fix tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 11:15:06 +01:00
Valerio Setti
a119cb64ef test: remove redundant ECDSA_C dependencies from test_suite_x509parse.data
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 09:54:49 +01:00
Manuel Pégourié-Gonnard
daa65956c3
Merge pull request #7046 from mpg/cleanup-md-tests
Clean up MD tests
2023-02-13 09:51:28 +01:00
Janos Follath
1e4abae73e
Merge pull request #7048 from KloolK/record-size-limit/extend-test-framework
Extend test framework for Record Size Limit Extension
2023-02-13 08:17:12 +00:00
Gilles Peskine
a9d39c42e9
Merge pull request #7085 from sergio-nsk/patch-1
Fix unreachable code compiler warning in psa_crypto_driver_wrappers.c
2023-02-12 23:56:32 +01:00
Dave Rodgman
641288bc1e Restore test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 22:02:04 +00:00
Dave Rodgman
91e832168f Restore more test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 20:07:43 +00:00
Dave Rodgman
a476363042 Restore more test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 18:36:23 +00:00
Dave Rodgman
d26d7445b8 Restore guards on a couple of tests
These tests check for failures, but can only fail where SIZE_MAX
exceeds some limit (UINT_MAX or UINT32_MAX) and do not fail
in this way otherwise - so guards are needed.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 17:22:03 +00:00
Sergey
c36c14c7af
Update psa_crypto_driver_wrappers.c.jinja
Signed-off-by: Sergey <sergio_nsk@yahoo.de>
2023-02-10 14:14:00 -07:00
Dave Rodgman
ab1f3c153a
Merge pull request #7081 from tom-cosgrove-arm/dont-use-lstrlenW 2023-02-10 20:50:07 +00:00
Dave Rodgman
54647737f6 Add checks to selftest
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 16:16:17 +00:00
Dave Rodgman
4a5c9ee7f2 Remove redundant SIZE_MAX guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 16:03:44 +00:00
Dave Rodgman
37296a413a Document SIZE_MAX requirement in README.md
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 15:39:22 +00:00
Valerio Setti
78f79d323d ecp: add documentation for compressed points limitations
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-10 16:32:58 +01:00
Valerio Setti
25fd51f4af test: add missing include in test_suite_x509parse
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-10 15:21:40 +01:00
Gilles Peskine
928593f732
Merge pull request #7041 from gilles-peskine-arm/pk_ext-pss_options-public
Make the fields of mbedtls_pk_rsassa_pss_options public
2023-02-10 15:08:06 +01:00
Gilles Peskine
3196ceb2fb
Merge pull request #7052 from yanrayw/7008-compatsh-disable-VERIFY-for-PSK
compat.sh: remove VERIFY and duplicate test cases for PSK
2023-02-10 15:07:27 +01:00
Gilles Peskine
b009559c8f
Merge pull request #7049 from KloolK/typos
Fix typos
2023-02-10 15:07:07 +01:00
Gilles Peskine
b8531c4b0b
Merge pull request #6882 from AndrzejKurek/x509_san_parsing_testing-dev
X.509: Fix bug in SAN parsing and enhance negative testing
2023-02-10 15:05:32 +01:00
Gilles Peskine
91af0f9c0e Minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-10 14:31:36 +01:00
Gilles Peskine
ff674d4c6f Typos
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-10 14:31:17 +01:00
Dave Rodgman
f691268ee9 Add missing initialisers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
35598adb78 pkcs7: Check that hash algs are in digestAlgorithms
Since only a single hash algorithm is currenlty supported, this avoids
having to perform hashing more than once.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
6cfc469296 pkcs7: reject signatures with internal data
A CMS signature can have internal data, but mbedTLS does not support
verifying such signatures.  Reject them during parsing.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
e373a254c4 pkcs7: do not store content type OIDs
They will always be constant.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
55d9df25ef Simple cleanup
No change in behavior.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
4ec8355795 Check for junk after SignedData
There must not be any.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
aaf3c0028d pkcs7: do not store content type OID
Since only one content type (signed data) is supported, storing the
content type just wastes memory.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
512818b1d2 pkcs7: check that content lengths fill whole buffer
Otherwise invalid data could be accepted.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 12:56:10 +00:00
Dave Rodgman
a22749e749
Merge pull request #6816 from nick-child-ibm/pkcs7_coverage
Pkcs7 coverage
2023-02-10 12:55:29 +00:00
Tom Cosgrove
b96c309395 Don't use lstrlenW() on Windows
The lstrlenW() function isn't available to UWP apps, and isn't necessary, since
when given -1, WideCharToMultiByte() will process the terminating null character
itself (and the length returned by the function includes this character).

Resolves #2994

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-02-10 12:52:13 +00:00