mbedtls

Author	SHA1	Message	Date
Manuel Pégourié-Gonnard	1c91b0c434	Clarify warning about mbedtls_pk_ec/rsa() The previous wording "ensure it holds an XXX" context did not mean anything without looking at the source. Looking at the source, the criterion is: - for mbedtls_pk_rsa(), that the info structure uses rsa_alloc_wrap; - for mbedtls_pk_ec(), that it uses eckey_alloc_wrap or ecdsa_alloc_wrap, since mbedtls_ecdsa_context is a typedef for mbedtls_ecp_keypair. (Note that our test code uses mbedtls_pk_ec() on contexts of type MBEDTLS_PK_ECDSA.) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard	b64fb62ead	Fix unchecked return value from internal function Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard	32a38dfec5	Add ChangeLog for potential overread with USE_PSA The issue was fixed while adding support for static ECDH with Opaque keys: https://github.com/Mbed-TLS/mbedtls/pull/5624 This is just adding the ChangeLog entry for that fix. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:29 +02:00
Gilles Peskine	e0469b5908	Merge pull request #931 from AndrzejKurek/clihlo_cookie_pxy_fix Add a client hello cookie_len overflow test	2022-06-20 19:35:54 +02:00
Andrzej Kurek	755ddff25c	Fix print format in a debug message Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-15 07:32:02 -04:00
Andrzej Kurek	ca35f5bed0	test_suite_ssl: Use a zero fragment offset in a test with a too short record Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-15 07:19:40 -04:00
Andrzej Kurek	cbe14ec967	Improve variable extracting operations by using MBEDTLS_GET macros Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-15 07:17:28 -04:00
Ronald Cron	4ccd226cbf	Merge pull request #5864 from xkqian/tls13_add_comprehensive_cases Tls13 add comprehensive cases	2022-06-15 09:18:11 +02:00
Jerry Yu	b7c12a466f	Refactor compat scripts Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-12 20:53:02 +08:00
Andrzej Kurek	96d5439da5	Fix incorrect changelog entry Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-10 04:26:08 -04:00
XiaokangQian	9b938b7c37	Share code with base class in generate_tls13_compat_tests.py Change-Id: I4540bdff7072cdb9bcc9fdb0799c4165ca381b2a CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-10 07:06:32 +00:00
XiaokangQian	fb1a3fe7f3	Address comments about python syntax CustomizedGitHooks: yes Change-Id: I5c4d39789df802d0b839061ce8c59ad241917d0b Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-10 02:27:52 +00:00
XiaokangQian	b1847a234e	Re-structure to share more common code Change-Id: I5034485f7511238d083c2725fbef8818d33ffb07 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-09 02:53:23 +00:00
Andrzej Kurek	ed4d217874	Add missing test dependencies for cookie parsing Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-08 11:57:57 -04:00
Andrzej Kurek	b58cf0d172	Split a debug message into two - for clarity Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-08 11:53:59 -04:00
Andrzej Kurek	078e9bcda6	Add the mbedtls prefix to ssl_check_dtls_clihlo_cookie Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-08 11:47:33 -04:00
Paul Elliott	271c3052fb	Merge pull request #5892 from AndrzejKurek/ssl-opt-client-kill-fix Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell	2022-06-08 14:27:01 +01:00
Dave Rodgman	11930699f1	Merge pull request #5827 from wernerlewis/time_utc Use ASN1 UTC tags for dates before 2000	2022-06-08 13:54:19 +01:00
Paul Elliott	5f2bc754d6	Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests Pr/add-tls13-moving-state-tests	2022-06-08 13:39:52 +01:00
Manuel Pégourié-Gonnard	3a833271aa	Merge pull request #5727 from SiliconLabs/feature/PSEC-3207-TLS13-hashing-HMAC-to-PSA Feature psec-3207 move TLS13 hashing and hmac to psa	2022-06-08 11:53:35 +02:00
pespacek	d9aaf768b5	Fixing CI complains. Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-08 09:44:11 +02:00
Ronald Cron	5313f034b4	Add change log Add change log for the bug fixed in "fix move state to handshake over fail" commit Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-08 09:26:03 +02:00
pespacek	b06acd734b	Fixing PSA return status Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-07 13:07:21 +02:00
Ronald Cron	00e5eaad62	test: ssl: Remove more TLS 1.2 dependencies in handshake state tests That way the concerned tests are also run in the TLS 1.3 only configuration where a TLS 1.3 handshake is performed. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-07 11:14:01 +02:00
Ronald Cron	bdddaef9bb	test: ssl: Enable client authentication in handshake state tests The endpoint initialization function was setting up a certificate but the client certificate was not used because client authentication was not enabled (not enabled in the default SSL server configuration). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-07 11:13:49 +02:00
Ronald Cron	209cae9c42	tls13: server: Fix state update in CLIENT_CERTIFICATE The state should be updated only if the handler returns in success. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-07 10:58:22 +02:00
pespacek	670913f4dc	Fixing return value for ssl_tls13_write_certificate_body() Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-07 10:53:39 +02:00
Dave Rodgman	4b55a89327	Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor Add accessor for x509 certificate extension types	2022-06-06 21:51:38 +01:00
Andrzej Kurek	e6487ab490	Add a changelog entry for the cookie parsing bounds bug Co-authored-by: Gilles Peskine <Gilles.Peskine@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-06 15:31:08 -04:00
Andrzej Kurek	cfb01948c8	Add cookie parsing tests to test_suite_ssl Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-06 15:29:15 -04:00
Andrzej Kurek	c8183cc492	Add missing sid_len in calculations of cookie sizes This could lead to a potential buffer overread with small MBEDTLS_SSL_IN_CONTENT_LEN. Change the bound calculations so that it is apparent what lengths and sizes are used. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-06 15:28:56 -04:00
Andrzej Kurek	140b589ec6	Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell When executing eval in the background, the next "$!" gives the eval PID, not the ssl-client2 pid. This causes problems when a client times out and the script tries to kill it. Instead, it kills the parent eval call. This caused problems with subsequent proxy tests receiving old packets from a client from a previous test. Moving the "&" to inside the eval call fixes the problem. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-06 15:02:36 -04:00
Gilles Peskine	364fd8bb71	More SSL debug messages for ClientHello parsing In particular, be verbose when checking the ClientHello cookie in a possible DTLS reconnection. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-06 14:25:41 -04:00
Thomas Daubney	5c9c2ce86d	Add correct test dependencies Functions called within the test mean that MBEDTLS_X509_CRT_PARSE_C is a test dependency and so is declared in this commit. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-06-06 16:36:43 +01:00
Thomas Daubney	a5f39e0ec2	Move accessor definition Move the definition of the accessor so that it is not defined within the MBEDTLS_X509_CRT_WRITE_C guards. Thus remove the dependency from the test and test cases. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-06-06 15:42:32 +01:00
Dave Rodgman	5e03d9e601	Merge pull request #5837 from robert-shade/robert-shade/add_subdirectory_support Allow building as a subdir	2022-06-06 14:11:06 +01:00
Jerry Yu	6994e3e0c2	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-06 11:50:49 +08:00
Werner Lewis	acd01e58a3	Use ASN1 UTC tags for dates before 2000 Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-01 16:24:28 +01:00
Jerry Yu	f2d32e6c3d	fix tls13_only test fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-01 18:05:18 +08:00
Gilles Peskine	8399cccd2e	Merge pull request #5829 from paul-elliott-arm/fix_ct_uninit_memory_access Fix uninitialised memory access in constant time functions	2022-06-01 11:42:51 +02:00
Thomas Daubney	3d3cfc5553	Add Changelog entry Add Changelog entry for changes made in this PR. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-06-01 10:23:50 +01:00
Thomas Daubney	3ff4fc6997	Add test data Add two test cases for accessor test. One test where desired ext type is presentent and the other of when the ext type is not present. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-06-01 10:23:50 +01:00
Thomas Daubney	bd5466ab7e	Add test for accessor Add test logic for accessor. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-06-01 10:23:50 +01:00
Thomas Daubney	979aa49d1c	Add accessor for x509 certificate extension types Add accessor for x509 certificate extension types Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-06-01 10:22:14 +01:00
Jerry Yu	7bf3358a2d	Remove duplicated tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-01 16:55:17 +08:00
Jerry Yu	1443537da3	fix test fail when WANT_READ/WRITE returned Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-01 15:53:31 +08:00
Jerry Yu	66537f40b6	fix certificate request fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-31 19:53:05 +08:00
Jerry Yu	1e7c438b67	remove tls1.3 dependancy Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-31 19:51:38 +08:00
Gilles Peskine	f940693960	Merge pull request #5725 from tom-daubney-arm/x25519_program Rewrite x25519 example program	2022-05-31 11:27:22 +02:00
Gilles Peskine	09858ae664	Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa Deprecate mbedtls_cipher_setup_psa()	2022-05-31 10:56:52 +02:00

1 2 3 4 5 ...

20147 commits