mbedtls

Author	SHA1	Message	Date
Waleed Elmelegy	1487760b55	Change order of checking of record size limit client tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Waleed Elmelegy	09561a7575	Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to config_adjust_ssl.h Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Waleed Elmelegy	a3bfdea82b	Revert "Make sure record size limit is not configured without TLS 1.3" This reverts commit 52cac7a3e6782bbf46a76158c9034afad53981a7. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Waleed Elmelegy	7ae74b74cc	Make sure record size limit is not configured without TLS 1.3 Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Waleed Elmelegy	f37c70746b	Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to full config Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Waleed Elmelegy	e840263f76	Move record size limit testing to tls13 component Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Waleed Elmelegy	2fa99b2ddd	Add tests for client complying with record size limit Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Waleed Elmelegy	f501790ff2	Improve comments across record size limit changes Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Waleed Elmelegy	9457e67afd	update record size limit tests to be more consistent Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Waleed Elmelegy	2a2462e8f9	Add Changlog entry for record size extension Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Waleed Elmelegy	3a37756496	Improve record size limit tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Waleed Elmelegy	fbe42743eb	Fix issue in checking in writing extensions Fix issue in checking if server received record size limit extension. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Waleed Elmelegy	e1ac98d888	remove mbedtls_ssl_is_record_size_limit_valid function Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Waleed Elmelegy	d2fc90e024	Stop sending record size limit extension if it's not sent from client Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Waleed Elmelegy	148dfb6457	Change record size limit writing function Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Waleed Elmelegy	598ea09dd5	TLS1.3: SRV/CLI: add support for sending Record Size Limit extension Signed-off-by: Yanray Wang <yanray.wang@arm.com> Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Waleed Elmelegy	47d2946943	tls13: server: write Record Size Limit ext in EncryptedExtensions - add the support in library - update corresponding test cases. Signed-off-by: Yanray Wang <yanray.wang@arm.com> Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Yanray Wang	42017cd4c9	tls13: cli: write Record Size Limit ext in ClientHello - add the support in library - update corresponding test case Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2024-01-10 16:17:27 +00:00
Yanray Wang	faf70bdf9d	ssl_tls13_generic: check value of RecordSizeLimit in helper function Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2024-01-10 16:17:27 +00:00
Yanray Wang	a8b4291836	tls13: add generic function to write Record Size Limit ext Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2024-01-10 16:17:27 +00:00
Manuel Pégourié-Gonnard	3eb9025275	Merge pull request #8680 from mpg/ciphers-wrapup Driver-only ciphers wrapup	2024-01-10 12:04:50 +00:00
Manuel Pégourié-Gonnard	e334486753	Add new lines before lists This is more portable markdown, and also for people who read the text, it make the new lines after the list (but inside the same sentence) less surprising I hope. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-01-10 10:24:31 +01:00
Manuel Pégourié-Gonnard	0f45a1aec5	Fix typos / improve syntax Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-01-10 09:43:30 +01:00
Tom Cosgrove	3a6059beca	Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit Comply with the received Record Size Limit extension	2024-01-09 15:22:17 +00:00
Manuel Pégourié-Gonnard	454ab28be5	Merge pull request #8668 from gilles-peskine-arm/asymmetric_key_data-secpr1 Fix incorrect test data for SECP_R1 in automatically generated tests	2024-01-09 09:21:14 +00:00
Manuel Pégourié-Gonnard	60c9eee267	Improve wording & fix typos Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-01-09 10:09:17 +01:00
Manuel Pégourié-Gonnard	481dd0b3e6	Merge pull request #8649 from valeriosetti/issue8646 check_config.h not complete about builds without CIPHER_C	2024-01-09 08:45:30 +00:00
Valerio Setti	d5cab81405	mbedtls_config: update documentation for CIPHER_C and CRYPTO_C Adding auto-enablement sections. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 07:23:33 +01:00
Valerio Setti	9772642b8c	adjust_legacy_crypto: auto-enable CIPHER_C when any builtin cipher is enabled in PSA Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 07:23:33 +01:00
Valerio Setti	1aaffec7cf	Revert "check_config: add check for PSA builtin unauthenticated ciphers" This reverts commit d5d99e800a0d648e976a28819ab8709daabcab9b. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-08 16:57:18 +01:00
Valerio Setti	c95ab2a1a0	mbedtls_config: extend documentation for MBEDTLS_PSA_CRYPTO_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-08 16:57:18 +01:00
Valerio Setti	95c32973f9	check_config: add check for PSA builtin unauthenticated ciphers Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-08 16:57:18 +01:00
Manuel Pégourié-Gonnard	d0c6f70e58	Update architecture doc for cipher dual dispatch Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-01-08 11:35:01 +01:00
Manuel Pégourié-Gonnard	c1cea63478	Quickly mention the status of RSA accel Not related to other commits in this PR, should have been done in #8616 really, but since I'm updating the document, might as well do it here. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-01-08 11:35:01 +01:00
Manuel Pégourié-Gonnard	88bae8bc52	Rename tests components for clarity All no_cipher components have crypto (as in libmbedcrypto.a), but the difference is one doesn't have PSA crypto while the other two do. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-01-08 11:35:01 +01:00
Manuel Pégourié-Gonnard	7f48d5e203	Rename test components to better reflect content Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-01-08 11:35:01 +01:00
Manuel Pégourié-Gonnard	dc4103e9aa	Clarify CCM/CM with partial accel Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-01-08 11:35:01 +01:00
Manuel Pégourié-Gonnard	a57278151b	Update ChangeLog for CCM/GCM improvements Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-01-08 11:35:01 +01:00
Manuel Pégourié-Gonnard	729cf89704	Consolidate ChangeLog entries about CIPHER_C Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-01-08 11:35:01 +01:00
Manuel Pégourié-Gonnard	4aad0ff510	Merge pull request #8632 from valeriosetti/issue8598 [G5] Make block_cipher work with PSA	2024-01-08 08:07:53 +00:00
Waleed-Ziad Maamoun-Elmelegy	e2d3db5cfc	Update mbedtls_ssl_get_output_record_size_limit signature Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Waleed-Ziad Maamoun-Elmelegy <122474370+waleed-elmelegy-arm@users.noreply.github.com>	2024-01-05 14:19:16 +00:00
Waleed Elmelegy	60f0f727c3	Add config dependencies to record size tests Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-04 14:57:31 +00:00
Dave Rodgman	a021d63bf7	Merge pull request #8642 from daverodgman/default-compiler-all CI perf: Use clang by default in all.sh	2024-01-04 12:58:54 +00:00
Manuel Pégourié-Gonnard	5bad043c06	Merge pull request #8641 from valeriosetti/issue8358 G3-G4 wrap-up	2024-01-04 10:48:00 +00:00
Manuel Pégourié-Gonnard	66b1ded73a	Merge pull request #8623 from daverodgman/verbatim-tfm Use TF-M config verbatim	2024-01-04 08:08:06 +00:00
Gilles Peskine	44d557c52d	Indicate which curves Mbed TLS supports Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-03 20:59:38 +01:00
Gilles Peskine	6e2069661e	Note unusual curve size Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-03 20:59:03 +01:00
Gilles Peskine	2a22dac694	Fix typo in curve name Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-03 20:58:55 +01:00
Gilles Peskine	68b5182dad	Add test data for secp192r1 Same generation methodology as `0cbaf056fa`: ``` openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-192 -text \|perl -0777 -pe 's/.\npriv:([\n 0-9a-f:])pub:([\n 0-9a-f:])./"$1","$2"/s or die; y/\n ://d; s/,/,\n /;' ``` Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-03 20:57:52 +01:00
Gilles Peskine	478dd84b63	Fix mixup between secp224r1 and secp224k1 in test scripts secp224k1 is the one with 225-bit private keys. The consequences of this mistake were: * We emitted positive test cases for hypothetical SECP_R1_225 and SECP_K1_224 curves, which were never executed. * We emitted useless not-supported test cases for SECP_R1_225 and SECP_K1_224. * We were missing positive test cases for SECP_R1_224 in automatically generated tests. * We were missing not-supported test cases for SECP_R1_224 and SECP_K1_225. Thus this didn't cause test failures, but it caused missing test coverage and some never-executed test cases. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-03 20:50:56 +01:00

1 2 3 4 5 ...

28932 commits