mbedtls

Author	SHA1	Message	Date
Gilles Peskine	7d3186d18a	Disable MBEDTLS_SSL_RENEGOTIATION in tls13-only configuration There's no renegotiation in TLS 1.3, so this option should have no effect. Insist on having it disabled, to avoid the risk of accidentally having different behavior in TLS 1.3 if the option is enabled (as happened in https://github.com/Mbed-TLS/mbedtls/issues/6200). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 19:47:23 +01:00
Dave Rodgman	f4385faa6f	Merge pull request #7188 from paul-elliott-arm/interruptible_sign_hash_complete_after_start_fail Interruptible {sign\|verify} hash - Call complete() after start() failure.	2023-03-01 17:18:08 +00:00
Paul Elliott	42585f678b	Merge pull request #7176 from paul-elliott-arm/interruptible_sign_hash_verify_test_improvements Interruptible {sign\|verify} hash verification test improvements	2023-03-01 15:00:45 +00:00
Paul Elliott	ebf2e38662	Merge pull request #7177 from paul-elliott-arm/interruptible_sign_hash_improve_num_ops_testing Interruptible sign hash improve num ops testing	2023-03-01 14:59:44 +00:00
Paul Elliott	de7c31e082	Improve comment wording Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-01 14:43:52 +00:00
Gilles Peskine	1eae11565d	Merge pull request #6949 from bensze01/replace_pkcs7_fuzzer_tests Replace fuzzer-generated PKCS #7 memory management tests	2023-03-01 10:46:22 +01:00
Paul Elliott	7c17308253	Add num_ops tests to sign and verify interruptible hash This is the only test usable for non-deterministic ECDSA, thus needs this code path testing as well. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:23:29 +00:00
Paul Elliott	8359c14c14	Add hash corruption test to interruptible verify test Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:23:29 +00:00
Paul Elliott	c1e0400bac	Add test to check not calling get_num_ops() Make sure that not calling get_num_ops() inbetweeen calls to complete() does not mean that ops get lost (Regression test for previous fix). Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:20:14 +00:00
Paul Elliott	9e8819f356	Move 'change max_ops' test into ops tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:20:14 +00:00
Paul Elliott	5770224ef3	Rename max ops tests to ops tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:20:14 +00:00
Gilles Peskine	7e677fa2c5	Merge pull request #6389 from gilles-peskine-arm/ecdsa-use-psa-without-pkwrite Remove pkwrite dependency in pk using PSA for ECDSA	2023-02-28 18:17:16 +01:00
Gilles Peskine	b52b788e55	Merge pull request #6895 from yuhaoth/pr/add-aes-with-armv8-crypto-extension Add AES with armv8 crypto extension	2023-02-28 18:16:37 +01:00
Paul Elliott	587e780812	Test calling complete() after {sign\|verify}_hash_start fails Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:13:39 +00:00
Gilles Peskine	e4616830b3	Merge pull request #7137 from lpy4105/issue/1785/ssl-test-script-fail compat.sh: Skip static ECDH cases if unsupported in openssl	2023-02-28 18:11:39 +01:00
Dave Rodgman	17152df58d	Merge pull request #7175 from paul-elliott-arm/interruptible_sign_hash_test_comments Interruptible sign hash test comments	2023-02-28 17:09:43 +00:00
Gilles Peskine	ebb63420cc	Merge pull request #7124 from oberon-microsystems/fix-test-output-length-on-success-only Fix test to check output length on PSA_SUCCESS only	2023-02-28 18:09:33 +01:00
Bence Szépkúti	35d674a6ee	Replace usage of echo -e in pkcs7 data Makefile This use of the shell builtin is not portable. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2023-02-28 17:01:21 +01:00
Dave Rodgman	ffb4dc38c8	Merge pull request #7183 from paul-elliott-arm/interruptible_sign_hash_test_max_ops_0 Interruptible {sign\|verify} hash : Change max_ops=min tests to use a value of zero.	2023-02-28 15:56:01 +00:00
Bence Szépkúti	4a2fff6369	Fix expected error code This was overlooked during the rebase. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2023-02-28 16:40:27 +01:00
Paul Elliott	ac2251dad1	Merge pull request #7076 from mprse/parse_RFC822_name Add parsing of x509 RFC822 name + test	2023-02-27 14:16:13 +00:00
Paul Elliott	cd7e8bce03	Change max_ops=min tests to use zero Zero is the minimum value defined by the spec, just because the internal implementation treats zero and one as the same thing does not mean that other implementations will also do so. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-27 12:21:36 +00:00
Stephan Koch	5819d2c141	Feedback from Arm: guarantee that output_length <= output_size even on error, to reduce the risk that a missing error check escalates into a buffer overflow in the application code Signed-off-by: Stephan Koch <koch@oberon.ch>	2023-02-27 11:49:13 +01:00
oberon-sk	10c0f770ce	asymmetric_encrypt: check output length only if return code is PSA_SUCCESS. Signed-off-by: Stephan Koch <koch@oberon.ch>	2023-02-27 11:48:51 +01:00
Paul Elliott	c2033502f5	Give edge case tests a better name Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-26 18:47:58 +00:00
Paul Elliott	c7f6882995	Add comments to each test case to show intent Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-26 18:47:58 +00:00
Bence Szépkúti	248971348b	Replace fuzzer-generated PKCS7 regression tests This commit adds well-formed reproducers for the memory management issues fixed in the following commits: `290f01b3f5` `e7f8c616d0` `f7641544ea` Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2023-02-24 15:31:03 +01:00
Pengyu Lv	9e7bb2a92c	Update some comments Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-23 16:03:56 +08:00
Janos Follath	406b9172ad	Merge pull request #7044 from minosgalanakis/bignum/6342_add_named_moduli_setup Bignum: Add named moduli setup	2023-02-22 12:14:33 +00:00
Pengyu Lv	07d5085fcf	Skip ECDH ciphersuites for O->m pair The mechanism of detecting unsupported ciphersuites for OpenSSL client doesn't work on a modern OpenSSL. At least, it fails on Travis CI which is installed with OpenSSL 1.1.1f. So we need to skip ECDH cipher- suites for O->m. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-22 12:18:48 +08:00
Pengyu Lv	a64c277588	compat.sh: Skip all ECDH_ ciphersuites Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-22 10:19:40 +08:00
Gilles Peskine	ffb92b0789	Merge pull request #7105 from davidhorstmann-arm/fix-oid-printing-bug Fix bugs in OID to string conversion	2023-02-21 23:16:44 +01:00
Paul Elliott	48c591cb56	Fix warning with GCC 12 Fix warning about variable being used uninitialised. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-21 16:31:56 +00:00
Gilles Peskine	250a5ac4cb	Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle Implement PSA interruptible sign/verify hash	2023-02-21 15:13:34 +01:00
Przemek Stekiel	a006f8c17b	Adapt dependencies for parsing rfc822Name test Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-21 13:36:56 +01:00
Dave Rodgman	e42cedf256	Merge pull request #7077 from daverodgman/pkcs7-fixes-dm-rebased Pkcs7 fixes	2023-02-21 11:53:30 +00:00
Pengyu Lv	5e780df3e3	Only use standard cipher name Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-21 14:19:27 +08:00
David Horstmann	a4fad2ba67	Correct error code in test_suite_x509parse.data Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-20 14:57:47 +00:00
Dave Rodgman	716163e824	Improve allocation bounds in testing Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-20 14:46:51 +00:00
David Horstmann	5b5a0b618c	Change error codes to more appropriate codes The more precise error codes are borrowed from the ASN1 module. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-20 14:24:12 +00:00
Przemek Stekiel	5b9e4168cf	Add rfc822Name support in mbedtls_x509_info_subject_alt_name + adapt test Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-20 15:09:50 +01:00
Przemek Stekiel	608e3efc47	Add test for parsing SAN: rfc822Name Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-20 15:09:50 +01:00
Minos Galanakis	a30afe2216	ecp_curves: Minor refactoring. This patch introduces the following changes: * Documentation for `mbedtls_ecp_modulus_setup()` moved to `ecp_invasive.h`. * Added invalid modulus selector `MBEDTLS_ECP_MOD_NONE`. * Adjusted negative tests to use invalid selectors. * Reworded documentation. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-02-20 13:53:06 +00:00
Minos Galanakis	36f7c0e69b	test_suite_ecp: Added .data for `ecp_setup_test()` Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-02-20 13:51:49 +00:00
Minos Galanakis	9a1d02d738	test_suite_ecp: Added test for `mbedtls_ecp_modulus_setup()` Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-02-20 13:51:48 +00:00
Janos Follath	ec718afb41	Merge pull request #7051 from gabor-mezei-arm/6376_Secp521r1_fast_reduction Add a raw entry point to Secp521r1 fast reduction	2023-02-20 13:03:12 +00:00
Manuel Pégourié-Gonnard	718eb4f190	Merge pull request #7025 from AndrzejKurek/uri_san Add the uniformResourceIdentifier subtype for the subjectAltName	2023-02-20 11:29:59 +01:00
Pengyu Lv	1c0e4c013a	compat.sh: skip static ECDH cases if unsupported in openssl This commit add support to detect if openssl used for testing supports static ECDH key exchange. Skip the ciphersutes if openssl doesn't support them. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-20 18:05:21 +08:00
Paul Elliott	f8e5b56ad8	Fix get_num_ops internal code. Previously calling get_num_ops more than once would have ended up with ops getting double counted, and not calling inbetween completes would have ended up with ops getting missed. Fix this by moving this to where the work is actually done, and add tests for double calls to get_num_ops(). Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-19 18:55:10 +00:00
Dave Rodgman	d652dce9ea	Add failing test case (invalid signature) for zero-length data Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-16 16:39:34 +00:00

1 2 3 4 5 ...

8250 commits