- avoid grouping checks, for a better debugging experience (breakpoints)
- use a more logical order, checking the key type first
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
See the comment that was there. I chose not to split the test function
in two, but just have two arguments for each expected status.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Failing right now, will fix the library in the next commit.
For 8192-bit, we don't have any positive test, because we have a stupid
line length limitation [1] and we can't fit both our key, the peer's
key, and the output. But for negative tests we don't need the output and
the rest fits, so let's have those.
[1] https://github.com/Mbed-TLS/mbedtls/issues/1866
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Aligning on the name in development, which is also acceptable for 3.6,
and should reduce conflicts when backporting.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Also, while at it, add a test for input buffer too small. This had been
added previously in development but not backported.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This is not only convenient, but now necessary, because if the content of
the generated files changes due to changes in Python files in the framework,
`all.sh check_generated_files` will fail in the framework CI.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Improve DTLS proxy 3d tests with OpenSSL and
GnuTLS servers. Have a better control of which
message is fragmented and verify it is the
case.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Improve DTLS reassembly tests with OpenSSL
and GnuTLS server. Check that some messages
have been reassembled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
We are about to have full support for TLS 1.2
CH reassembly on server side. The equivalent
positive test would be a duplicate of one of
the tests generated by generate_tls_handshake_tests.py.
Thus just removing the negative test.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In the TLS-Exporter for TLS 1.3 we mistakenly call PSA_HASH_LENGTH() on
an mbedtls_md_type_t when it should be called on a psa_algorithm_t.
Fortunately, these two types have almost the same values, since we have
previously aligned them to make conversion more efficient. As a result,
PSA_HASH_LENGTH() produces exactly the same value when called on an
mbedtls_md_type_t as with the equivalent psa_algorithm_t.
Thanks to this happy coincidence, fix a largely cosmetic issue (rather
than a major functional bug).
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Fix the location of the ending braket of "extern C" block in order to
have it balanced between C guards.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
TLS-PRF uses either SHA-256 and SHA-384, so the removed paragraph was not
correct. The correct version is already available in "check_config.h".
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
In the default build, it was 2363 bytes which is a lot to put on the
stack for constrained devices. Fortunately we already have a large
enough buffer at hand: the user-provided output buffer. Use it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
