mbedtls

Author	SHA1	Message	Date
Valerio Setti	5d1f29e700	ssl_tls: fix guards for accelerated ECDH Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-20 14:02:07 +01:00
Manuel Pégourié-Gonnard	4ebe2a7372	Merge pull request #7300 from valeriosetti/issue7281 Driver only EC JPAKE: re-enable the EC J-PAKE key exchange and get test parity	2023-03-20 09:54:47 +01:00
Manuel Pégourié-Gonnard	14c194aae9	Merge pull request #7271 from mpg/use-md-light Use md light	2023-03-20 09:01:16 +01:00
Dave Rodgman	f918d42332	Tidy up ARMCE terminology Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-17 17:52:23 +00:00
Dave Rodgman	0e2b06a1ce	Merge pull request #7083 from KloolK/record-size-limit/parsing Add parsing for Record Size Limit extension in TLS 1.3	2023-03-17 10:18:34 +00:00
Paul Elliott	9f02a4177b	Merge pull request #7009 from mprse/csr_write_san Added ability to include the SubjectAltName extension to a CSR - v.2	2023-03-17 10:07:27 +00:00
Manuel Pégourié-Gonnard	b33ef74d44	Use MD_LIGHT, not sha1.h, in RSA selftest Same note as previous commit regarding guards. Note that we could auto-enable MD_LIGHT only when SELF_TEST is defined, and even only when SHA1_C is defined too, but somewhere down the line we'll want to auto-enable it for the sake of other RSA function (not in selftest and could use any hash), so there's little point in optimizing the temporary condition, let's use the simple one upfront. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-17 09:43:28 +01:00
Manuel Pégourié-Gonnard	8316209c02	Use MD_LIGHT rather than md5.h in pem.c But, for now, still guard things with MBEDTLS_MD5_C, as md.c can only compute MD5 hashes when MBEDTLS_MD5_C is defined. We'll change the guards once that has changed. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-17 09:43:27 +01:00
Manuel Pégourié-Gonnard	9d698df4f4	Further clarify a comment Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard	a9ab4a2d60	Clarify a comment Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard	39a376a417	Finish removing HMAC from MD-light Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard	9b14639342	Dispatch according to init status. We shouldn't dispatch to PSA when drivers have not been initialized yet. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard	d8ea37f1a3	Add engine field to context structure For multi-part operations, we want to make the decision to use PSA or not only once, during setup(), and remember it afterwards. This supports the introduction, in the next few commits, of a dynamic component to that decision: has the PSA driver sub-system been initialized yet? Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:46:50 +01:00
Gilles Peskine	83d9e09b15	Switch metadata functions to the PSA-aware availability symbols Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:46:50 +01:00
Gilles Peskine	416d0e2b01	Introduce preprocessor symbols for MD algorithm support via PSA These new symbols will allow code to call the md module and benefit from PSA accelerator drivers. Code must use MBEDTLS_MD_CAN_xxx instead of MBEDTLS_xxx_C to check for support for a particular algorithm. This commit only defines the symbols. Subsequent commits will implement those symbols in the md module, and in users of the md module. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:46:50 +01:00
Valerio Setti	82b484ecbc	ecjpake: fix guards for driver only builds Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-16 08:21:44 +01:00
Gilles Peskine	2a44ac245f	Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api ssl_cache: Add cache entry removal api	2023-03-15 15:38:06 +01:00
Jan Bruckner	a0589e75a0	Changes from review Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-03-15 11:04:45 +01:00
Dave Rodgman	b599562033	Merge pull request #7240 from tom-cosgrove-arm/fix-issue-7234 Don't insist on MBEDTLS_HAVE_ASM for MBEDTLS_AESCE_C on non-Arm64 systems	2023-03-15 09:04:44 +00:00
Manuel Pégourié-Gonnard	18336dace2	Merge pull request #7196 from mprse/ecjpake-driver-dispatch-peer-user EC J-PAKE: partial fix for role vs user+peer	2023-03-15 09:37:30 +01:00
Pengyu Lv	0b9c012f21	ssl_cache: return the error code for mutex failure Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-03-15 14:37:32 +08:00
Dave Rodgman	023c8853ac	Merge pull request #7203 from yuhaoth/pr/add-cpu-modifier-for-aesce Add CPU modifier for AESCE	2023-03-14 15:58:57 +00:00
Przemek Stekiel	c0e6250ff9	Fix documentation and tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-14 11:49:36 +01:00
Jan Bruckner	151f64283f	Add parsing for Record Size Limit extension in TLS 1.3 Fixes #7007 Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-03-14 08:41:25 +01:00
Dave Rodgman	cdaaef52f4	Update include/mbedtls/pkcs7.h Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-14 07:13:50 +00:00
Dave Rodgman	bcc92d4f03	Update include/mbedtls/pkcs7.h Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-14 07:13:44 +00:00
Jerry Yu	fbf9523449	Revert "Add experimental warning" This reverts commit `be510fe470`. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-03-14 10:33:32 +08:00
Przemek Stekiel	fde112830f	Code optimizations and documentation fixes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-13 16:28:27 +01:00
Dave Rodgman	efbc5f7322	Update wording in comments Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-13 12:15:49 +00:00
Jerry Yu	be510fe470	Add experimental warning Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-03-13 11:26:35 +08:00
Jerry Yu	be78386681	Remove documents about command line options. After this PR, the issue has been fixed. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-03-13 10:58:41 +08:00
Przemek Stekiel	18cd6c908c	Use local macros for j-pake slient/server strings Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-12 16:59:28 +01:00
Przemek Stekiel	d7f6ad7bc8	Minor fixes (comments, cleanup) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-12 16:59:28 +01:00
Dave Rodgman	25b2dfa6da	Fix comment typo Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-12 08:50:58 +00:00
Dave Rodgman	957cc36be9	Improve wording; use PKCS #7 not PKCS7 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-12 08:50:58 +00:00
Dave Rodgman	3fe2abf306	Apply suggestions from code review Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-12 08:50:58 +00:00
Dave Rodgman	7c33b0cac6	Remove pre-production warnings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-12 08:50:58 +00:00
Manuel Pégourié-Gonnard	439dbc5c60	Fix dependency for TLS 1.3 as well Turns out TLS 1.3 is using the PK layer for signature generation & verification, and the PK layer is influenced by USE_PSA_CRYPTO. Also update docs/use-psa-crypto.md accordingly. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-10 12:37:15 +01:00
Manuel Pégourié-Gonnard	45bcb6aac8	Fix dependencies of 1.2 ECDSA key exchanges Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2... Also, move the definition of PSA_HAVE_FULL_ECDSA outside the MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-10 12:37:15 +01:00
Przemek Stekiel	e9254a0e55	Adapt driver dispatch documentation for user/peer getters Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 09:18:03 +01:00
Przemek Stekiel	1e7a927118	Add input getters for jpake user and peer Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 09:18:03 +01:00
Przemek Stekiel	26c909d587	Enable support for user/peer for JPAKE This is only partial support. Only 'client' and 'server' values are accepted for peer and user. Remove support for role. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 09:18:02 +01:00
Gilles Peskine	4da92832b0	Merge pull request #7117 from valeriosetti/issue6862 driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges	2023-03-09 20:49:44 +01:00
Dave Rodgman	bf4016e5d5	Merge pull request #6567 from mprse/ecjpake-driver-dispatch	2023-03-09 19:23:05 +00:00
Tom Cosgrove	94e841290d	Don't check prerequisites for MBEDTLS_AESCE_C if we won't use it Fixes #7234 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-03-09 17:17:42 +00:00
Przemek Stekiel	b8eaf635ba	Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-09 12:14:26 +01:00
Dave Rodgman	5e5aa4a4e6	Merge pull request #7218 from tom-cosgrove-arm/fix-typos-230307 Fix typos in development prior to release	2023-03-08 17:19:59 +00:00
Valerio Setti	1470ce3eba	fix typos Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-08 16:50:12 +01:00
Valerio Setti	30c4618970	Add new PSA_HAS_FULL_ECDSA macro for easily signal that PSA has full ECDSA support Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-08 16:47:28 +01:00
Gilles Peskine	ed7b5978cd	Merge pull request #6172 from gilles-peskine-arm/doc-tls13-psa_crypto_init Document the need to call psa_crypto_init for TLS 1.3	2023-03-07 20:13:53 +01:00

1 2 3 4 5 ...

5782 commits