Commit graph

29115 commits

Author SHA1 Message Date
Dave Rodgman
b7778b2388 Fix ASAN error in test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 16:27:34 +00:00
Bence Szépkúti
333ca8fdfc Migrate to new RTD redirect format
Migrate to the new redirect format introduced by ReadTheDocs in
readthedocs/readthedocs.org#10881

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-01-16 17:06:06 +01:00
Dave Rodgman
9f97566c04 Add Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 13:24:45 +00:00
Dave Rodgman
24ad1b59e8 Add NIST AES-CTR test vectors
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 13:24:45 +00:00
Dave Rodgman
4cc6fb9039 add test for multipart AES-CTR
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 13:24:45 +00:00
Dave Rodgman
46697da5b3 Make gcm counter increment more efficient
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
174eeff235 Save 14 bytes in CTR-DRBG
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
591ff05384 Use optimised counter increment in AES-CTR and CTR-DRBG
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
ae730348e9 Add tests for mbedtls_ctr_increment_counter
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
b49cf1019d Introduce mbedtls_ctr_increment_counter
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Ryan Everett
1d32a57764 Revert change to psa_destroy_key documentation
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:27:58 +00:00
Ryan Everett
709120a9ce Revert change to return behaviour in psa_reserve_free_key_slot
This change was a mistake, we still need to wipe the pointers here.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:50 +00:00
Ryan Everett
dfe8bf86a8 Return CORRUPTION_DETECTED instead of BAD_SLOT when the slot's state is wrong
These error codes are only returned if the program has been tampered with,
so they should be CORRUPTION_DETECTED.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:50 +00:00
Ryan Everett
4755e6bda4 Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION
psa_wipe_key_slot can now be called on a slot in any state, if the slot's state
is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered
reader.

Remove the state changing calls that are no longer necessary.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:35 +00:00
Dave Rodgman
c4f984f2a5 Iterate in 16-byte chunks
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:20:19 +00:00
Dave Rodgman
67223bb501 add support for AES-CTR to benchmark
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-12 18:33:57 +00:00
Tom Cosgrove
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile
TLS: remove RSA signature algorithms in `suite B` profile
2024-01-12 14:34:28 +00:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
Waleed Elmelegy
f0ccf46713 Add minor cosmetic changes to record size limit changelog and comments
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-12 10:52:45 +00:00
Waleed Elmelegy
4b09dcd19c Change renegotiation test to use G_NEXT_SRV
Change renegotiation test to use G_NEXT_SRV
to avoid problems when sending TLS 1.3
extensions since we exceed the extension
limit in G_SRV.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-12 10:50:25 +00:00
Paul Elliott
3519cfb3d8
Merge pull request #8639 from bensze01/release_components
Set OpenSSL/GnuTLS variables when running release components
2024-01-11 15:38:35 +00:00
Ronald Cron
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function
Harmonise the names and return values of check functions in TLS code
2024-01-11 13:51:39 +00:00
Ronald Cron
7c14afcaaa
Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check
TLS1.3: SRV: check `min_tls_version` when parsing ClientHello
2024-01-11 13:34:09 +00:00
Waleed Elmelegy
85ddd43656 Improve record size limit changelog wording
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-11 11:07:57 +00:00
Manuel Pégourié-Gonnard
eeb96ac9fe
Merge pull request #8433 from yuhaoth/pr/add-deprecated-flag-for-sig_hashes-api
Add deprecated flag in document for sig_hashes
2024-01-11 09:33:10 +00:00
Valerio Setti
19ec9e4f66 psa_crypto_ecp: remove support for secp224k1
Since this curve is not supported in PSA (and it will not ever be
in the future), we save a few bytes.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-11 07:07:14 +01:00
Waleed Elmelegy
e83be5f639 Change renegotiation tests to work with TLS 1.2 only
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 23:39:54 +00:00
Paul Elliott
f149cd1a3a
Merge pull request #8688 from jwinzig-at-hilscher/development
Fix bug in mbedtls_x509_set_extension
2024-01-10 16:57:16 +00:00
Waleed Elmelegy
3ff472441a Fix warning in ssl_tls13_generic.c
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
1487760b55 Change order of checking of record size limit client tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
09561a7575 Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to config_adjust_ssl.h
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
a3bfdea82b Revert "Make sure record size limit is not configured without TLS 1.3"
This reverts commit 52cac7a3e6782bbf46a76158c9034afad53981a7.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
7ae74b74cc Make sure record size limit is not configured without TLS 1.3
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
f37c70746b Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to full config
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
e840263f76 Move record size limit testing to tls13 component
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
2fa99b2ddd Add tests for client complying with record size limit
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
f501790ff2 Improve comments across record size limit changes
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
9457e67afd update record size limit tests to be more consistent
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
2a2462e8f9 Add Changlog entry for record size extension
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
3a37756496 Improve record size limit tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
fbe42743eb Fix issue in checking in writing extensions
Fix issue in checking if server received
record size limit extension.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
e1ac98d888 remove mbedtls_ssl_is_record_size_limit_valid function
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
d2fc90e024 Stop sending record size limit extension if it's not sent from client
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
148dfb6457 Change record size limit writing function
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
598ea09dd5 TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
47d2946943 tls13: server: write Record Size Limit ext in EncryptedExtensions
- add the support in library
- update corresponding test cases.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
42017cd4c9 tls13: cli: write Record Size Limit ext in ClientHello
- add the support in library
- update corresponding test case

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
faf70bdf9d ssl_tls13_generic: check value of RecordSizeLimit in helper function
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
a8b4291836 tls13: add generic function to write Record Size Limit ext
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Manuel Pégourié-Gonnard
3eb9025275
Merge pull request #8680 from mpg/ciphers-wrapup
Driver-only ciphers wrapup
2024-01-10 12:04:50 +00:00