94e3a873ce
mbedtls_pk_get_psa_attributes: test bad usage value
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-01-23 20:09:38 +01:00
ace7c7721e
mbedtls_pk_get_psa_attributes: ECC support
...
Add code and unit tests for MBEDTLS_PK_ECxxx in
mbedtls_pk_get_psa_attributes().
This commit only supports built-in ECC (MBEDTLS_ECP_C). A subsequent commit
will handle driver-only ECC.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-01-23 20:09:38 +01:00
6ea18361df
mbedtls_pk_get_psa_attributes: RSA support
...
Add code and unit tests for MBEDTLS_PK_RSA in mbedtls_pk_get_psa_attributes().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-01-23 20:09:38 +01:00
1f97e73114
mbedtls_pk_get_psa_attributes: force enrollment algorithm off
...
This avoids a possible gotcha when if the application code reuses an
existing attribute structure.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-01-23 20:09:38 +01:00
0b17255da1
Introduce mbedtls_pk_get_psa_attributes
...
Follow the specification in https://github.com/Mbed-TLS/mbedtls/pull/8657
as of dd77343381dd77343381/docs/architecture/psa-migration/psa-legacy-bridges.md (api-to-create-a-psa-key-from-a-pk-context)Gilles.Peskine@arm.com >
2024-01-23 20:09:38 +01:00
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile
...
TLS: remove RSA signature algorithms in `suite B` profile
2024-01-12 14:34:28 +00:00
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
...
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
f0ccf46713
Add minor cosmetic changes to record size limit changelog and comments
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-12 10:52:45 +00:00
4b09dcd19c
Change renegotiation test to use G_NEXT_SRV
...
Change renegotiation test to use G_NEXT_SRV
to avoid problems when sending TLS 1.3
extensions since we exceed the extension
limit in G_SRV.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-12 10:50:25 +00:00
3519cfb3d8
Merge pull request #8639 from bensze01/release_components
...
Set OpenSSL/GnuTLS variables when running release components
2024-01-11 15:38:35 +00:00
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function
...
Harmonise the names and return values of check functions in TLS code
2024-01-11 13:51:39 +00:00
7c14afcaaa
Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check
...
TLS1.3: SRV: check `min_tls_version` when parsing ClientHello
2024-01-11 13:34:09 +00:00
85ddd43656
Improve record size limit changelog wording
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-11 11:07:57 +00:00
eeb96ac9fe
Merge pull request #8433 from yuhaoth/pr/add-deprecated-flag-for-sig_hashes-api
...
Add deprecated flag in document for sig_hashes
2024-01-11 09:33:10 +00:00
e83be5f639
Change renegotiation tests to work with TLS 1.2 only
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 23:39:54 +00:00
f149cd1a3a
Merge pull request #8688 from jwinzig-at-hilscher/development
...
Fix bug in mbedtls_x509_set_extension
2024-01-10 16:57:16 +00:00
3ff472441a
Fix warning in ssl_tls13_generic.c
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
1487760b55
Change order of checking of record size limit client tests
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
09561a7575
Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to config_adjust_ssl.h
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
a3bfdea82b
Revert "Make sure record size limit is not configured without TLS 1.3"
...
This reverts commit 52cac7a3e6782bbf46a76158c9034afad53981a7.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
7ae74b74cc
Make sure record size limit is not configured without TLS 1.3
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
f37c70746b
Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to full config
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
e840263f76
Move record size limit testing to tls13 component
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
2fa99b2ddd
Add tests for client complying with record size limit
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
f501790ff2
Improve comments across record size limit changes
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
9457e67afd
update record size limit tests to be more consistent
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
2a2462e8f9
Add Changlog entry for record size extension
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
3a37756496
Improve record size limit tests
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
fbe42743eb
Fix issue in checking in writing extensions
...
Fix issue in checking if server received
record size limit extension.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:27 +00:00
e1ac98d888
remove mbedtls_ssl_is_record_size_limit_valid function
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:27 +00:00
d2fc90e024
Stop sending record size limit extension if it's not sent from client
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:27 +00:00
148dfb6457
Change record size limit writing function
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:27 +00:00
598ea09dd5
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:27 +00:00
47d2946943
tls13: server: write Record Size Limit ext in EncryptedExtensions
...
- add the support in library
- update corresponding test cases.
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:27 +00:00
42017cd4c9
tls13: cli: write Record Size Limit ext in ClientHello
...
- add the support in library
- update corresponding test case
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2024-01-10 16:17:27 +00:00
faf70bdf9d
ssl_tls13_generic: check value of RecordSizeLimit in helper function
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2024-01-10 16:17:27 +00:00
a8b4291836
tls13: add generic function to write Record Size Limit ext
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2024-01-10 16:17:27 +00:00
3eb9025275
Merge pull request #8680 from mpg/ciphers-wrapup
...
Driver-only ciphers wrapup
2024-01-10 12:04:50 +00:00
e334486753
Add new lines before lists
...
This is more portable markdown, and also for people who read the text,
it make the new lines after the list (but inside the same sentence) less
surprising I hope.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-01-10 10:24:31 +01:00
0f45a1aec5
Fix typos / improve syntax
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-01-10 09:43:30 +01:00
315c3ca9e5
Add required dependency to the testcase
...
Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com >
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com >
2024-01-09 18:31:11 +01:00
6c9779fabb
Remove unneeded testcase
...
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com >
2024-01-09 17:47:10 +01:00
a72454bc16
Update test-data to use SIZE_MAX
...
Co-authored-by: David Horstmann <david.horstmann@arm.com >
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com >
2024-01-09 17:39:42 +01:00
c5e77bf4e4
Add missing newline at the end of test_suite_x509write.data
...
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com >
2024-01-09 16:47:12 +01:00
5caf20ea80
Update fix to be more platform-independent
...
Co-authored-by: David Horstmann <david.horstmann@arm.com >
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com >
2024-01-09 16:41:10 +01:00
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
...
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
05c722bfd0
Fix Issue #8687
...
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com >
2024-01-09 15:20:03 +01:00
2bd2b788cf
Add tests for Issue #8687
...
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com >
2024-01-09 15:19:42 +01:00
454ab28be5
Merge pull request #8668 from gilles-peskine-arm/asymmetric_key_data-secpr1
...
Fix incorrect test data for SECP_R1 in automatically generated tests
2024-01-09 09:21:14 +00:00
60c9eee267
Improve wording & fix typos
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-01-09 10:09:17 +01:00
