yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
16370 commits 1 branch 0 tags 94 MiB
Commit graph

104 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
3e7ddb2bb6
Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0 
Update the default hash and curve selection for X.509 and TLS
 2021-06-22 12:08:37 +02:00
Manuel Pégourié-Gonnard
a805d57261
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA 
Remove MD2, MD4, RC4, Blowfish and XTEA
 2021-06-22 09:27:41 +02:00
TRodziewicz
f41dc7cb35 Removal of RC4 certs and fixes to docs and tests 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-21 13:27:29 +02:00
Manuel Pégourié-Gonnard
9a32d45819
Merge pull request #4517 from hanno-arm/ticket_api_3_0 
Implement 3.0-API for SSL session resumption
 2021-06-18 18:34:45 +02:00
Manuel Pégourié-Gonnard
ae35830295
Merge pull request #4661 from mpg/make-blinding-mandatory 
Make blinding mandatory
 2021-06-18 18:32:13 +02:00
Dave Rodgman
8c8166a7f1
Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test 
Move part of timing module out of the library
 2021-06-18 16:35:58 +01:00
Gilles Peskine
39957503c5 Remove secp256k1 from the default X.509 and TLS profiles 
For TLS, secp256k1 is deprecated by RFC 8422 §5.1.1. For X.509,
secp256k1 is not deprecated, but it isn't used in practice, especially
in the context of TLS where there isn't much point in having an X.509
certificate which most peers do not support. So remove it from the
default profile. We can add it back later if there is demand.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 23:17:52 +02:00
Gilles Peskine
ec78bc47b5 Meld DEFAULT_ALLOW_SHA1_IN_CERTIFICATES removal migration guide 
Meld the migration guide for the removal of
MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES into the migration guide for
the strengthening of TLS and X.509 defaults, which is more general. The
information in the SHA-1 section was largely already present in the
strengthening section. It is now less straightforward to figure out how to
enable SHA-1 in certificates, but that's a good thing, since no one should
still be doing this in 2021.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 21:46:29 +02:00
Gilles Peskine
6b1f64a150 Wording clarifications 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 21:46:29 +02:00
Gilles Peskine
b1940a76ad In TLS, order curves by resource usage, not size 
TLS used to prefer larger curves, under the idea that a larger curve has a
higher security strength and is therefore harder to attack. However, brute
force attacks are not a practical concern, so this was not particularly
meaningful. If a curve is considered secure enough to be allowed, then we
might as well use it.

So order curves by resource usage. The exact definition of what this means
is purposefully left open. It may include criteria such as performance and
memory usage. Risk of side channels could be a factor as well, although it
didn't affect the current choice.

The current list happens to exactly correspond to the numbers reported by
one run of the benchmark program for "full handshake/s" on my machine.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 21:46:29 +02:00
Gilles Peskine
3758fd6b79 Changelog entry and migration guide for hash and curve profile upgrades 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 21:46:14 +02:00
Manuel Pégourié-Gonnard
8707259318 Improve ChangeLog and migration guide entries 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-17 09:41:00 +02:00
Manuel Pégourié-Gonnard
e6e51aab55 Add ChangeLog and migration guide entries 
Merge part of the RSA entries into this one, as I think it's easier for
users to have all similar changes in one place regardless of whether
they were introduce in the same PR or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-17 09:38:38 +02:00
TRodziewicz
15a7b73708 Documentation rewording 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-16 11:22:53 +02:00
TRodziewicz
8f91c721d3 Code review follow-up corrections 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-16 10:34:45 +02:00
TRodziewicz
7ff652ae53 Addition of ChangeLog and migration guide entry files. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-16 10:34:39 +02:00
Gilles Peskine
17575dcb03
Merge pull request #4629 from TRodziewicz/rename_functions_whose_deprecated_variants_have_been_removd 
Rename the _ret() functions
 2021-06-15 20:32:07 +02:00
TRodziewicz
9c90226df1 Addition of the migration guide and change log files 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-15 15:49:20 +02:00
TRodziewicz
28a4a963fc Corrections to the docs wording and changes to aux scripts 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-15 00:18:32 +02:00
TRodziewicz
3946f79cab Correction according to code review (function and param. names change 
and docs rewording)

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-14 13:46:21 +02:00
TRodziewicz
8b223b6509 Addition of the migration guide entry file. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-14 11:56:33 +02:00
TRodziewicz
1fcd72e93c change log and migr. guide fixes and _DEPRECATED_REMOVED removed 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-14 11:16:06 +02:00
Gilles Peskine
02b76b7d18
Merge pull request #4619 from TRodziewicz/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options 
Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code
 2021-06-10 17:43:36 +02:00
TRodziewicz
2a5e5a2759 Correction to the migration guide entry wording 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 16:54:20 +02:00
TRodziewicz
0ea2576502 Correction to the migr. guide wording and removal of not needed option 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 13:31:42 +02:00
TRodziewicz
b8367380b1 Addition of the migration guide 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 13:31:42 +02:00
TRodziewicz
1e66642d68 Addition of change log and migration guide files. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 11:25:28 +02:00
Ronald Cron
f8abfa8b1b Improve migration guide 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-09 10:54:14 +02:00
Ronald Cron
6fe1bc3f24 Add change log and migration guide 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:19 +02:00
Manuel Pégourié-Gonnard
16fdab79a5
Merge pull request #4382 from hanno-arm/max_record_payload_api 
Remove MFL query API and add API for maximum plaintext size of incoming records
 2021-06-08 11:07:27 +02:00
Hanno Becker
61f292ea0a Fix migration guide for now-removed deprecated functions 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-08 07:50:55 +01:00
TRodziewicz
0730cd5d9e Merge branch 'development' into Remove__CHECK_PARAMS_option 2021-06-07 15:41:49 +02:00
TRodziewicz
442fdc22ea Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-07 13:52:23 +02:00
Manuel Pégourié-Gonnard
13a9776676 Editorial improvements 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-07 12:00:04 +02:00
Manuel Pégourié-Gonnard
3b5a7c198c Update ChangeLog and migration guide 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-07 11:13:34 +02:00
Manuel Pégourié-Gonnard
84191eab06
Merge pull request #4315 from Kxuan/feat-pre-compute-tls 
Static initialize comb table
 2021-06-03 11:41:54 +02:00
kXuan
782c2b9f36
fix comment, ChangeLog & migration-guide for MBEDTLS_ECP_FIXED_POINT_OPTIM 
Signed-off-by: kXuan <kxuanobj@gmail.com>
 2021-06-03 15:47:40 +08:00
Manuel Pégourié-Gonnard
1b1327cc0d
Merge pull request #4581 from TRodziewicz/remove_supp_for_extensions_in_pre-v3_X.509_certs 
Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option
 2021-06-02 13:48:03 +02:00
Manuel Pégourié-Gonnard
df77624ab5
Merge pull request #4490 from TRodziewicz/Combine__SSL_<CID-TLS1_3>_PADDING_GRANULARITY_options 
Combine _SSL_<CID-TLS1_3>_PADDING_GRANULARITY options
 2021-06-02 13:47:48 +02:00
Manuel Pégourié-Gonnard
1b3b27cbb0
Merge pull request #4587 from TRodziewicz/remove_3DES_ciphersuites 
Remove 3DES ciphersuites
 2021-06-02 11:01:42 +02:00
Ronald Cron
3dafa9bda8
Merge pull request #4555 from ronald-cron-arm/m-ccm-api 
Define CCM multi-part API
 2021-06-02 09:56:43 +02:00
Gilles Peskine
fe3069b7f1
Merge pull request #4585 from mpg/cipher-aead-delayed 
Clarify multi-part AEAD calling sequence in Cipher module
 2021-06-01 12:04:19 +02:00
Manuel Pégourié-Gonnard
c01b87b820 Fix some typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-01 09:40:53 +02:00
Ronald Cron
f668bd18df Add migration guide for developers of CCM alternative implementation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-01 09:07:46 +02:00
kXuan
22fc906d57
Add ChangeLog and migration guide for MBEDTLS_ECP_FIXED_POINT_OPTIM 
Signed-off-by: kXuan <kxuanobj@gmail.com>
 2021-06-01 14:01:59 +08:00
TRodziewicz
231649a020 Changing the migration guide entry wording. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-31 13:12:16 +02:00
TRodziewicz
4e57f4cdfd Adding removed defines to check_config.h and fixing the migration guide entry. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-31 12:58:25 +02:00
Manuel Pégourié-Gonnard
6d84e917bb
Merge pull request #4568 from creiter32/to_upstream/csr_critical_extensions 
Expose flag for critical extensions
 2021-05-31 12:46:59 +02:00
Manuel Pégourié-Gonnard
ee57ebe553 Add ChangeLog and migration guide entries 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-31 12:25:01 +02:00
TRodziewicz
3670e387dc Remove 3DES ciphersuites 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-31 12:11:53 +02:00