mbedtls

Author	SHA1	Message	Date
Matthias Schulz	782667883a	Fix: - Remove unnecessary tests. - Update description of MBEDTLS_GCM_LARGETABLE parameter. - Move acceleration defines from gcm.h to gcm.c. - Remove unnecessary zero setting after shift. - Fix implementation for big-endian architectures. Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2024-02-08 13:59:15 +01:00
Matthias Schulz	0767fdadbf	Enhance GCM throughput using larger precalculated tables. Also refactored the code for shorter tables and moved the check for available accelerators to the context initialization code. Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2024-02-07 13:17:50 +01:00
Dave Rodgman	57a0957938	Merge pull request #8788 from daverodgman/old-gcc-alignment-bug Change unaligned access method for old gcc	2024-02-07 09:31:45 +00:00
Gilles Peskine	f45589b492	Merge pull request #8198 from silabs-Kusumit/kdf_incorrect_initial_capacity KDF incorrect initial capacity	2024-02-06 17:29:43 +00:00
Gilles Peskine	137e0c1a02	Merge pull request #8761 from valeriosetti/issue4681 Re-introduce enum-like checks from CHECK_PARAMS	2024-02-06 17:29:38 +00:00
Gilles Peskine	fb7001f15b	Merge pull request #8738 from gilles-peskine-arm/pk_import_into_psa-use_usage Implement mbedtls_pk_get_psa_attributes	2024-02-06 17:28:54 +00:00
Dave Rodgman	e093281a8b	Pacify check-names Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 15:00:58 +00:00
Dave Rodgman	d09f96b829	Improve docs Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 13:51:58 +00:00
Dave Rodgman	22b934e6d2	Use struct not union Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 13:16:13 +00:00
Dave Rodgman	f4e8234f93	Improve docs Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 13:16:13 +00:00
Manuel Pégourié-Gonnard	5c9cc0b30f	Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected TLS 1.3: SRV: Ignore early data when rejected	2024-02-06 13:16:03 +00:00
Dave Rodgman	ec9936d122	Improve gcc guards Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 13:04:09 +00:00
Dave Rodgman	b327a1e706	Change unaligned access method for old gcc gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94662 shows that __attribute__ aligned may be ignored. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 11:32:01 +00:00
Gilles Peskine	8a85673a39	Merge remote-tracking branch 'development' into pk_import_into_psa-use_usage	2024-02-06 10:14:17 +01:00
Ronald Cron	71c6e65d83	tls13: ssl_msg.c: Improve/add comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-05 16:54:37 +01:00
Ronald Cron	31e2d83eee	tls13: srv: Improve coding Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-05 16:45:57 +01:00
Manuel Pégourié-Gonnard	32c28cebb4	Merge pull request #8715 from valeriosetti/issue7964 Remove all internal functions from public headers	2024-02-05 15:09:15 +00:00
Janos Follath	747bedb0b0	Merge pull request #8733 from ivq/gcm_ad_len_check Add back restriction on AD length of GCM	2024-02-05 13:33:58 +00:00
Jerry Yu	f57d14bed4	Ignore early data app msg before 2nd client hello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-02 17:31:20 +01:00
Jerry Yu	263dbf7167	tls13: srv: Do not allow early data indication in 2nd ClientHello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-02 17:31:20 +01:00
Ronald Cron	1483dc3bde	tls13: cli: Indicate early data only in first ClientHello Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-02 17:31:20 +01:00
Ronald Cron	2995d35ac3	tls13: srv: Deprotect and discard early data records Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-02 17:31:20 +01:00
Jerry Yu	4caf3ca08c	tls13: srv: Add discard_early_data_record SSL field Add discard_early_data_record in SSL context for the record layer to know if it has to discard some potential early data record and how. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-02 17:31:20 +01:00
Gilles Peskine	cb3b4cae0a	Fix handling of ECC public keys under MBEDTLS_PK_USE_PSA_EC_DATA The test code to construct test keys and the implementation had matching errors: both assumed that there was a PSA public key object. Fix this. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-02 13:22:23 +01:00
Gilles Peskine	793920c1ff	mbedtls_pk_get_psa_attributes: opaque: require specified usage In the MBEDTLS_PK_OPAQUE, have mbedtls_pk_get_psa_attributes() require the specified usage to be enabled for the specified key. Otherwise the following call to mbedtls_pk_import_into_psa() is unlikely to result in a key with a useful policy, so the call to mbedtls_pk_get_psa_attributes() was probably an error. Adjust the existing test cases accordingly and add a few negative test cases. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-01 21:31:27 +01:00
Gilles Peskine	e820975244	Fix comment Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-01 21:00:33 +01:00
Gilles Peskine	0aad5f8f34	Copypasta Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-01 20:53:04 +01:00
Gilles Peskine	ae2668be97	Don't use mbedtls_pk_ec in our own code Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-01 20:53:04 +01:00
Ronald Cron	78a38f607c	tls13: srv: Do not use early_data_status Due to the scope reduction for mbedtls_ssl_read_early_data(), on server as early data state variable we now only need a flag in the handshake context indicating if the server has accepted early data or not. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 20:10:35 +01:00
Ronald Cron	3b9034544e	Revert "tls13: Introduce early_data_state SSL context field" This reverts commit `0883b8b625`. Due to the scope reduction of mbedtls_ssl_read_early_data() it is not necessary anymore to refine the usage of early_data_status/state rather the opposite. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 20:03:57 +01:00
Ronald Cron	164537c4a6	tls13: early data: Improve, add comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 19:52:30 +01:00
Ronald Cron	ed7d4bfda5	tls13: srv: Simplify mbedtls_ssl_read_early_data() API Do not progress the handshake in the API, just read early data if some has been detected by a previous call to mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or mbedtls_ssl_write(). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:45:07 +01:00
Ronald Cron	0883b8b625	tls13: Introduce early_data_state SSL context field Introduce early_data_state SSL context field to distinguish better this internal state from the status values defined for the mbedtls_ssl_get_early_data_status() API. Distinguish also between the client and server states. Note that the client state are going to be documented and reworked as part of the implementation of mbedtls_ssl_write_early_data(). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:45:04 +01:00
Ronald Cron	7b6ee9482e	tls13: srv: Reject early data in case of HRR Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Jerry Yu	d9ca354dbd	tls13: srv: Add mbedtls_ssl_read_early_data() API Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Jerry Yu	6a5904db45	tls13: srv: Move early data size check placeholder Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Jerry Yu	739a1d4246	tls: Add internal function ssl_read_application_data() The function will be used by mbedtls_ssl_read_early_data() as well. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Ronald Cron	5d0ae9021f	tls13: srv: Refine early data status The main purpose is to know from the status if early data can be received of not and why. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Ronald Cron	11cc41265b	Merge pull request #8711 from ronald-cron-arm/tls13-ticket-and-early-data-unit-test Add TLS 1.3 ticket and early data unit tests	2024-02-01 13:15:55 +00:00
Paul Elliott	cb88c4945a	Merge pull request #8754 from Redfoxymoon/development fix build for midipix	2024-02-01 10:01:49 +00:00
Dave Rodgman	dae21d3808	Support SHA-512 hwcap detection on old libc Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-30 15:31:42 +00:00
Valerio Setti	779a1a5b20	aria: remove leftover in comments Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-30 16:28:09 +01:00
Ørjan Malde	2a6cb5c881	fix build for midipix Signed-off-by: Ørjan Malde <red@foxi.me>	2024-01-30 14:50:23 +01:00
Valerio Setti	4e048f1749	bignum: removing usage of MPI_VALIDATE_RET() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-29 12:00:21 +01:00
Valerio Setti	ea3a6114e6	aria: replace ARIA_VALIDATE_RET() with a simple "if" block Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-29 12:00:21 +01:00
Valerio Setti	a45a399a6b	lib: remove NULL pointer checks performed with MBEDTLS_INTERNAL_VALIDATE[_RET] Symbols defined starting from MBEDTLS_INTERNAL_VALIDATE[_RET] are removed as well. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-29 12:00:15 +01:00
Paul Elliott	47c74a4773	Merge pull request #8741 from Ryan-Everett-arm/add-locking-macros Add macros for locking/unlocking the key slot mutex	2024-01-26 13:53:38 +00:00
Dave Rodgman	935182fe2b	Merge pull request #1158 from daverodgman/mbedtls-3.5.2rc Mbedtls 3.5.2rc	2024-01-25 12:22:54 +00:00
Gilles Peskine	43643c4714	Remove now-redundant guard fixup "mbedtls_pk_get_psa_attributes: require MBEDTLS_PSA_CRYPTO_C" Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-25 13:21:59 +01:00
Dave Rodgman	f5e231ca84	Merge pull request #8719 from daverodgman/iar-codegen Improve codegen of unaligned access for IAR and gcc	2024-01-25 08:31:45 +00:00

1 2 3 4 5 ...

12782 commits