mbedtls

Author	SHA1	Message	Date
Dave Rodgman	d12b592bc1	Changelog Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-12 08:50:58 +00:00
Dave Rodgman	7c33b0cac6	Remove pre-production warnings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-12 08:50:58 +00:00
Dave Rodgman	3ef7a6af12	Merge pull request #7269 from daverodgman/pkcs7-no-datetime	2023-03-11 12:57:54 +00:00
Dave Rodgman	f8565b3c2b	Add more PKCS #7 tests with expired cert Add test which uses an expired cert but is otherwise OK, which passes if and only if MBEDTLS_HAVE_TIME_DATE is not set. Add similar test which verifies against a different data file, which must fail regardless of MBEDTLS_HAVE_TIME_DATE. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-11 10:26:39 +00:00
Dave Rodgman	2e8442565a	Add PKCS #7 test files using expired cert Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-11 10:24:30 +00:00
Dave Rodgman	cc77fe8e52	Fix PKCS #7 tests when MBEDTLS_HAVE_TIME_DATE unset Ensure that verification of an expired cert still fails, but update the test to handle the different error code. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-11 09:46:13 +00:00
Gilles Peskine	d0f9b0bacc	Don't warn about Msan/Valgrind if AESNI isn't actually built The warning is only correct if the assembly code for AESNI is built, not if MBEDTLS_AESNI_C is activated but MBEDTLS_HAVE_ASM is disabled or the target architecture isn't x86_64. This is a partial fix for #7236. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-10 22:28:25 +01:00
Gilles Peskine	d4f31c87d1	Update bibliographic references There are new versions of the Intel whitepapers and they've moved. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-10 22:21:47 +01:00
Dave Rodgman	9c9601bac5	Merge pull request #7247 from daverodgman/zero-signers	2023-03-10 18:44:11 +00:00
Dave Rodgman	d51b1c5666	Remove duplicate test macros Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-10 17:44:08 +00:00
Manuel Pégourié-Gonnard	2301a80a73	Merge pull request #7245 from mpg/driver-only-ecdsa-wrapup Driver-only ecdsa wrapup	2023-03-10 17:23:29 +01:00
Przemek Stekiel	55ceff6d2f	Code optimization and style fixes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 14:36:16 +01:00
Dave Rodgman	ca43e0d0ac	Fix test file extension Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-10 13:06:01 +00:00
Dave Rodgman	f2f2dbcfd7	Add test case for PKCS7 file with zero signers The test file was created by manually modifying tests/data_files/pkcs7_data_without_cert_signed.der, using ASN.1 JavaScript decoder https://lapo.it/asn1js/ Changes made: The SignerInfos set was truncated to zero length. All the parent sequences, sets, etc were then adjusted for their new reduced length. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-10 12:52:00 +00:00
Manuel Pégourié-Gonnard	c2495f78e6	Add a ChangeLog entry for driver-only ECDSA Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-10 12:37:16 +01:00
Manuel Pégourié-Gonnard	439dbc5c60	Fix dependency for TLS 1.3 as well Turns out TLS 1.3 is using the PK layer for signature generation & verification, and the PK layer is influenced by USE_PSA_CRYPTO. Also update docs/use-psa-crypto.md accordingly. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-10 12:37:15 +01:00
Manuel Pégourié-Gonnard	45bcb6aac8	Fix dependencies of 1.2 ECDSA key exchanges Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2... Also, move the definition of PSA_HAVE_FULL_ECDSA outside the MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-10 12:37:15 +01:00
Dave Rodgman	ac447837d3	Merge pull request #7206 from xkqian/test_memory_management_in_pkcs7 Test memory management in pkcs7	2023-03-10 11:29:50 +00:00
Przemek Stekiel	e9254a0e55	Adapt driver dispatch documentation for user/peer getters Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 09:18:03 +01:00
Przemek Stekiel	4cd20313fe	Use user/peer instead role in jpake TLS code Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 09:18:03 +01:00
Przemek Stekiel	f3ae020c37	Use user/peer instead role in jpake driver-wrapper tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 09:18:03 +01:00
Przemek Stekiel	af94c13b2c	Add tests for user/peer input getters Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 09:18:03 +01:00
Przemek Stekiel	1e7a927118	Add input getters for jpake user and peer Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 09:18:03 +01:00
Przemek Stekiel	0c946e9aa9	Addapt jpake tests and add cases for set_user, set_peer Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 09:18:03 +01:00
Przemek Stekiel	26c909d587	Enable support for user/peer for JPAKE This is only partial support. Only 'client' and 'server' values are accepted for peer and user. Remove support for role. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 09:18:02 +01:00
Gilles Peskine	a4c6a3c355	Merge pull request #7237 from davidhorstmann-arm/move-getting-started-guide Move docs/getting_started.md to docs repo	2023-03-09 23:31:25 +01:00
Gilles Peskine	4da92832b0	Merge pull request #7117 from valeriosetti/issue6862 driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges	2023-03-09 20:49:44 +01:00
Gilles Peskine	a25203c5f9	Merge pull request #7208 from paul-elliott-arm/interruptible_sign_hash_new_verify_tests Interruptible_{sign\|verify}_hash: Add public key verification tests	2023-03-09 20:48:13 +01:00
Dave Rodgman	bf4016e5d5	Merge pull request #6567 from mprse/ecjpake-driver-dispatch	2023-03-09 19:23:05 +00:00
Tom Cosgrove	94e841290d	Don't check prerequisites for MBEDTLS_AESCE_C if we won't use it Fixes #7234 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-03-09 17:17:42 +00:00
Dave Rodgman	8657e3280a	Add corrupt PKCS #7 test files Generated by running "make <filename>" and commiting the result. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-09 15:59:15 +00:00
valerio	2bf85e349d	ssl-opt: enable test for accelerated ECDH + USE_PSA Signed-off-by: valerio <valerio.setti@nordicsemi.no>	2023-03-09 16:39:07 +01:00
valerio	f27472b128	ssl-opt: enable test and fix failures for reference ECDH + USE_PSA" Signed-off-by: valerio <valerio.setti@nordicsemi.no>	2023-03-09 16:20:38 +01:00
Przemek Stekiel	89e268dfb9	Add change log entry (SubjectAltName extension in CSR) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-09 14:04:17 +01:00
Przemek Stekiel	42510a91c4	Use for loop instead while loop Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-09 14:04:17 +01:00
Przemek Stekiel	68ca81c8fe	Change separator for SAN names to ';' When ';' is used as a separator san names must be provided in quotation marks: ./cert_req filename=../../tests/data_files/server8.key subject_name=dannybackx.hopto.org san="URI:http://pki.example.com/;IP:127.1.1.0;DNS:example.com" Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-09 14:04:11 +01:00
Gabor Mezei	fffd6d9ded	Fix maximum cannonical value Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-03-09 13:43:15 +01:00
Gabor Mezei	e4710ae9ed	Add and fix comments Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-03-09 13:43:02 +01:00
Przemek Stekiel	b8eaf635ba	Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-09 12:14:26 +01:00
David Horstmann	369930dec2	Move docs/getting_started.md to docs repo Delete docs/getting_started.md as it has been moved to the dedicated documentation repo. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-03-09 09:52:13 +00:00
Janos Follath	9e1d889766	Merge pull request #7231 from tom-cosgrove-arm/update-changelog-230308 Update ChangeLog to make "fix" explicit	2023-03-09 08:47:49 +00:00
Janos Follath	042e433eda	Threat Model: clarify attack vectors Timing attacks can be launched by any of the main 3 attackers. Clarify exactly how these are covered. Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-03-08 20:07:59 +00:00
Janos Follath	d5a09400ae	Threat Model: improve wording Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-03-08 19:58:29 +00:00
Dave Rodgman	5e5aa4a4e6	Merge pull request #7218 from tom-cosgrove-arm/fix-typos-230307 Fix typos in development prior to release	2023-03-08 17:19:59 +00:00
Dave Rodgman	51b62ef23d	Merge pull request #7228 from tom-cosgrove-arm/fix-alignment.h-on-32-bit-systems Fix mbedtls_bswap64() on 32-bit systems	2023-03-08 17:19:29 +00:00
Janos Follath	3d377605f3	Threat Model: move the block cipher section The block cipher exception affects both remote and local timing attacks. Move them to the Caveats section and reference it from both the local and the remote attack section. Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-03-08 16:58:01 +00:00
Janos Follath	ecaa293d32	Threat model: explain dangling countermeasures Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-03-08 16:38:07 +00:00
Janos Follath	fef82fd39b	Threat Model: increase classification detail Originally for the sake of simplicity there was a single category for software based attacks, namely timing side channel attacks. Be more precise and categorise attacks as software based whether or not they rely on physical information. Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-03-08 16:10:39 +00:00
Manuel Pégourié-Gonnard	913d9bb921	Merge pull request #7162 from valeriosetti/issue7055 Legacy MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C dependencies in test_suite_psa_crypto	2023-03-08 17:07:19 +01:00
Valerio Setti	1470ce3eba	fix typos Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-08 16:50:12 +01:00

... 3 4 5 6 7 ...

24163 commits