12545 Commits

Author	SHA1	Message	Date
Yanray Wang	f03b49122c	aes.c: guard RSb and RTx properly ... If we enabled AES_DECRYPT_ALT and either AES_SETKEY_DEC_ALT or AES_USE_HARDWARE_ONLY, this means RSb and RTx are not needed. This commit extends how we guard RSb and RTx for the combinations of these configurations. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-09 11:43:21 +08:00
Gilles Peskine	4dec9ebdc2	Merge pull request #8378 from mschulz-at-hilscher/fixes/issue-8377 ... Fixes "CSR parsing with critical fields fails"	2023-11-08 18:07:04 +00:00
Dave Rodgman	0d22539de0	Merge pull request #8468 from daverodgman/mbedtls-3.5.1-pr ... Mbed TLS 3.5.1	2023-11-08 18:01:32 +00:00
Ryan Everett	5567e3a34b	Make empty key slots explicit ... Add new status field to key slots, and use it. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2023-11-08 13:28:20 +00:00
Dave Rodgman	28d40930ae	Restore bump version ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-08 11:40:08 +00:00
Yanray Wang	004a60c087	aes.c: remove non-functional code ... Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-08 19:05:31 +08:00
Pengyu Lv	2bd56de3f4	ssl: replace MBEDTLS_SSL_HAVE_*_CBC with two seperate macros ... MBEDTLS_SSL_HAVE_<block_cipher>_CBC equals MBEDTLS_SSL_HAVE_<block_cipher> and MBEDTLS_SSL_HAVE_CBC. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 14:21:19 +08:00
Pengyu Lv	65458fa969	ssl: MBEDTLS_SSL_HAVE_* in ssl_misc.h ... Done by commands: ``` sed -i "300,$ s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h sed -i "300,$ s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h sed -i "300,$ s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h ``` Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 12:16:29 +08:00
Pengyu Lv	829dd2048a	ssl: use MBEDTLS_SSL_HAVE_* in ssl_ciphersuites.c ... Mainly done by the commands, with some manual adjust. ``` sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c ``` Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 12:01:26 +08:00
Pengyu Lv	f1b86b088f	ssl: add macro to indicate CBC mode is available ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 11:28:42 +08:00
Pengyu Lv	e870cc8c86	ssl: add macro for available key types ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 11:28:36 +08:00
Tom Cosgrove	53199b1c0a	Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed ... TLS 1.3: EarlyData SRV: Write early data extension in EncryptedExtension	2023-11-07 13:59:13 +00:00
Yanray Wang	4995e0c31b	cipher.c: return error for ECB-decrypt under BLOCK_CIPHER_NO_DECRYPT ... - fix remaining dependency in test_suite_psa_crypto.data Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-07 17:51:32 +08:00
Tom Cosgrove	4122c16abd	Merge pull request #6945 from lpy4105/issue/6935/ticket_flags-kex-mode-determination ... TLS 1.3: SRV: Check ticket_flags on kex mode determination when resumption	2023-11-07 09:26:21 +00:00
Jerry Yu	7cca7f6820	move ext print to the end of write client hello ... pre_shared_key extension is done at the end. The information should be print after that Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-07 15:19:13 +08:00
Jerry Yu	1ccd6108e8	Revert "fix miss sent extensions mask" ... This reverts commit 06b364fdfd9a1816abaef3de336a4c701e760b3a. It has been set in write_binders Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-07 14:57:44 +08:00
Jerry Yu	7ef9fd8989	fix various issues ... - Debug message - Improve comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-07 14:31:37 +08:00
Jerry Yu	2bea94ce2e	check the ticket version unconditional ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-07 14:18:17 +08:00
Yanray Wang	0751761b49	max_early_data_size: rename configuration function ... Rename mbedtls_ssl_tls13_conf_max_early_data_size as mbedtls_ssl_conf_max_early_data_size since in the future this may not be specific to TLS 1.3. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-07 11:49:34 +08:00
Yanray Wang	d5ed36ff24	early data: rename configuration function ... Rename mbedtls_ssl_tls13_conf_early_data as mbedtls_ssl_conf_early_data since in the future this may not be specific to TLS 1.3. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-07 11:49:24 +08:00
Pengyu Lv	44670c6eda	Revert "TLS 1.3: SRV: Don't select ephemeral mode on resumption" ... This reverts commit dadeb20383956f6b8654fce1501ab2d572f09058. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-07 09:58:53 +08:00
Dave Rodgman	4b67ac8adf	Merge pull request #8444 from Mbed-TLS/cvv-code-size ... code size for mbedtls_cipher_validate_values	2023-11-06 12:50:37 +00:00
Yanray Wang	0d76b6ef76	Return an error if asking for decrypt under BLOCK_CIPHER_NO_DECRYPT ... If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled, but decryption is still requested in some incompatible modes, we return an error of FEATURE_UNAVAILABLE as additional indication. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-06 10:02:10 +08:00
Yanray Wang	de0e2599ad	cipher_wrap.c: remove unnecessary NO_DECRYPT guard for DES ... Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-06 10:02:10 +08:00
Gilles Peskine	8b6b41f6cd	Merge pull request #8434 from valeriosetti/issue8407 ... [G2] Make TLS work without Cipher	2023-11-04 15:05:00 +00:00
Dave Rodgman	4eb44e4780	Standardise some more headers ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-03 12:15:12 +00:00
Dave Rodgman	ce38adb731	Fix header in ssl_tls13_keys.c ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-03 10:29:25 +00:00
Dave Rodgman	f8be5f6ade	Fix overlooked files ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 20:43:00 +00:00
Dave Rodgman	16799db69a	update headers ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
Dave Rodgman	e91d7c5d68	Update comment to mention IAR ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 10:36:38 +00:00
Dave Rodgman	b351d60e99	Merge remote-tracking branch 'origin/development' into msft-aarch64	2023-11-01 13:20:53 +00:00
Jerry Yu	960b7ebbcf	move psk check to EE message on client side ... early_data extension is sent in EE. So it should not be checked in SH message. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-01 10:32:18 +08:00
Jerry Yu	82fd6c11bd	Add selected key and ciphersuite check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-01 10:32:17 +08:00
Jerry Yu	ce3b95e2c9	move ticket version check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-01 10:32:17 +08:00
Jerry Yu	454dda3e25	fix various issues ... - improve output message - Remove unnecessary checks - Simplify test command Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-01 10:28:43 +08:00
Dave Rodgman	9ba640d318	Simplify use of __has_builtin ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-31 23:34:02 +00:00
Dave Rodgman	90c8ac2205	Add case for MSVC ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-31 23:27:24 +00:00
Dave Rodgman	64bdeb89b9	Use non-empty definition for fallback ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-31 23:27:04 +00:00
Dave Rodgman	52e7052b6c	tidy up comments ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-31 23:26:44 +00:00
Dave Rodgman	3e5cc175e0	Reduce code size in mbedtls_cipher_validate_values ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-31 18:00:01 +00:00
Dave Rodgman	6d2c1b3748	Restructure mbedtls_cipher_validate_values ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-31 18:00:01 +00:00
Dave Rodgman	fb24a8425a	Introduce MBEDTLS_ASSUME ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-31 17:59:56 +00:00
Yanray Wang	b67b47425e	Rename MBEDTLS_CIPHER_ENCRYPT_ONLY as MBEDTLS_BLOCK_CIPHER_NO_DECRYPT ... Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-10-31 17:22:06 +08:00
Pengyu Lv	dbd1e0d986	tls13: add helpers to check if psk[_ephemeral] allowed by ticket ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-10-31 10:17:17 +08:00
Pengyu Lv	29daf4a36b	tls13: server: fully check ticket_flags with available kex mode. ... We need to fully check if the provided session ticket could be used in the handshake, so that we wouldn't cause handshake failure in some cases. Here we bring f8e50a9 back. Example scenario: A client proposes to a server, that supports only the psk_ephemeral key exchange mode, two tickets, the first one is allowed only for pure PSK key exchange mode and the second one is psk_ephemeral only. We need to select the second tickets instead of the first one whose ticket_flags forbid psk_ephemeral and thus cause a handshake failure. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-10-31 09:34:14 +08:00
Dave Rodgman	b06d701f56	Merge pull request #8406 from beni-sandu/aesni ... AES-NI: use target attributes for x86 32-bit intrinsics	2023-10-30 17:01:06 +00:00
Tom Cosgrove	3857bad9a2	Merge pull request #8427 from tom-cosgrove-arm/fix-linux-builds-in-conda-forge ... Fix builds in conda-forge, which doesn't have CLOCK_BOOTTIME	2023-10-30 15:29:26 +00:00
Valerio Setti	467271dede	ssl_misc: ignore ALG_CBC_PKCS7 for MBEDTLS_SSL_HAVE_xxx_CBC ... Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-30 11:40:32 +01:00
Valerio Setti	1ebb6cd68d	ssl_misc: add internal MBEDTLS_SSL_HAVE_[AES/ARIA/CAMELLIA]_CBC symbols ... These are used in tests to determine whether there is support for one of those keys for CBC mode. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-30 11:36:32 +01:00
Jerry Yu	06b364fdfd	fix miss sent extensions mask ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-30 17:18:42 +08:00