0d22539de0
Merge pull request #8468 from daverodgman/mbedtls-3.5.1-pr
...
Mbed TLS 3.5.1
2023-11-08 18:01:32 +00:00
28d40930ae
Restore bump version
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-08 11:40:08 +00:00
53199b1c0a
Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed
...
TLS 1.3: EarlyData SRV: Write early data extension in EncryptedExtension
2023-11-07 13:59:13 +00:00
4122c16abd
Merge pull request #6945 from lpy4105/issue/6935/ticket_flags-kex-mode-determination
...
TLS 1.3: SRV: Check ticket_flags on kex mode determination when resumption
2023-11-07 09:26:21 +00:00
7ef9fd8989
fix various issues
...
- Debug message
- Improve comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-07 14:31:37 +08:00
2bea94ce2e
check the ticket version unconditional
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-07 14:18:17 +08:00
44670c6eda
Revert "TLS 1.3: SRV: Don't select ephemeral mode on resumption"
...
This reverts commit dadeb20383pengyu.lv@arm.com >
2023-11-07 09:58:53 +08:00
4b67ac8adf
Merge pull request #8444 from Mbed-TLS/cvv-code-size
...
code size for mbedtls_cipher_validate_values
2023-11-06 12:50:37 +00:00
8b6b41f6cd
Merge pull request #8434 from valeriosetti/issue8407
...
[G2] Make TLS work without Cipher
2023-11-04 15:05:00 +00:00
4eb44e4780
Standardise some more headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-03 12:15:12 +00:00
ce38adb731
Fix header in ssl_tls13_keys.c
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-03 10:29:25 +00:00
f8be5f6ade
Fix overlooked files
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-02 20:43:00 +00:00
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-02 19:47:20 +00:00
e91d7c5d68
Update comment to mention IAR
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-02 10:36:38 +00:00
960b7ebbcf
move psk check to EE message on client side
...
early_data extension is sent in EE. So it should
not be checked in SH message.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-01 10:32:18 +08:00
82fd6c11bd
Add selected key and ciphersuite check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-01 10:32:17 +08:00
ce3b95e2c9
move ticket version check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-01 10:32:17 +08:00
454dda3e25
fix various issues
...
- improve output message
- Remove unnecessary checks
- Simplify test command
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-01 10:28:43 +08:00
9ba640d318
Simplify use of __has_builtin
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-10-31 23:34:02 +00:00
90c8ac2205
Add case for MSVC
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-10-31 23:27:24 +00:00
64bdeb89b9
Use non-empty definition for fallback
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-10-31 23:27:04 +00:00
52e7052b6c
tidy up comments
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-10-31 23:26:44 +00:00
3e5cc175e0
Reduce code size in mbedtls_cipher_validate_values
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-10-31 18:00:01 +00:00
6d2c1b3748
Restructure mbedtls_cipher_validate_values
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-10-31 18:00:01 +00:00
fb24a8425a
Introduce MBEDTLS_ASSUME
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-10-31 17:59:56 +00:00
dbd1e0d986
tls13: add helpers to check if psk[_ephemeral] allowed by ticket
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-10-31 10:17:17 +08:00
29daf4a36b
tls13: server: fully check ticket_flags with available kex mode.
...
We need to fully check if the provided session ticket could be
used in the handshake, so that we wouldn't cause handshake
failure in some cases. Here we bring f8e50a9pengyu.lv@arm.com >
2023-10-31 09:34:14 +08:00
b06d701f56
Merge pull request #8406 from beni-sandu/aesni
...
AES-NI: use target attributes for x86 32-bit intrinsics
2023-10-30 17:01:06 +00:00
3857bad9a2
Merge pull request #8427 from tom-cosgrove-arm/fix-linux-builds-in-conda-forge
...
Fix builds in conda-forge, which doesn't have CLOCK_BOOTTIME
2023-10-30 15:29:26 +00:00
467271dede
ssl_misc: ignore ALG_CBC_PKCS7 for MBEDTLS_SSL_HAVE_xxx_CBC
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-30 11:40:32 +01:00
1ebb6cd68d
ssl_misc: add internal MBEDTLS_SSL_HAVE_[AES/ARIA/CAMELLIA]_CBC symbols
...
These are used in tests to determine whether there is support for
one of those keys for CBC mode.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-30 11:36:32 +01:00
cfb23b8090
tls13: server: parse pre_shared_key only when some psk is selectable
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-10-30 15:26:26 +08:00
800f2b7c02
AES-NI: use target attributes for x86 32-bit intrinsics
...
This way we build with 32-bit gcc/clang out of the box.
We also fallback to assembly for 64-bit clang-cl if needed cpu
flags are not provided, instead of throwing an error.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com >
2023-10-27 17:02:22 +01:00
36fe8b9f4b
psa_crypto_cipher: add guard for unused variable
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-27 09:13:33 +02:00
1e21f26d88
psa_crypto_cipher: add helper to validate PSA cipher values
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-27 09:13:33 +02:00
4a249828a8
psa_crypto_cipher: add mbedtls_cipher_values_from_psa()
...
This commit splits mbedtls_cipher_info_from_psa() in 2 parts:
- mbedtls_cipher_values_from_psa() that performs parameters' validation and
return cipher's values
- mbedtls_cipher_info_from_psa() which then use those values to return
the proper cipher_info pointer. Of course this depends on CIPHER_C.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-27 09:12:06 +02:00
2c2adedd82
psa_crypto_aead: add guard for CIPHER_C dependency
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-27 09:12:06 +02:00
71c14f1db6
write early data indication in EE msg
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-10-27 10:52:49 +08:00
985c967a14
tls13: add more checks for server early data
...
- check if it is enabled
- check if it is psk mode
- check if it is resumption
- check if it is tls13 version
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-10-27 10:52:27 +08:00
51328162e6
Merge pull request #8374 from sergio-nsk/sergio-nsk/8372/2
...
Fix compiling AESNI in Mbed-TLS with clang on Windows
2023-10-26 21:21:01 +00:00
2db1e354e3
Merge pull request #8408 from daverodgman/iar-fix-aes
...
Fix MBEDTLS_MAYBE_UNUSED for IAR
2023-10-26 15:53:11 +00:00
b3d0ed2e6e
Merge pull request #8303 from valeriosetti/issue6316
...
Add test component with all ciphers and AEADs accelerated only
2023-10-26 15:53:10 +00:00
257f6dd57d
Fix builds in conda-forge, which doesn't have CLOCK_BOOTTIME
...
Fixes #8422
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2023-10-26 14:04:34 +01:00
95b735530c
Merge pull request #6719 from yuhaoth/pr/tls13-early-data-add-early-data-of-client-hello
...
TLS 1.3: EarlyData SRV: Add early data extension parser.
2023-10-26 08:31:53 +00:00
bbc46b4cc2
cipher: improve code readibility in mbedtls_cipher_setup()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-26 09:00:21 +02:00
d1c4fb07ee
Support older IAR versions
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-10-25 15:07:35 +01:00
79a02de79f
cipher: check that ctx_alloc_func is not NULL before calling it
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-25 12:03:36 +02:00
a6c0761c43
cipher_wrap: fix guards for GCM/CCM AES
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-25 12:03:36 +02:00
e86677d0c3
pkparse: fix missing guards for pkcs5/12 functions
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-25 12:03:36 +02:00
d69d3cda34
Merge pull request #8298 from daverodgman/sha-armce-thumb2
...
Support SHA256 acceleration on Armv8 thumb2 and arm
2023-10-24 21:23:15 +00:00
