Dave Rodgman
c4f984f2a5
Iterate in 16-byte chunks
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:20:19 +00:00
Tom Cosgrove
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile
...
TLS: remove RSA signature algorithms in `suite B` profile
2024-01-12 14:34:28 +00:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
...
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
Waleed Elmelegy
f0ccf46713
Add minor cosmetic changes to record size limit changelog and comments
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-12 10:52:45 +00:00
Ronald Cron
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function
...
Harmonise the names and return values of check functions in TLS code
2024-01-11 13:51:39 +00:00
Ronald Cron
7c14afcaaa
Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check
...
TLS1.3: SRV: check `min_tls_version` when parsing ClientHello
2024-01-11 13:34:09 +00:00
Paul Elliott
f149cd1a3a
Merge pull request #8688 from jwinzig-at-hilscher/development
...
Fix bug in mbedtls_x509_set_extension
2024-01-10 16:57:16 +00:00
Waleed Elmelegy
3ff472441a
Fix warning in ssl_tls13_generic.c
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
f501790ff2
Improve comments across record size limit changes
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
fbe42743eb
Fix issue in checking in writing extensions
...
Fix issue in checking if server received
record size limit extension.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
e1ac98d888
remove mbedtls_ssl_is_record_size_limit_valid function
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
d2fc90e024
Stop sending record size limit extension if it's not sent from client
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
148dfb6457
Change record size limit writing function
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
47d2946943
tls13: server: write Record Size Limit ext in EncryptedExtensions
...
- add the support in library
- update corresponding test cases.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
42017cd4c9
tls13: cli: write Record Size Limit ext in ClientHello
...
- add the support in library
- update corresponding test case
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
faf70bdf9d
ssl_tls13_generic: check value of RecordSizeLimit in helper function
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
a8b4291836
tls13: add generic function to write Record Size Limit ext
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Jonathan Winzig
5caf20ea80
Update fix to be more platform-independent
...
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-09 16:41:10 +01:00
Tom Cosgrove
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
...
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
Jonathan Winzig
05c722bfd0
Fix Issue #8687
...
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-09 15:20:03 +01:00
Manuel Pégourié-Gonnard
4aad0ff510
Merge pull request #8632 from valeriosetti/issue8598
...
[G5] Make block_cipher work with PSA
2024-01-08 08:07:53 +00:00
Waleed-Ziad Maamoun-Elmelegy
e2d3db5cfc
Update mbedtls_ssl_get_output_record_size_limit signature
...
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Waleed-Ziad Maamoun-Elmelegy <122474370+waleed-elmelegy-arm@users.noreply.github.com>
2024-01-05 14:19:16 +00:00
Dave Rodgman
a021d63bf7
Merge pull request #8642 from daverodgman/default-compiler-all
...
CI perf: Use clang by default in all.sh
2024-01-04 12:58:54 +00:00
Manuel Pégourié-Gonnard
5bad043c06
Merge pull request #8641 from valeriosetti/issue8358
...
G3-G4 wrap-up
2024-01-04 10:48:00 +00:00
Valerio Setti
c1c6858bfc
cipher_wrap: fix guards for some CCM/GCM functions
...
Legacy CCM and GCM can work even when AES_C is not defined thanks
to the block_cipher module, so we can relax guards in
cipher_wrap.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 17:20:58 +01:00
Dave Rodgman
84125a167e
Merge remote-tracking branch 'origin/development' into default-compiler-all
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-02 11:42:38 +00:00
Valerio Setti
e581e140cc
oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C
...
This commit also updates test_suite_pkparse.data file adding
MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-29 16:35:58 +01:00
Waleed Elmelegy
6a971fd61a
Refactor and improve Record size limit handling
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-28 17:48:16 +00:00
Valerio Setti
1fff4f2012
psa: add key_type as input parameter of psa_can_do_cipher()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-28 18:33:17 +01:00
Valerio Setti
1994e72e18
check_config/block_cipher: minor improvements
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-28 18:33:04 +01:00
Valerio Setti
a69e872001
pkcs[5/12]: add CIPHER_C for [en/de]crypting functions
...
This commit also updates corresponding test suites.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-21 16:39:04 +01:00
Dave Rodgman
3bc249959c
Merge branch 'development' into default-compiler-all
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-21 14:35:14 +00:00
Tom Cosgrove
c6088eceb4
Merge pull request #8384 from paul-elliott-arm/remove_ssl_null_tls12
...
Remove NULLing of ssl context in TLS1.2 transform population
2023-12-21 13:28:09 +00:00
Gilles Peskine
4bf4473ef0
Merge pull request #8633 from Wenxing-hou/clear_clienthello_comment
...
Make clienthello comment clear
2023-12-21 12:09:23 +00:00
Gilles Peskine
0e6fdc4f1d
Merge pull request #8342 from yanesca/threading_test_pc
...
Threading test proof of concept and plan
2023-12-21 12:08:41 +00:00
Waleed Elmelegy
65e3046e18
Fix code style in ssl_tls.c
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-20 17:55:10 +00:00
Waleed Elmelegy
049cd302ed
Refactor record size limit extension handling
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-20 17:28:31 +00:00
Tomi Fontanilles
851d8df58d
fix/work around dependency issues when !MBEDTLS_ECP_C
...
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
2023-12-20 13:09:27 +02:00
Tomi Fontanilles
9f41770313
pk_*: remove remaining references to MBEDTLS_PSA_CRYPTO_C
...
For real this time.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 13:05:55 +02:00
Tomi Fontanilles
bad170e159
pk: remove last references to MBEDTLS_PSA_CRYPTO_C
...
They are replaced by MBEDTLS_USE_PSA_CRYPTO.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
1941af087c
pk_wrap: remove last references to MBEDTLS_PSA_CRYPTO_C
...
Deprecated functions are removed and #ifdefs are updated accordingly.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
573dc23141
rsa: introduce rsa_internal_rsassa_pss_sign_no_mode_check()
...
And use it in the non-PSA version of mbedtls_pk_sign_ext()
to bypass checks that didn't succeed when used by TLS 1.3.
That is because in the failing scenarios the padding of
the RSA context is not set to PKCS_V21.
See the discussion on PR #7930 for more details.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
8174662b64
pk: implement non-PSA mbedtls_pk_sign_ext()
...
This makes the function always available with its
its implementation depending on MBEDTLS_USE_PSA_CRYPTO.
Related dependencies and tests are updated as well.
Fixes #7583 .
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Valerio Setti
689c0f71cb
tests: use new CCM/GCM capability macros in tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 09:54:18 +01:00
Manuel Pégourié-Gonnard
a4b38f24fd
Merge pull request #8579 from valeriosetti/issue7995
...
PK: clean up pkwrite
2023-12-20 08:20:10 +00:00
Valerio Setti
50333977c6
cipher_wrap: fix guards for alloc/free functions of CCM/GCM
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 07:36:05 +01:00
Dave Rodgman
a69c782351
Merge pull request #8634 from daverodgman/iar-fixes
...
IAR warning fix & some improvements
2023-12-19 16:26:23 +00:00
Dave Rodgman
d47186d6e3
Disable automatic setting of clang target flags on old clang
...
Old versions of clang don't support this pragma, so we have to assume
that the user will have set the flags.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 13:11:47 +00:00
Valerio Setti
7f062a58fb
pkwrite: add newlines when calling mbedtls_pem_write_buffer()
...
New defines, which are shared with the pkparse module, lack the
new line so we manually add it when invoking
mbedtls_pem_write_buffer().
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-19 07:48:42 +01:00
Valerio Setti
4bb5740a7d
Revert "pem: auto add newlines to header/footer in mbedtls_pem_write_buffer()"
...
This reverts commit 180915018d
.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-19 07:48:38 +01:00