mbedtls

Author	SHA1	Message	Date
Werner Lewis	745fcde406	Add reference to 2.x docs to migration guide Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-23 16:51:45 +01:00
Werner Lewis	3e5585b45d	Replace TEST_ASSERT macro uses Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-23 15:12:10 +01:00
Werner Lewis	ac80a66395	Reduce buffer sizes to expected size Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-23 15:11:50 +01:00
Przemek Stekiel	1b0ebdf363	Zeroize hkdf_label buffer Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-23 09:22:49 +02:00
Przemek Stekiel	38ab400dc4	Adapt code to be consistent with the existing code - init status to error - use simple assignment to status - fix code style (spaces) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-23 09:05:40 +02:00
XiaokangQian	c740345c5b	Adress review comments Change Code styles Add test cases Change-Id: I022bfc66fe509fe767319c4fe5f2541ee05e96fd Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-23 03:24:12 +00:00
Gabor Mezei	96ec831385	Do not encrypt CCS records According to the TLS 1.3 standard the CCS records must be unencrypted. When a record is not encrypted the counter, used in the dynamic IV creation, is not incremented. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-22 17:07:21 +02:00
Gabor Mezei	7e2dbafe2d	Add test for dummy CCS records Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-22 17:07:21 +02:00
Gabor Mezei	7b39bf178e	Send dummy change_cipher_spec records from TLS 1.3 server Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-22 17:07:21 +02:00
XiaokangQian	acb3992251	Add ALPN extension to the server side CustomizedGitHooks: yes Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-22 06:34:58 +00:00
Przemek Stekiel	b33bd19197	Enable HKDF EXTRACT/EXPAND algs Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-21 09:58:51 +02:00
Przemek Stekiel	d5ae365b97	Use PSA HKDF-Extrat/Expand algs instead mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_xpand() Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-21 07:22:33 +02:00
Przemek Stekiel	88e7101d03	Remove mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_expand() Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-21 07:22:33 +02:00
Przemek Stekiel	0c9e74bd55	Remove mbedtls_psa_hkdf_expand() and mbedtls_psa_hkdf_extract() tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-21 07:22:33 +02:00
Gilles Peskine	76851ae3a6	Add warnings to test code and data about storage format stability Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-20 19:10:35 +02:00
Gilles Peskine	228d99b57e	Document how to interpret negative reports The abi_check script has common false positives. Document the intent of each family of checks and typical cases of false positives that can be overridden. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-20 18:51:44 +02:00
Gilles Peskine	6100d3c93c	Remove redundant sentence Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-20 18:51:18 +02:00
Gilles Peskine	4b873874a3	Backward compatibility: the key store with drivers Promise that we will try to keep backward compatibility with basic driver usage, but not with more experimental aspects. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-20 18:50:09 +02:00
Gilles Peskine	9956efaf32	Backward compatibility: the key store Promise that we will keep supporting existing key store formats, at least until a major version comes along. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-20 18:48:52 +02:00
Gilles Peskine	43e51fa88c	Backward compatibility: add a note about the configuration Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-20 18:48:06 +02:00
Gilles Peskine	98473c4523	Officially deprecate MBEDTLS_PSA_CRYPTO_SE_C This was intended as experimental, and we've been saying for a long time that it's superseded by the "unified driver interface", but we hadn't documented that inside the Mbed TLS source code. So announce it as deprecated. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-20 18:46:22 +02:00
Gilles Peskine	7973399f7b	Add compatibility notes regarding values embedded in the key store Certain numerical values are written to the key store. Changing those numerical values would break the backward compatibility of stored keys. Add a note to the affected types. Add comments near the definitions of affected values. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-20 18:41:20 +02:00
Gilles Peskine	f070a5e5d5	Document how PSA identifiers are generally constructed Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-20 18:40:45 +02:00
Gilles Peskine	36aeb7f163	Merge pull request #5834 from mprse/HKDF_1 HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms	2022-06-20 15:27:46 +02:00
Werner Lewis	12657cdcc6	Remove binary int use Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-20 11:57:35 +01:00
Werner Lewis	90c46c376b	Use consistent test case names Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-20 11:53:17 +01:00
Werner Lewis	2f1d51070c	Fix incorrect param in function declaration Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-20 11:48:35 +01:00
Werner Lewis	b3acb053fb	Add mbedtls_x509_dn_get_next function Allow iteration through relative DNs when X509 name contains multi- value RDNs. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-17 16:40:55 +01:00
Dave Rodgman	eb8570f174	Fix missing newline Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-06-17 14:59:36 +01:00
Dave Rodgman	5cab9dafb7	fix whitespace Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-06-17 13:48:29 +01:00
Dave Rodgman	57080461f7	Add test-case for checking curve order Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-06-17 13:42:40 +01:00
Ronald Cron	ca3c6a5698	Merge pull request #5817 from xkqian/tls13_add_server_name Tls13 add server name	2022-06-16 08:30:09 +02:00
Gilles Peskine	6194053feb	ASN.1: test that we can parse what we can write In asn1_write tests, when there's a parsing function corresponding to the write function, call it and check that it can parse what we wrote. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-15 21:17:25 +02:00
Gilles Peskine	b7e215f6bc	Fix copypasta in test data Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-15 21:16:42 +02:00
XiaokangQian	75fe8c7e54	Change place of ssl_tls13_check_ephemeral_key_exchange Change-Id: Id49172f7375e2a0771ad1216fb7eead808f0db3e Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-15 09:42:45 +00:00
Ronald Cron	4ccd226cbf	Merge pull request #5864 from xkqian/tls13_add_comprehensive_cases Tls13 add comprehensive cases	2022-06-15 09:18:11 +02:00
XiaokangQian	fb665a8452	Adress the comments about styles and pick_cert Change-Id: Iee89a27aaea6ebc8eb01c6c9985487f081ef7343 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-15 03:57:21 +00:00
Przemek Stekiel	6c9fd61565	exercise_key_agreement_key: add special handling for HKDF_EXPAND Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-14 14:41:42 +02:00
Przemek Stekiel	d898745f70	exercise_key_agreement_key: provide SALT for HKDF_EXTRACT Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-14 11:41:52 +02:00
Przemek Stekiel	69c4679b22	Adapt macro name to meet requested criteria: MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF->BUILTIN_ALG_ANY_HKDF Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-14 11:13:32 +02:00
XiaokangQian	3ed16231ab	Refine server side SNI test cases Change-Id: Icdc91ed382e81702e3b46645d3ce3534e62d4a13 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-14 08:24:04 +00:00
XiaokangQian	07aad0710c	Refine function name ssl_tls13_pick_key_cert Change-Id: I821e1485d9cfcca88fa3e18d345766ea48c64250 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-14 05:35:09 +00:00
XiaokangQian	81802f43a2	Select certificate base on the received signature list Change-Id: Ife707db7fcfdb1e761ba86804cbf5dd766a5ee33 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-13 03:58:06 +00:00
Jerry Yu	b7c12a466f	Refactor compat scripts Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-12 20:53:02 +08:00
Gilles Peskine	2c2730a372	ASN.1 write tests: test with larger buffer Test with the output buffer size up to and including the expected output size plus one. `... < expected->len + 1` was evidently a mistake. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-10 20:15:44 +02:00
Gilles Peskine	321a08944b	Fix bug whereby 0 was written as 0200 rather than 020100 0200 is not just non-DER, it's completely invalid, since there has to be a sign bit. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-10 20:13:33 +02:00
Gilles Peskine	c9a30fba74	Add MPI write tests when the MPI object has a leading zero limb Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-10 20:13:07 +02:00
Gilles Peskine	0ab804a794	Fix mismatch between test data and test description Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-10 20:12:25 +02:00
Gilles Peskine	d8579b7673	Uncomment mbedtls_asn1_write_mpi tests with leading 1 bit mbedtls_asn1_write_mpi() correctly handles the sign bit, so there's no reason not to test that it's handled correctly. Fix copypasta in test data that was commented out. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-10 20:10:37 +02:00
XiaokangQian	9b938b7c37	Share code with base class in generate_tls13_compat_tests.py Change-Id: I4540bdff7072cdb9bcc9fdb0799c4165ca381b2a CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-10 07:06:32 +00:00

... 2 3 4 5 6 ...

20381 commits