mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-03 11:54:02 +00:00

Author	SHA1	Message	Date
Manuel Pégourié-Gonnard	8d4bc5eeb9	Merge pull request #5481 from gabor-mezei-arm/5401_implement_hkdf_extract_based_on_psa_hmac HKDF 1a: Implement Extract in TLS 1.3 based on PSA HMAC	2022-03-17 11:55:48 +01:00
Gabor Mezei	88f3b2e502	Update old style test function parameter handling Use data_t type for hex string parameters. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-16 16:53:23 +01:00
Manuel Pégourié-Gonnard	10e5cdbbbf	Merge pull request #5454 from gstrauss/cert_cb-user_data server certificate selection callback	2022-03-10 11:51:42 +01:00
Gilles Peskine	9c656ec718	Fix unused function warning Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-26 19:56:12 +01:00
Glenn Strauss	36872dbd0b	Provide means to reset handshake cert list Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list if cert provided is null. Previously, mbedtls_ssl_set_hs_own_cert() only provided a way to append to the handshake certificate list, without providing a way to replace the handshake certificate list. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-25 19:55:48 -05:00
Gabor Mezei	4fded1359a	Use PSA_INIT() Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:47:24 +01:00
Gabor Mezei	5d7d201b87	Update test Testing the hash length in this context is not applicable because there is no way to specify it when calling mbedtls_psa_hkdf_extract. Change to test invalid `alg` parameter. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:46:33 +01:00
Gabor Mezei	ebc9368173	typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:44:51 +01:00
Gabor Mezei	298a2d6109	Use ASSERT_ALLOC Change the calloc functions to ASSERT_ALLOC to check the return value of calloc as well. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:43:52 +01:00
Gabor Mezei	62bf024025	Make the mbedtls_psa_hkdf_extract function more PSA compatible Change the return value to `psa_status_t`. Add `prk_size` and `prk_len` parameters. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:42:57 +01:00
Gabor Mezei	73cb6f54de	Add tests for mbedtls_psa_hkdf_extrct The tests are based on the the test of mbedtls_hkdf_extract. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:41:42 +01:00
Gilles Peskine	49d7ddf7f3	Serializing a context does not save the user data The user data is typically a pointer to a data structure or a handle which may no longer be valid after the session is restored. If the user data needs to be preserved, let the application do it. This way, it is a conscious decision for the application to save/restore either the pointer/handle itself or the object it refers to. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Gilles Peskine	80dae04f24	Make user_data fields private Add accessor functions. Add unit tests for the accessor functions. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Gilles Peskine	1255b0de98	Positive unit testing for SSL context version functions Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Paul Elliott	436b72690d	Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build TLS1.3:Enable tls13 only build	2022-02-21 11:22:37 +00:00
Jerry Yu	baa4934e7b	Add check tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	53d23e2c95	Guards tls_prf functions with TLS1_2 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Gabor Mezei	cbe5ba500a	Add tests for mbedtls_psa_hkdf_expand Add test cases which test psa_import_key and psa_mac_sign_setup function call if they return error. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-17 17:01:49 +01:00
Gabor Mezei	8e3602569b	Typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-17 11:50:02 +01:00
Gabor Mezei	d917081b8b	Typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-15 16:25:27 +01:00
Gabor Mezei	7381242748	Use PSA_INIT() Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-15 16:24:58 +01:00
Gabor Mezei	b35759ded8	Add tests for mbedtls_psa_hkdf_expand The tests are based on the test of mbedtls_hkdf_expand. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-10 10:57:24 +01:00
Przemyslaw Stekiel	5648d577a4	Optimize psa_cipher_encrypt_helper() Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel	8c010eb467	Fix comments, code style, remove debug code Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel	d66387f8fa	Init psa status to PSA_ERROR_CORRUPTION_DETECTED Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel	f4facef9ba	Adapt ssl_decrypt_non_etm_cbc() test for psa crypto and remove redundant test cases Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel	77aec8d181	Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel	89dad93a78	Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel	4a36dd3da6	ssl test ssl_decrypt_non_etm_cbc(): add missing ret check Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	f4ca3f0e52	ssl test build_transforms(): in psa mode distinguish encrypt/decrypt keys Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	f57b45660d	Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention. New function name: mbedtls_ssl_cipher_to_psa(). Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	93cf4eea67	Adapt test_suite_ssl for psa crypto Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Andrzej Kurek	03e01461ad	Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO Fix library references, tests and programs. Testing is performed in the already present all.sh test. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-03 12:53:24 +01:00
Ronald Cron	6f135e1148	Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:47:55 +01:00
Paul Elliott	46a6c20d0c	Add checked returns to tests without them. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-09 18:16:13 +00:00
Xiaofei Bai	d25fab6f79	Update based on comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-12-02 06:36:27 +00:00
Xiaofei Bai	746f9481ea	Fix 1_3/13 usages in macros and function names Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:08:36 +00:00
Gilles Peskine	161d661d90	Merge pull request #5222 from paul-elliott-arm/fix_test_suite_ssl Fix test_suite_ssl compilation errors with GCC11	2021-11-25 22:02:43 +01:00
Paul Elliott	21c8fe5c6e	Fix compilation errors. Under gcc11(+) both message and received would cause errors for potentially being used uninitialised. We fixed many of these issues in another PR, but this one is only seen under certain configs. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-11-24 17:19:51 +00:00
Gabor Mezei	be7b21da22	Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module	2021-11-24 10:44:13 +01:00
Brett Warren	7f813d5d88	add group api tests Signed-off-by: Brett Warren <brett.warren@arm.com>	2021-10-29 14:07:46 +01:00
Gabor Mezei	22c9a6fccc	Rename internal header constant_time.h to constant_time_internal.h Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-20 12:15:20 +02:00
Gabor Mezei	90437e3762	Rename constant-time functions to have mbedtls_ct prefix Rename functions to better suite with the module name. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-20 11:59:27 +02:00
gabor-mezei-arm	9c1203fd67	Delete ssl_invasive.h due to duplicated function declarations All function declaration provided by ssl_invasive.h is needed only for testing purposes and all of them are provided by constant_time.h as well. Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:28:44 +02:00
gabor-mezei-arm	9fa43ce238	Rename function to have suitable name Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:14:47 +02:00
Dave Rodgman	2aec149e13	Merge pull request #4248 from hanno-arm/tls13_populate_transform Fix and test compliance of TLS 1.3 record protection	2021-08-11 16:41:51 +01:00
Gilles Peskine	8bb9b80d18	Merge pull request #4806 from hanno-arm/ssl_session_serialization_version Store TLS version in SSL session structure	2021-08-02 12:45:55 +02:00
Hanno Becker	1f91878281	Specify padding granularity in TLS 1.3 record protection KATs Still check that encryption and decryption are inverse to each other if the granularity does not match the one used in the KAT. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-08-02 04:54:03 +01:00
Hanno Becker	41537452f4	Add comment regarding the wire-version used in TLS 1.3 records Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-08-02 04:54:03 +01:00
Hanno Becker	80e760e006	Fix memory leak in TLS 1.3 record protection unit test Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-08-02 04:54:02 +01:00

1 2 3 4

197 Commits