Manuel Pégourié-Gonnard
70a1b6d828
Fix typos
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
a31ddb98dc
Fix and simplify TLS hash dependency declarations
...
Fixes #6441
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
bb21c5afa7
Use helper macros for hashes in check_config.h
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
5cd4b6403b
Use MD-light in entropy.c
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Valerio Setti
4059aba353
accelerated ecdh: re-enable TLS 1.3 key exchanges and fix guards in check_config
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
d3f0b9e78c
ecdhe: fix guards for accelerated ECDHE key exchanges
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:36:59 +01:00
Paul Elliott
f1eb5e2a04
Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-21 15:35:17 +00:00
Manuel Pégourié-Gonnard
49e67f814f
PKCS5: always use MD
...
As a consequence, MD_C is now enabled in component accel_hash_use_psa.
Fix guards in X.509 info function to avoid this causing a failure now.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
fb8d90a2db
RSA: always use MD light
...
Note: already auto-enabled in build_info.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
be97afe5d4
PKCS12: always use MD light
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
41bc8b6b1e
ECJPAKE: always use MD light
...
This enables access to all available hashes, instead of the previous
situation where you had to choose by including MD_C or not.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
534d64d67e
MD no longer depends on a built-in hash
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Dave Rodgman
d3b6e92967
Merge pull request #997 from gilles-peskine-arm/aesni-intrinsics
...
Implement AESNI with intrinsics
2023-03-20 18:20:51 +00:00
Valerio Setti
5d1f29e700
ssl_tls: fix guards for accelerated ECDH
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:02:07 +01:00
Manuel Pégourié-Gonnard
4ebe2a7372
Merge pull request #7300 from valeriosetti/issue7281
...
Driver only EC JPAKE: re-enable the EC J-PAKE key exchange and get test parity
2023-03-20 09:54:47 +01:00
Dave Rodgman
0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing
...
Add parsing for Record Size Limit extension in TLS 1.3
2023-03-17 10:18:34 +00:00
Gilles Peskine
dd6021caf1
Remove the dependency of MBEDTLS_AESNI_C on MBEDTLS_HAVE_ASM
...
AESNI can now be implemented with intrinsics.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 16:51:40 +01:00
Valerio Setti
82b484ecbc
ecjpake: fix guards for driver only builds
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-16 08:21:44 +01:00
Dave Rodgman
b599562033
Merge pull request #7240 from tom-cosgrove-arm/fix-issue-7234
...
Don't insist on MBEDTLS_HAVE_ASM for MBEDTLS_AESCE_C on non-Arm64 systems
2023-03-15 09:04:44 +00:00
Jan Bruckner
151f64283f
Add parsing for Record Size Limit extension in TLS 1.3
...
Fixes #7007
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-03-14 08:41:25 +01:00
Manuel Pégourié-Gonnard
439dbc5c60
Fix dependency for TLS 1.3 as well
...
Turns out TLS 1.3 is using the PK layer for signature generation &
verification, and the PK layer is influenced by USE_PSA_CRYPTO.
Also update docs/use-psa-crypto.md accordingly.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:15 +01:00
Manuel Pégourié-Gonnard
45bcb6aac8
Fix dependencies of 1.2 ECDSA key exchanges
...
Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2...
Also, move the definition of PSA_HAVE_FULL_ECDSA outside the
MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:15 +01:00
Tom Cosgrove
94e841290d
Don't check prerequisites for MBEDTLS_AESCE_C if we won't use it
...
Fixes #7234
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-09 17:17:42 +00:00
Valerio Setti
1470ce3eba
fix typos
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:50:12 +01:00
Valerio Setti
30c4618970
Add new PSA_HAS_FULL_ECDSA macro for easily signal that PSA has full ECDSA support
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Dave Rodgman
05b80a4eee
Merge pull request #6201 from gilles-peskine-arm/tls13_only-renegotiation
...
Disable MBEDTLS_SSL_RENEGOTIATION in TLS-1.3-only builds
2023-03-03 09:56:51 +00:00
Gilles Peskine
6def41b146
Merge pull request #6932 from yuhaoth/pr/fix-arm64-host-build-and-illegal_instrucion-fail
...
Replace CPU modifier check with file scope target cpu modifiers
2023-03-02 15:36:41 +01:00
Gilles Peskine
7d3186d18a
Disable MBEDTLS_SSL_RENEGOTIATION in tls13-only configuration
...
There's no renegotiation in TLS 1.3, so this option should have no effect.
Insist on having it disabled, to avoid the risk of accidentally having
different behavior in TLS 1.3 if the option is enabled (as happened in
https://github.com/Mbed-TLS/mbedtls/issues/6200 ).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-01 19:47:23 +01:00
Jerry Yu
1ae2b2f034
Improve code style
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-21 15:37:12 +08:00
Jerry Yu
35f2b26fd8
move cpu modifier flags check to source file
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-15 11:58:48 +08:00
Jerry Yu
b3b85ddf4a
Disable macro conflict check
...
It cause full configuration test fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-07 17:11:54 +08:00
Jerry Yu
2fddfd7f8f
Add AESCE confige options
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-07 17:11:51 +08:00
Jerry Yu
38257491aa
Add milliseconds time function
...
We provide windows and posix implementation for it.
With MBEDTLS_PLATFORM_MS_TIME_ALT, user can provide
their own implementation.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-12 18:01:14 +08:00
Jerry Yu
eba0ab5db2
Add million seconds time type.
...
From RFC8446, the unit of ticket age is million seconds
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-12 18:01:14 +08:00
Manuel Pégourié-Gonnard
3368724ade
Merge pull request #6870 from valeriosetti/issue6831
...
Document/test dependencies on ECP & Bignum
2023-01-10 09:25:41 +01:00
Valerio Setti
8e45cdd440
fix wrong dependency for X509_TRUSTED_CERTIFICATE_CALLBACK
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-05 09:33:38 +01:00
Valerio Setti
a4bb0fabea
check_config: add missing dependencies for the build without BIGNUM
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 16:20:43 +01:00
Manuel Pégourié-Gonnard
7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702
...
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
2023-01-03 09:36:58 +01:00
Gilles Peskine
d1dd41f3fc
Merge pull request #6723 from mpg/restartable-vs-use-psa
...
Document ECP_RESTARTABLE and make it compatible with USE_PSA
2022-12-15 19:47:44 +01:00
Valerio Setti
a3f99591f6
sha: make SHA-224 independent from SHA-256
...
Using proper configuration options (i.e. MBEDTLS_SHA224_C and
MBEDTLS_SHA256_C) it is now possible to build SHA224 and SHA256
independently from each other.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 10:56:54 +01:00
Valerio Setti
43363f5962
sha: make SHA-384 independent from SHA-512
...
Using proper configuration options (i.e. MBEDTLS_SHA384_C and
MBEDTLS_SHA512_C) it is now possible to build SHA384 and SHA512
independently from each other.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 08:53:23 +01:00
Manuel Pégourié-Gonnard
2b70a3f831
Merge pull request #6558 from lpy4105/6416-psa_macros_name_typo
...
check_names: extend typo check to PSA macro/enum names
2022-12-13 09:56:27 +01:00
Manuel Pégourié-Gonnard
ad45c4d386
Document that ECP_RESTARTABLE depends on ECP_C
...
This is not new, it had always been the case, just not documented.
Pointed out by depends.py pkalgs (again, now that restartable is part of
full).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
1a100b69a4
Merge pull request #6705 from davidhorstmann-arm/code-style-script-non-corrected
...
Add code style correction script
2022-12-09 09:41:14 +01:00
Ronald Cron
fbba0e9d75
Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface
...
TLS 1.3: Refactor early data configuration interface.
2022-12-07 09:42:12 +01:00
David Horstmann
1b84781184
Disable code style correction in check_config.h
...
Code style correction currently messes up check_names.py
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-12-06 16:09:17 +00:00
Manuel Pégourié-Gonnard
ad27b8074f
Declare ECP_RESTARTABLE and USE_PSA compatible
...
This is only the beginning:
- some test failures in test_suite_pk, test_suite_x509 and ssl-opt.sh
will be fixed in the next few commits;
- then the interactions between those options will be documented and
tested.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-06 11:05:28 +01:00
Jerry Yu
12c46bd14f
fix various issues
...
- disable reuse of max_early_data_size.
- make conf_early_data available for server.
- various comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 11:02:51 +08:00
Tom Cosgrove
1797b05602
Fix typos prior to release
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Jerry Yu
16f6853b05
Add max_early_data_size config option
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00