mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-25 09:02:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
23,791 Commits 172 Branches 267 Tags
Commit Graph

23791 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hanno Becker
db305ff42e X.509: Improve negative testing for SubjectAltName parsing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-07 05:10:29 -05:00
Hanno Becker
ae8f8c435c Fix X.509 SAN parsing 
Fixes #2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-07 05:10:27 -05:00
Gilles Peskine
a0c806aac1
Merge pull request #7003 from lpy4105/issue/do-not-run-x86-tests-on-arm64 
all.sh: test_m32_xx is not supported on arm64 host
 2023-02-07 10:26:10 +01:00
Gilles Peskine
4c77601832
Merge pull request #6975 from davidhorstmann-arm/c-build-helper-improvements 
Minor improvements to `c_build_helper.py`
 2023-02-07 10:25:59 +01:00
Jerry Yu
b3b85ddf4a Disable macro conflict check 
It cause full configuration test fail

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-07 17:11:54 +08:00
Jerry Yu
e908c57f95 Disable clang tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-07 17:11:53 +08:00
Jerry Yu
32f977e820 Add arm64 tests on travis ci 
Due to time limitation of travis, the job is spited into
two job

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-07 17:11:53 +08:00
Jerry Yu
e51eddce38 disable aesce when ASM not available 
Change-Id: Icd53a620cc3aed437b0e0e022ca5a36f29caeea1
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-07 17:11:53 +08:00
Jerry Yu
2bb3d8101f Add en(de)crypt routine 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-07 17:11:53 +08:00
Jerry Yu
e096da1af6 Add inverse key function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-07 17:11:52 +08:00
Jerry Yu
3f2fb71072 Add key expansion for encrypt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-07 17:11:52 +08:00
Jerry Yu
b95c776c43 Add linux runtime detection 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-07 17:11:52 +08:00
Jerry Yu
49231319fd Add empty aesce files 
For time being, we only support gcc and clang

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-07 17:11:52 +08:00
Jerry Yu
2fddfd7f8f Add AESCE confige options 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-07 17:11:51 +08:00
Yanray Wang
3f9961bfca compat.sh: remove G_CLIENT_PRIO as it's not used 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:51 +08:00
Yanray Wang
a89c4d51f7 compat.sh: display "no" even if $VERIFY=YES for PSK test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:51 +08:00
Yanray Wang
5d646e705d compat.sh: do not filter PSK ciphersuites for GnuTLS if $VERIFY=YES 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:51 +08:00
Yanray Wang
c66a46f734 compat.sh: remove check_openssl_server_bug 
As there is no $VERIFY for PSK test cases,
check_openssl_server_bug is not functional in compat.sh.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:51 +08:00
Yanray Wang
35c0eadf0f compat.sh: avoid running duplicate test cases for PSK 
With the introduction of PSK_TESTS,
 - Either `compat.sh -V NO` or `compat.sh -V YES` runs the PSK tests
 - `compat.sh` or `compat.sh -V "NO YES"` runs PSK tests only once

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:51 +08:00
Yanray Wang
dae7057e1f compat.sh: ignore $VERIFY in PSK TYPE 
There is no need to provide CA file in PSK. Thus VERIFY is
meaningless for PSK. This change omits the arguments passed to
the client and server for $VERIFY=YES.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:20 +08:00
Valerio Setti
1cdddacc62 pk_wrap: use proper macros for sign and verify 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
5c593af271 pk_wrap: fix comment on closing #endif 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
0568decc0c ecdsa: add comment for ecdsa_context 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
24138d9f83 pk_wrap: re-use identical functions for eckey and ecdsa when possible 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
7ca1318256 pk: add new symbol for generic ECDSA capability 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
bf74f52920 test: add a comment specifying why restartable cannot be tested 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
9e30dd882d removing a leftover printf from debug 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
4836374088 test: ECDSA driver only: fixing disparities in tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
ab363d9fe1 pk/pk_wrap: replace ECDSA_C with generic ECDSA capabilities' defines 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
cf084ae256 pk: add generic defines for ECDSA capabilities 
The idea is to state what are ECDSA capabilities independently from how
this is achieved

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
4e0278d710 test: ECDSA driver only: disable ECP_RESTARTABLE 
This is not yet supported in driver only implementation

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
4e26df99aa test: ECDSA driver_only: verify disparities in PK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Gabor Mezei
63aae68b8f
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-06 16:24:08 +01:00
Dave Rodgman
f31c9e441b
Merge pull request #7019 from tom-cosgrove-arm/dont-use-cast-assignment-in-ssl_server2.c 
Don't use cast-assignment in ssl_server.c
 2023-02-06 12:13:08 +00:00
Jan Bruckner
1aabe5c4d7 Fix typos 
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-02-06 12:54:53 +01:00
Jan Bruckner
aa31b19395 Extend test framework for Record Size Limit Extension 
Fixes #7006

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-02-06 12:54:29 +01:00
Manuel Pégourié-Gonnard
cced3521cb Fix style in test_suite_md.function 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-06 12:37:02 +01:00
Dave Rodgman
94c9c96c94
Merge pull request #6998 from aditya-deshpande-arm/fix-example-programs-usage 
Fix incorrect dispatch to USAGE in example programs, which causes uninitialized memory to be used
 2023-02-06 09:53:50 +00:00
Andrzej Kurek
81cf5ad347
Improve tests/scripts/depends.py code 
As suggested by gilles-peskine-arm.

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-06 10:48:43 +01:00
Nick Child
50886c25f3 pkcs7/test: Add test for parsing a disabled algorithm 
If the digest algorithm is not compiled into Mbedtls,
then any pkcs7 structure which uses this algorithm
should fail with MBEDTLS_ERR_PKCS7_INVALID_ALG.
Add test for this case.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-02-03 20:33:12 +00:00
Nick Child
6291cc2444 pkcs7/test: Remove f strings in generator script 
MbedTLS CI uses python v3.5, f strings are not supported
until v3.6 . Remove f string's from generate_pkcs7_tests.py.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-02-03 20:33:12 +00:00
Tom Cosgrove
de85725507 Don't use cast-assignment in ssl_server.c 
Would have used mbedtls_put_unaligned_uint32(), but alignment.h is in library/.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-02-03 16:38:05 +00:00
Aditya Deshpande
9b45f6bb68 Fix more argc checks 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-02-03 16:15:30 +00:00
Gilles Peskine
10ada35019
Merge pull request #7022 from daverodgman/3DES-warning 
Improve warnings for DES/3DES
 2023-02-03 16:41:34 +01:00
Gilles Peskine
0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3 
Parsing v3 extensions from a CSR - v.2
 2023-02-03 16:41:11 +01:00
Manuel Pégourié-Gonnard
f5e2331f8a Use TEST_EQUAL when applicable in test_suite_md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-03 12:51:03 +01:00
Manuel Pégourié-Gonnard
b707bedca4 Avoid unnecessary copy in test_suite_md 
Also avoids buffer with an arbitrary size while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-03 12:32:41 +01:00
Manuel Pégourié-Gonnard
4ba98f5350 Use MBEDTLS_MD_MAX_SIZE in test_suite_md 
Not only was the size of 100 arbitrary, it's also not great for testing:
using MBEDTLS_MD_MAX_SIZE will get us an ASan error if it ever is too
small.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-03 12:25:53 +01:00
Manuel Pégourié-Gonnard
c90514ee11 Use MD type not string to in MD test data 
For all test that want to use a hash, identify it by its numerical type
rather than a string. The motivation is that when we isolate the
MD-light subset from the larger MD, it won't have support for string
identifiers. Do the change for all tests, not just those that will
exercise functions in MD-light, for the sake of uniformity and because
numerical identifiers just feel better.

Note: mbedtls_md_info_from_string is still tested in md_info().

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-03 12:13:10 +01:00
Gilles Peskine
80c552556a
Merge pull request #6791 from yanrayw/6675-change-some-key-generation-funcs-to-static 
TLS 1.3: Key Generation: change some key generation functions to static
 2023-02-03 11:56:35 +01:00