mbedtls

Author	SHA1	Message	Date
Andrzej Kurek	57f58b0e65	Prefer TEST_EQUAL over TEST_ASSERT in test suites Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-08 16:51:03 -04:00
Gilles Peskine	b4f874d1da	raw_key_agreement_fail: Add a nominal run Ensure that the nominal run works properly, so that it's apparent that the injected failure is responsible for the failure of the handshake. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-08 16:50:38 -04:00
Gilles Peskine	6cbc9986fb	Remove redundant empty slot count check USE_PSA_DONE() already checks that there are no used key slots. The call to TEST_ASSERT() wouldn't have worked properly on failure anyway, since it would jump back to the exit label. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-08 16:47:19 -04:00
Andrzej Kurek	28f883eba5	Remove RSA & DTLS dependency in raw key agreement test Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-08 16:46:57 -04:00
Gilles Peskine	e1730e492d	Merge pull request #5708 from AndrzejKurek/timeless-struggles Remove the dependency on MBEDTLS_TIME_H from the timing module	2022-04-08 18:43:16 +02:00
Adam Wolf	039080fba7	Fix spelling of 'reasonable' in comments Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-04-08 16:49:04 +01:00
Paul Elliott	ed334d2e2f	Merge pull request #5623 from gstrauss/inline-cert_cb Introduce mbedtls_ssl_hs_cb_t typedef	2022-04-08 16:04:31 +01:00
Neil Armstrong	cb87403560	Use 1024 bits RSA key size for RSA PK Opaque tests Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:14:40 +02:00
Neil Armstrong	95a892311d	Comment decrypt & encrypt callback entries of mbedtls_pk_ecdsa_opaque_info as not relevant Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:13:51 +02:00
Neil Armstrong	7df6677c34	Remove now invalid comment in pk_opaque_ecdsa_can_do() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:13:06 +02:00
Neil Armstrong	56e71d4d1a	Update documentation of mbedtls_pk_setup_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:12:42 +02:00
Neil Armstrong	eccf88fa48	Only accept RSA key pair in mbedtls_pk_setup_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:11:50 +02:00
Dave Rodgman	f945e0a475	Update ChangeLog.d/alert_reentrant.txt Co-authored-by: Gilles Peskine <gilles.peskine@arm.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:59:30 +01:00
Dave Rodgman	e2e7e9400b	Fail for types not of size 2, 4 or 8 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:46:30 +01:00
Hanno Becker	baae59cd49	Improve documentation of absence-of-padding check Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:46:29 +01:00
Hanno Becker	0d7dd3cd43	Check that size_t and ptrdiff_t don't have padding Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:46:26 +01:00
Hanno Becker	4ab3850605	Check that integer types don't use padding bits in selftest This commit modifies programs/test/selftest to include a check that none of the standard integer types (unsigned) [short, int, long, long] uses padding bits, which we currently don't support. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:45:05 +01:00
Hanno Becker	8813c03cb0	Add ChangeLog entry Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:16:55 +01:00
Hanno Becker	5e18f74abb	Make alert sending function re-entrant Fixes #1916 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:16:43 +01:00
Jacob Schloss	d8a573b9d9	Fix spelling of 'features' in comment Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-04-08 10:23:14 +01:00
Gilles Peskine	e756f642cd	Seed the PRNG even if time() isn't available time() is only needed to seed the PRNG non-deterministically. If it isn't available, do seed it, but pick a static seed. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-08 04:46:41 -04:00
Andrzej Kurek	5735369f4a	Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C The timing module might include time.h on its own when on a suitable platform, even if MBEDTLS_HAVE_TIME is disabled. Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-08 04:41:42 -04:00
Glenn Strauss	236e17ec26	Introduce mbedtls_ssl_hs_cb_t typedef Inline func for mbedtls_ssl_conf_cert_cb() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-07 14:18:30 -04:00
Gilles Peskine	a91b68564c	Merge pull request #5429 from yuhaoth/pr/fix-parallel-build-fail-of-cmake_out_source fix parallel build fail of cmake out source	2022-04-07 16:21:43 +02:00
Gilles Peskine	8e5e8d73db	Merge pull request #5686 from AndrzejKurek/off-by-one-ssl-opt Fix an off-by-one error in ssl-opt.sh	2022-04-07 16:20:55 +02:00
Przemek Stekiel	e3ee221893	Free other secret in tls12_prf context Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-07 15:41:56 +02:00
Przemek Stekiel	23650286ac	Add psa_tls12_prf_set_other_key() function to store other secret input Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-07 15:41:46 +02:00
Przemek Stekiel	c4b814a9c2	psa_tls12_prf_key_derivation_state_t: add optional step to set other key Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-07 15:01:50 +02:00
Przemek Stekiel	f4e8f01964	psa_tls12_prf_key_derivation_t: add other_secret and other_secret_length fields to handle mixed PSK Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-07 15:01:50 +02:00
Przemek Stekiel	37c81c4f05	Extend PSA_ALG_TLS12_PSK_TO_MS alg (add #PSA_KEY_DERIVATION_INPUT_OTHER_SECRET input) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-07 15:01:50 +02:00
Neil Armstrong	c1152e4a0f	Handle and return translated PSA errors in mbedtls_pk_wrap_as_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	7e1b4a45fa	Use PSA_BITS_TO_BYTES instead of open-coded calculation in mbedtls_pk_wrap_as_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	b354742371	Update documentation of mbedtls_pk_setup_opaque() The function now accepts a RSA key pair in addition to an ECC key pair. Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	295aeb17e6	Add support for RSA Opaque PK key in mbedtls_pk_write_pubkey_der() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	b980c9b48c	Add support for RSA in pk_opaque_sign_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	ca5b55f0d1	Add support for RSA in mbedtls_pk_wrap_as_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	67fc036976	Add support for RSA wrap in pk_psa_sign() test Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 14:51:47 +02:00
Neil Armstrong	5b87ebb601	Prepare pk_psa_sign() test to accept RSA parameters Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 14:51:47 +02:00
Neil Armstrong	0cd78ddd71	Update test for Opaque PK key Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 14:51:47 +02:00
Neil Armstrong	eabbf9d907	Add support for RSA PK Opaque key Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 14:51:47 +02:00
Andrzej Kurek	714b6603e4	Remove dummy timing implementation Having such implementation might cause issues for those that expect to have a working implementation. Having a compile-time error is better in such case. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-07 07:44:04 -04:00
Manuel Pégourié-Gonnard	1b05aff3ad	Merge pull request #5624 from superna9999/5312-tls-server-ecdh TLS ECDH 3b: server-side static ECDH (1.2)	2022-04-07 11:46:25 +02:00
Gilles Peskine	d2d90af7d9	Make mbedtls_ssl_get_bytes_avail tests more independent Don't depend on the default sizes in the test programs: pass explicit request and buffer sizes. Don't depend on MAX_CONTENT_LEN (other than it not being extremely small: this commit assumes that it will never be less than 101). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-06 23:39:06 +02:00
Gilles Peskine	99a732bf0c	Fix off-by-one in buffer_size usage The added null byte was accounted for twice, once by taking opt.buffer_size+1 when allocating the buffer and once by taking opt.buffer-1 when filling the buffer. Make opt.buffer_size the size that is actually read, it's less confusing that way. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-06 23:34:36 +02:00
Gilles Peskine	8bb96d96cd	Fix buffer size calculation Make sure that buf always has enough room for what it will contain. Before, this was not the case if the buffer was smaller than the default response, leading to memory corruption in ssl_server2. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-06 23:31:05 +02:00
Gilles Peskine	c8d242f625	set_maybe_calc_verify: $1 is intended to be auth_mode Document that this is what it is. Don't allow made-up numerical values. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-06 22:23:45 +02:00
Andrzej Kurek	cb33bc5d0b	Change the bit to flip to guarantee failure For weistrass curves the pair is encoded as 0x04 \|\| x \|\| y. Flipping one of the bits in the first byte should be a sure failure. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-06 11:26:39 -04:00
Andrzej Kurek	39d88d4918	Change the number of expected free key slots TLS code now uses PSA to generate an ECDH private key. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-06 11:26:39 -04:00
Andrzej Kurek	41b7e66e61	Tests: add missing requirements for the raw key agreement test SECP384R1 is needed for the default loaded certificate. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-06 11:26:39 -04:00
Andrzej Kurek	cc28e9a252	Tests: add missing group termination Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-06 11:26:39 -04:00

... 2 3 4 5 6 ...

19629 commits