Yanray Wang
1a369d68aa
ssl_tls: add missing guard for mbedtls_ssl_cipher_to_psa
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-16 15:17:33 +08:00
Manuel Pégourié-Gonnard
dc848955d6
Merge pull request #8519 from mpg/block-cipher
...
[G2] Add internal module block_cipher
2023-11-15 11:53:22 +00:00
Dave Rodgman
cba4091581
Merge pull request #8516 from mschulz-at-hilscher/fixes/divided-assembler-syntax-error-gcc493
...
Fixes invalid default choice of thumb assembler syntax.
2023-11-14 17:57:37 +00:00
Manuel Pégourié-Gonnard
752dd39a69
Merge pull request #8508 from valeriosetti/issue6323
...
[G3] Driver-only cipher+aead: TLS: ssl-opt.sh
2023-11-14 11:39:06 +00:00
Matthias Schulz
e94525bd17
Updated comments.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-13 14:01:02 +01:00
Matthias Schulz
35842f52f2
Simplified check.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-13 13:57:05 +01:00
Matthias Schulz
ca8981c1ee
Added proposed fixes
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-13 10:04:19 +01:00
Tom Cosgrove
08ea9bfa1f
Merge pull request #8487 from yanrayw/issue/6909/rename_tls13_conf_early_data
...
TLS 1.3: Rename early_data and max_early_data_size configuration function
2023-11-10 19:35:46 +00:00
Manuel Pégourié-Gonnard
76fa16cab3
block_cipher: add encrypt()
...
Test data copied from existing test suites.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-10 12:14:53 +01:00
Manuel Pégourié-Gonnard
3e0884fc53
block_cipher: add setkey()
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-10 11:52:10 +01:00
Manuel Pégourié-Gonnard
21718769d1
Start adding internal module block_cipher.c
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-10 11:21:17 +01:00
Valerio Setti
01c4fa3e88
ssl: move MBEDTLS_SSL_HAVE internal symbols to ssl.h
...
This is useful to properly define MBEDTLS_PSK_MAX_LEN when
it is not defined explicitly in mbedtls_config.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:12:07 +01:00
Matthias Schulz
2e068cef09
fixes invalid default choice of thumb assembler syntax.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-09 15:25:52 +01:00
Manuel Pégourié-Gonnard
7d7ce0e66a
Merge pull request #8495 from lpy4105/issue/6322/driver-only-cipher_aead-tls
...
[G3] Driver-only cipher+aead: TLS: main test suite
2023-11-09 11:10:34 +00:00
Gilles Peskine
4dec9ebdc2
Merge pull request #8378 from mschulz-at-hilscher/fixes/issue-8377
...
Fixes "CSR parsing with critical fields fails"
2023-11-08 18:07:04 +00:00
Dave Rodgman
0d22539de0
Merge pull request #8468 from daverodgman/mbedtls-3.5.1-pr
...
Mbed TLS 3.5.1
2023-11-08 18:01:32 +00:00
Dave Rodgman
28d40930ae
Restore bump version
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:08 +00:00
Pengyu Lv
2bd56de3f4
ssl: replace MBEDTLS_SSL_HAVE_*_CBC with two seperate macros
...
MBEDTLS_SSL_HAVE_<block_cipher>_CBC equals
MBEDTLS_SSL_HAVE_<block_cipher> and MBEDTLS_SSL_HAVE_CBC.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 14:21:19 +08:00
Pengyu Lv
65458fa969
ssl: MBEDTLS_SSL_HAVE_* in ssl_misc.h
...
Done by commands:
```
sed -i "300,$ s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
sed -i "300,$ s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
sed -i "300,$ s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 12:16:29 +08:00
Pengyu Lv
829dd2048a
ssl: use MBEDTLS_SSL_HAVE_* in ssl_ciphersuites.c
...
Mainly done by the commands, with some manual adjust.
```
sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 12:01:26 +08:00
Pengyu Lv
f1b86b088f
ssl: add macro to indicate CBC mode is available
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 11:28:42 +08:00
Pengyu Lv
e870cc8c86
ssl: add macro for available key types
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-08 11:28:36 +08:00
Tom Cosgrove
53199b1c0a
Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed
...
TLS 1.3: EarlyData SRV: Write early data extension in EncryptedExtension
2023-11-07 13:59:13 +00:00
Tom Cosgrove
4122c16abd
Merge pull request #6945 from lpy4105/issue/6935/ticket_flags-kex-mode-determination
...
TLS 1.3: SRV: Check ticket_flags on kex mode determination when resumption
2023-11-07 09:26:21 +00:00
Jerry Yu
7ef9fd8989
fix various issues
...
- Debug message
- Improve comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-07 14:31:37 +08:00
Jerry Yu
2bea94ce2e
check the ticket version unconditional
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-07 14:18:17 +08:00
Yanray Wang
0751761b49
max_early_data_size: rename configuration function
...
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:34 +08:00
Yanray Wang
d5ed36ff24
early data: rename configuration function
...
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:24 +08:00
Pengyu Lv
44670c6eda
Revert "TLS 1.3: SRV: Don't select ephemeral mode on resumption"
...
This reverts commit dadeb20383
.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-07 09:58:53 +08:00
Dave Rodgman
4b67ac8adf
Merge pull request #8444 from Mbed-TLS/cvv-code-size
...
code size for mbedtls_cipher_validate_values
2023-11-06 12:50:37 +00:00
Gilles Peskine
8b6b41f6cd
Merge pull request #8434 from valeriosetti/issue8407
...
[G2] Make TLS work without Cipher
2023-11-04 15:05:00 +00:00
Dave Rodgman
4eb44e4780
Standardise some more headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-03 12:15:12 +00:00
Dave Rodgman
ce38adb731
Fix header in ssl_tls13_keys.c
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-03 10:29:25 +00:00
Dave Rodgman
f8be5f6ade
Fix overlooked files
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 20:43:00 +00:00
Dave Rodgman
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Dave Rodgman
e91d7c5d68
Update comment to mention IAR
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 10:36:38 +00:00
Jerry Yu
960b7ebbcf
move psk check to EE message on client side
...
early_data extension is sent in EE. So it should
not be checked in SH message.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:32:18 +08:00
Jerry Yu
82fd6c11bd
Add selected key and ciphersuite check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:32:17 +08:00
Jerry Yu
ce3b95e2c9
move ticket version check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:32:17 +08:00
Jerry Yu
454dda3e25
fix various issues
...
- improve output message
- Remove unnecessary checks
- Simplify test command
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:28:43 +08:00
Dave Rodgman
9ba640d318
Simplify use of __has_builtin
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 23:34:02 +00:00
Dave Rodgman
90c8ac2205
Add case for MSVC
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 23:27:24 +00:00
Dave Rodgman
64bdeb89b9
Use non-empty definition for fallback
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 23:27:04 +00:00
Dave Rodgman
52e7052b6c
tidy up comments
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 23:26:44 +00:00
Dave Rodgman
3e5cc175e0
Reduce code size in mbedtls_cipher_validate_values
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 18:00:01 +00:00
Dave Rodgman
6d2c1b3748
Restructure mbedtls_cipher_validate_values
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 18:00:01 +00:00
Dave Rodgman
fb24a8425a
Introduce MBEDTLS_ASSUME
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 17:59:56 +00:00
Pengyu Lv
dbd1e0d986
tls13: add helpers to check if psk[_ephemeral] allowed by ticket
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-31 10:17:17 +08:00
Pengyu Lv
29daf4a36b
tls13: server: fully check ticket_flags with available kex mode.
...
We need to fully check if the provided session ticket could be
used in the handshake, so that we wouldn't cause handshake
failure in some cases. Here we bring f8e50a9
back.
Example scenario:
A client proposes to a server, that supports only the psk_ephemeral
key exchange mode, two tickets, the first one is allowed only for
pure PSK key exchange mode and the second one is psk_ephemeral only.
We need to select the second tickets instead of the first one whose
ticket_flags forbid psk_ephemeral and thus cause a handshake
failure.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-31 09:34:14 +08:00
Dave Rodgman
b06d701f56
Merge pull request #8406 from beni-sandu/aesni
...
AES-NI: use target attributes for x86 32-bit intrinsics
2023-10-30 17:01:06 +00:00