Shuffle things around a bit inside mbedtls_mpi_random() in preparation for
breaking out mbedtls_mpi_core_random().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Rewrite the minimum bound comparison to avoid a local allocation. This costs
a bit of code size, but saves RAM. This is in preparation for moving the
bulk of the function to the bignum_core module where allocation is not
permitted.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Compare a single-limb MPI with a multi-limb MPI. This is rather ad hoc, but
will be useful for mbedtls_mpi_core_random.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
"version 1.1 of #5137" is not meaningful to users, only as an internal
project milestone. Explain what this means from a user's point of view.
Announce the requirement for jsonschema in the proper section, which is
"Requirement changes". Mention jinja2 and basic.requirements.txt which
had not previously been explicitly mentioned in the changelog.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If my understanding is correct (to be confirmed in review), this is a new
feature which was not particularly desired on its own but was the simplest
way to fix an interoperability issue in TLS 1.2 caused accidentally by
the work on TLS 1.3.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Mention the name of the new functions in the "Features" entry. Clarify what
they're for (there's no structure called mbedtls_x509_named_data, it's
mbedtls_asn1_named_data, but that name isn't so important here since we've
mentioned the names of the functions).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Added mixed cases:
- server using opaque password, while client not
- client using opaque password, while server not
Added a test with mismatched passwords in case both server and
client are using opaque passwords (the same test was already
present for the non-opaque case)
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This is already covered by other already existing cases such as
"component_test_full_cmake_gcc_asan" which build with
"config.py full" and run all "ssl-opt.sh" test cases.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The code in CMakeLists.txt was an old copy of the code in Makefile. This
brings in branch coverage, which had only been added to Makefile.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The commit "Preserve line breaks in comments before test functions"
only handled block comments. This commit handles line comments.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
