mbedtls

Author	SHA1	Message	Date
Hanno Becker	6454993e2e	Safeguard against calling p255 reduction with single-width MPI (In this case, there's nothing to do anyway since we only do a quasi-reduction to N+1 limbs) Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 07:35:58 +01:00
Hanno Becker	25bb732ea7	Simplify x25519 reduction using internal bignum MLA helper Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 07:03:48 +01:00
Hanno Becker	aef9cc4f96	Rename mpi_mul_hlp -> mbedtls_mpi_core_mla and expose internally This paves the way for the helper to be used from the ECP module Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 07:03:43 +01:00
Andrzej Kurek	57f58b0e65	Prefer TEST_EQUAL over TEST_ASSERT in test suites Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-08 16:51:03 -04:00
Gilles Peskine	b4f874d1da	raw_key_agreement_fail: Add a nominal run Ensure that the nominal run works properly, so that it's apparent that the injected failure is responsible for the failure of the handshake. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-08 16:50:38 -04:00
Gilles Peskine	6cbc9986fb	Remove redundant empty slot count check USE_PSA_DONE() already checks that there are no used key slots. The call to TEST_ASSERT() wouldn't have worked properly on failure anyway, since it would jump back to the exit label. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-08 16:47:19 -04:00
Andrzej Kurek	28f883eba5	Remove RSA & DTLS dependency in raw key agreement test Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-08 16:46:57 -04:00
Gilles Peskine	e1730e492d	Merge pull request #5708 from AndrzejKurek/timeless-struggles Remove the dependency on MBEDTLS_TIME_H from the timing module	2022-04-08 18:43:16 +02:00
Adam Wolf	039080fba7	Fix spelling of 'reasonable' in comments Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-04-08 16:49:04 +01:00
Paul Elliott	ed334d2e2f	Merge pull request #5623 from gstrauss/inline-cert_cb Introduce mbedtls_ssl_hs_cb_t typedef	2022-04-08 16:04:31 +01:00
Neil Armstrong	cb87403560	Use 1024 bits RSA key size for RSA PK Opaque tests Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:14:40 +02:00
Neil Armstrong	95a892311d	Comment decrypt & encrypt callback entries of mbedtls_pk_ecdsa_opaque_info as not relevant Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:13:51 +02:00
Neil Armstrong	7df6677c34	Remove now invalid comment in pk_opaque_ecdsa_can_do() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:13:06 +02:00
Neil Armstrong	56e71d4d1a	Update documentation of mbedtls_pk_setup_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:12:42 +02:00
Neil Armstrong	eccf88fa48	Only accept RSA key pair in mbedtls_pk_setup_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:11:50 +02:00
Dave Rodgman	f945e0a475	Update ChangeLog.d/alert_reentrant.txt Co-authored-by: Gilles Peskine <gilles.peskine@arm.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:59:30 +01:00
Dave Rodgman	e2e7e9400b	Fail for types not of size 2, 4 or 8 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:46:30 +01:00
Hanno Becker	baae59cd49	Improve documentation of absence-of-padding check Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:46:29 +01:00
Hanno Becker	0d7dd3cd43	Check that size_t and ptrdiff_t don't have padding Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:46:26 +01:00
Hanno Becker	4ab3850605	Check that integer types don't use padding bits in selftest This commit modifies programs/test/selftest to include a check that none of the standard integer types (unsigned) [short, int, long, long] uses padding bits, which we currently don't support. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:45:05 +01:00
Hanno Becker	8813c03cb0	Add ChangeLog entry Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:16:55 +01:00
Hanno Becker	5e18f74abb	Make alert sending function re-entrant Fixes #1916 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:16:43 +01:00
Jacob Schloss	d8a573b9d9	Fix spelling of 'features' in comment Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-04-08 10:23:14 +01:00
Gilles Peskine	e756f642cd	Seed the PRNG even if time() isn't available time() is only needed to seed the PRNG non-deterministically. If it isn't available, do seed it, but pick a static seed. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-08 04:46:41 -04:00
Andrzej Kurek	5735369f4a	Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C The timing module might include time.h on its own when on a suitable platform, even if MBEDTLS_HAVE_TIME is disabled. Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-08 04:41:42 -04:00
Gilles Peskine	7d904e7127	Test MBEDTLS_PSA_CRYPTO_CONFIG_FILE and MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-07 21:59:53 +02:00
Gilles Peskine	e10df779b7	Test MBEDTLS_USER_CONFIG_FILE as such Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-07 21:59:53 +02:00
Gilles Peskine	f4798279c0	Remove obsolete comment mbedtls/mbedtls_config.h (formerly mbedtls/config.h) used to be included directly in many places, so we wanted to test that all of these places allowed the MBEDTLS_CONFIG_FILE override. Now mbedtls/mbedtls_config.h is only included via build_info.h, so this is not relevant anymore. It is no longer particularly useful to test MBEDTLS_CONFIG_FILE with the full config, but it isn't harmful either, so keep it that way. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-07 21:59:53 +02:00
Gilles Peskine	2003c2f455	Simplify build_mbedtls_config_file $CONFIG_H no longer includes check_config.h since Mbed TLS 3.0. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-07 21:40:25 +02:00
Gilles Peskine	f4c6eb0a49	Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, support an alternative file to include instead of "psa/crypto_config.h", and an additional file to include after it. This follows the model of the existing MBEDTLS_{,USER_}CONFIG_FILE. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-07 21:40:22 +02:00
Glenn Strauss	236e17ec26	Introduce mbedtls_ssl_hs_cb_t typedef Inline func for mbedtls_ssl_conf_cert_cb() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-07 14:18:30 -04:00
Thomas Daubney	7435d2d08e	Renames encrypt setup tests Similar to the previous commit, this commit removes the word 'multi-part' from the encrypt setup tests. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-04-07 15:21:47 +01:00
Gilles Peskine	a91b68564c	Merge pull request #5429 from yuhaoth/pr/fix-parallel-build-fail-of-cmake_out_source fix parallel build fail of cmake out source	2022-04-07 16:21:43 +02:00
Gilles Peskine	8e5e8d73db	Merge pull request #5686 from AndrzejKurek/off-by-one-ssl-opt Fix an off-by-one error in ssl-opt.sh	2022-04-07 16:20:55 +02:00
Thomas Daubney	5defdfcc8a	Renames decrypt setup tests The word multi-part is implied and has hence been removed. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-04-07 15:17:32 +01:00
Thomas Daubney	6f57be93ec	Removes unecessary statement After other changes had taken place the call to PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ) was no longer needed. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-04-07 15:10:34 +01:00
Thomas Daubney	d9c69b7655	Changes PSA initialisation Commit adds in call to PSA_INIT() Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-04-07 14:57:10 +01:00
Przemek Stekiel	e3ee221893	Free other secret in tls12_prf context Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-07 15:41:56 +02:00
Przemek Stekiel	23650286ac	Add psa_tls12_prf_set_other_key() function to store other secret input Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-07 15:41:46 +02:00
Przemek Stekiel	c4b814a9c2	psa_tls12_prf_key_derivation_state_t: add optional step to set other key Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-07 15:01:50 +02:00
Przemek Stekiel	f4e8f01964	psa_tls12_prf_key_derivation_t: add other_secret and other_secret_length fields to handle mixed PSK Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-07 15:01:50 +02:00
Przemek Stekiel	37c81c4f05	Extend PSA_ALG_TLS12_PSK_TO_MS alg (add #PSA_KEY_DERIVATION_INPUT_OTHER_SECRET input) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-07 15:01:50 +02:00
Neil Armstrong	c1152e4a0f	Handle and return translated PSA errors in mbedtls_pk_wrap_as_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	7e1b4a45fa	Use PSA_BITS_TO_BYTES instead of open-coded calculation in mbedtls_pk_wrap_as_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	b354742371	Update documentation of mbedtls_pk_setup_opaque() The function now accepts a RSA key pair in addition to an ECC key pair. Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	295aeb17e6	Add support for RSA Opaque PK key in mbedtls_pk_write_pubkey_der() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	b980c9b48c	Add support for RSA in pk_opaque_sign_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	ca5b55f0d1	Add support for RSA in mbedtls_pk_wrap_as_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	67fc036976	Add support for RSA wrap in pk_psa_sign() test Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 14:51:47 +02:00
Neil Armstrong	5b87ebb601	Prepare pk_psa_sign() test to accept RSA parameters Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 14:51:47 +02:00

... 6 7 8 9 10 ...

19860 commits