AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
16,565 Commits 1 Branch 0 Tags 61 MiB
e45e6401af
Commit Graph

346 Commits

Author SHA1 Message Date
Dave Rodgman
e45e6401af Re-order to put some more significant items at the top 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman
8cccbe11df Update the migration guide 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:33:59 +01:00
Dave Rodgman
dc1a3b2d70
Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0 
Cleanup SSL error code space
 2021-06-30 09:02:55 +01:00
Ronald Cron
8682faeb09
Merge pull request #4694 from gilles-peskine-arm/out_size-3.0 
Add output size parameter to signature functions
 2021-06-29 09:43:17 +02:00
Bence Szépkúti
9cd7065307 No other headers are included by mbedtls_config.h 
These have been moved to build_info.h. Update the documentation to
reflect this.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 14:29:42 +01:00
Hanno Becker
2fc9a652bc Address review feedback 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
2e3ecda684 Adust migration guide for SSL error codes 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Bence Szépkúti
dbf5d2b1a7 Improve the instructions in the migration guide 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 10:37:41 +01:00
Bence Szépkúti
1b2a8836c4 Correct documentation references to Mbed TLS 
Use the correct formatting of the product name in the documentation.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 10:37:19 +01:00
Bence Szépkúti
60c863411c Remove references to MBEDTLS_USER_CONFIG_VERSION 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:48 +01:00
Bence Szépkúti
36da4ccc51 Update changelog and migration guide 
This reflect changes to the config version symbols.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:48 +01:00
Bence Szépkúti
8d9132f43c Fix typo 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:48 +01:00
Bence Szépkúti
90b79ab342 Add migration guide and changelog 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:48 +01:00
Bence Szépkúti
dba968f59b Realign Markdown table 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:47 +01:00
Bence Szépkúti
bb0cfeb2d4 Rename config.h to mbedtls_config.h 
This commit was generated using the following script:

# ========================
#!/bin/sh
git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i '
s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g
s/config\.h/mbedtls_config.h/g
y/\n/./
'
mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:33 +01:00
Gilles Peskine
f00f152444 Add output size parameter to signature functions 
The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable()
now take an extra parameter indicating the size of the output buffer for the
signature.

No change to RSA because for RSA, the output size is trivial to calculate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-25 00:46:22 +02:00
Gilles Peskine
fedd52ca19
Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation 
Require matching hashlen in RSA functions: implementation
 2021-06-24 10:28:20 +02:00
Gilles Peskine
f06b92d724
Merge pull request #4567 from mstarzyk-mobica/gcm_ad 
Enable multiple calls to mbedtls_gcm_update_ad
 2021-06-23 19:36:23 +02:00
Gilles Peskine
e9bc857327
Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export 
Implement modified key export API for Mbed TLS 3.0
 2021-06-22 18:52:37 +02:00
Gilles Peskine
9dbbc297a3 PK signature function: require exact hash length 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-22 18:39:41 +02:00
Dave Rodgman
5ec5003992 Document the return type change in the migration guide 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-22 13:49:09 +01:00
Manuel Pégourié-Gonnard
e7885e5441 RSA: Require hashlen to match md_alg when applicable 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-22 12:29:27 +02:00
Manuel Pégourié-Gonnard
3e7ddb2bb6
Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0 
Update the default hash and curve selection for X.509 and TLS
 2021-06-22 12:08:37 +02:00
Manuel Pégourié-Gonnard
508d3a5824
Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext 
Remove truncated HMAC extension
 2021-06-22 11:53:10 +02:00
Manuel Pégourié-Gonnard
a805d57261
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA 
Remove MD2, MD4, RC4, Blowfish and XTEA
 2021-06-22 09:27:41 +02:00
TRodziewicz
f41dc7cb35 Removal of RC4 certs and fixes to docs and tests 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-21 13:27:29 +02:00
Hanno Becker
7e6c178b6d Make key export callback and context connection-specific 
Fixes #2188

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Hanno Becker
d5c9cc7c90 Add migration guide for modified key export API 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard
9a32d45819
Merge pull request #4517 from hanno-arm/ticket_api_3_0 
Implement 3.0-API for SSL session resumption
 2021-06-18 18:34:45 +02:00
Manuel Pégourié-Gonnard
ae35830295
Merge pull request #4661 from mpg/make-blinding-mandatory 
Make blinding mandatory
 2021-06-18 18:32:13 +02:00
Dave Rodgman
8c8166a7f1
Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test 
Move part of timing module out of the library
 2021-06-18 16:35:58 +01:00
Thomas Daubney
ac84469dd1 Modifies Migration Guide entry 
Commit makes corrections to Migration Guide
entry for this task.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-06-18 14:08:56 +01:00
Thomas Daubney
379227cc59 Modifies ChangeLog and Migration Guide 
Entries in ChangeLog and Migration guide files
have been merged to cover both the removal of
MBEDTLS_SSL_TRUNCATED_HMAC and
MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-06-18 10:46:12 +01:00
Gilles Peskine
39957503c5 Remove secp256k1 from the default X.509 and TLS profiles 
For TLS, secp256k1 is deprecated by RFC 8422 §5.1.1. For X.509,
secp256k1 is not deprecated, but it isn't used in practice, especially
in the context of TLS where there isn't much point in having an X.509
certificate which most peers do not support. So remove it from the
default profile. We can add it back later if there is demand.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 23:17:52 +02:00
Gilles Peskine
ec78bc47b5 Meld DEFAULT_ALLOW_SHA1_IN_CERTIFICATES removal migration guide 
Meld the migration guide for the removal of
MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES into the migration guide for
the strengthening of TLS and X.509 defaults, which is more general. The
information in the SHA-1 section was largely already present in the
strengthening section. It is now less straightforward to figure out how to
enable SHA-1 in certificates, but that's a good thing, since no one should
still be doing this in 2021.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 21:46:29 +02:00
Gilles Peskine
6b1f64a150 Wording clarifications 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 21:46:29 +02:00
Gilles Peskine
b1940a76ad In TLS, order curves by resource usage, not size 
TLS used to prefer larger curves, under the idea that a larger curve has a
higher security strength and is therefore harder to attack. However, brute
force attacks are not a practical concern, so this was not particularly
meaningful. If a curve is considered secure enough to be allowed, then we
might as well use it.

So order curves by resource usage. The exact definition of what this means
is purposefully left open. It may include criteria such as performance and
memory usage. Risk of side channels could be a factor as well, although it
didn't affect the current choice.

The current list happens to exactly correspond to the numbers reported by
one run of the benchmark program for "full handshake/s" on my machine.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 21:46:29 +02:00
Gilles Peskine
3758fd6b79 Changelog entry and migration guide for hash and curve profile upgrades 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 21:46:14 +02:00
Thomas Daubney
50afb4378f Adds Migration guide 
Commit adds a migraiton guide entry that was
missing.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-06-17 09:23:41 +01:00
Manuel Pégourié-Gonnard
8707259318 Improve ChangeLog and migration guide entries 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-17 09:41:00 +02:00
Manuel Pégourié-Gonnard
e6e51aab55 Add ChangeLog and migration guide entries 
Merge part of the RSA entries into this one, as I think it's easier for
users to have all similar changes in one place regardless of whether
they were introduce in the same PR or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-17 09:38:38 +02:00
Mateusz Starzyk
bd513bb53d Enable multiple calls to mbedtls_gcm_update_ad. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-06-16 14:34:09 +02:00
TRodziewicz
15a7b73708 Documentation rewording 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-16 11:22:53 +02:00
TRodziewicz
8f91c721d3 Code review follow-up corrections 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-16 10:34:45 +02:00
TRodziewicz
7ff652ae53 Addition of ChangeLog and migration guide entry files. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-16 10:34:39 +02:00
Gilles Peskine
17575dcb03
Merge pull request #4629 from TRodziewicz/rename_functions_whose_deprecated_variants_have_been_removd 
Rename the _ret() functions
 2021-06-15 20:32:07 +02:00
TRodziewicz
9c90226df1 Addition of the migration guide and change log files 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-15 15:49:20 +02:00
Manuel Pégourié-Gonnard
8cad2e22fc
Merge pull request #4595 from gilles-peskine-arm/alt-dummy-headers-3.0 
Lighten and test constraints on context types in alternative implementations
 2021-06-15 12:12:46 +02:00
TRodziewicz
28a4a963fc Corrections to the docs wording and changes to aux scripts 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-15 00:18:32 +02:00
Gilles Peskine
cadd3d860e Give examples of PLATFORM_XXX_ALT 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:14:28 +02:00