Manuel Pégourié-Gonnard
0950359220
Improve "abstraction layers" section
...
- fix inaccuracy about PSA hash implementation
- add note about context-less operations
- provide summary
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
a6c601c079
Explain compile-time incompatibilities
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
7497991356
Expand discussion of goals
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
e459be2ed1
Complete discussion of RSASSA-PSS
...
Update to latest draft of PSA Crypto 1.1.0: back to strict verification
by default, but ANY_SALT introduced.
Commands used to observe default values of saltlen:
openssl genpkey -algorithm rsa-pss -out o.key
openssl req -x509 -new -key o.key -subj "/CN=CA" -sha256 -out o.crt
certtool --generate-privkey --key-type rsa-pss --outfile g.key
certtool --generate-self-signed --load-privkey g.key --outfile g.crt
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
f5ee4b3da4
Add data about RSA-PSS test files
...
Data gathered with:
for c in server9*.crt; do echo $c; openssl x509 -noout -text -in $c |
grep '^ Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
for c in crl-rsa-pss-*; do echo $c; openssl crl -noout -text -in $c |
grep '^ Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
for c in server9.req.*; do echo $c; openssl req -noout -text -in $c |
grep '^ Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
Unfortunately there is no record of how these files have been generated.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
b902164cf0
Add temporary list of tasks for G1 and G2
...
Work in progress, some tasks have very explicit definitions and details
on how to execute, others much less so; some may need splitting.
These documents are temporary anyway, to give a rough idea of the work
remaining to reach those goals (both of which we started, but only for
some use case so far). Ultimately the result will be actionable and
estimated tasks on github.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
d9edd56bf8
Document PSA limitations that could be problems
...
(WIP: the study of RSA-PSS is incomplete.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
b89fd95146
Document the general strategy for PSA migration
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
1b52d09494
Document test strategy for USE_PSA_CRYPTO
...
Note: removed `mbedtls_x509write_crt_set_subject_key()` from the list of
things that should be tested, as it's taking public key rather than a
keypair.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
0d0a104b2d
Add study for TLS/X.509 dependencies on crypto
...
This is an updated version of the study that was done a few years ago.
The script `syms` was used to list symbols form libmbedtls.a /
libmbedx509.a that are defined externally. It was run with config.py
full minus MBEDTLS_USE_PSA_CRYPTO minus
MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:13:00 +01:00
Archana
21b20c72d3
Add Changelog and update documentation
...
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-19 10:35:15 +05:30
Archana
c08248d650
Rename the template file from .conf to .jinja
...
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-19 10:35:15 +05:30
Archana
a8939b6da3
Restructure scripts' folder alignment
...
Moved python script generate_driver_wrappers.py under scripts and
corresponding template file under script/data_files.
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 12:57:15 +05:30
Archana
1f1a34a226
Rev 1.0 of Driver Wrappers code gen
...
The psa_crypto_driver_wrappers.c is merely rendered with no real
templating in version 1.0.
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 12:22:06 +05:30
Ronald Cron
b1822efe22
docs: TLS 1.3: Improve wording
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 14:28:13 +01:00
Ronald Cron
7aa6fc1992
docs: TLS 1.3: Update prototype upstreaming status
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:22:21 +01:00
Ronald Cron
653d5bc781
docs: TLS 1.3: Swap prototype upstreaming status and MVP definition
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:22:21 +01:00
Ronald Cron
43ffc9d659
docs: TLS 1.3: Update TLS 1.3 documentation file name
...
Update TLS 1.3 documentation file name and its
overview section.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:22:21 +01:00
Ronald Cron
0abf07ca2c
Make PSA crypto mandatory for TLS 1.3
...
As we want to move to PSA for cryptographic operations
let's mandate PSA crypto from the start.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:22:21 +01:00
Dave Rodgman
d7c091060f
Merge pull request #5242 from paul-elliott-arm/explain_TLS13_decision
...
TLS1.3: Edit docs to explain not changing curve order.
2021-12-07 11:01:04 +00:00
Paul Elliott
cce0f5a085
Fix typo
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-03 16:13:30 +00:00
Paul Elliott
c0d335bc1e
Second draft of explanation
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-02 16:38:05 +00:00
Paul Elliott
fe08944246
Fix spelling error
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 10:55:53 +00:00
Paul Elliott
89c8e098ee
Convert tabs to spaces
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 10:54:52 +00:00
Paul Elliott
66491c7d08
Edit docs to explain not changing curve order
...
TLS1.3 MVP would benefit from a different curve group preference order
in order to not cause a HelloRetryRequest (which are not yet handled),
however changing the curve group preference order would affect both
TLS1.2 and TLS1.3, which is undesirable for something rare that can
be worked around.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-29 10:39:44 +00:00
Xiaofei Bai
746f9481ea
Fix 1_3/13 usages in macros and function names
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:08:36 +00:00
Andrzej Kurek
e3ed82473a
Fix duplicate variable name in getting_started.md
...
Rename the key id variables to not clash with the raw key data.
This was introduced in cf56a0a3
.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-11-19 13:40:20 +01:00
Manuel Pégourié-Gonnard
9a7cf9a196
Merge pull request #5045 from gilles-peskine-arm/rm-PSACryptoDriverModelSpec-development
...
Remove the old driver model specification draft
2021-10-29 09:36:15 +02:00
Dave Rodgman
c8aaac89d0
Fix naming examples in TLS 1.3 style guide
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-10-18 13:00:51 +01:00
Gilles Peskine
4086159910
Remove obsolete specification draft
...
See https://armmbed.github.io/mbed-crypto/psa/#hardware-abstraction-layer
instead.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-07 19:14:01 +02:00
Manuel Pégourié-Gonnard
0729885c2b
Merge pull request #4963 from ronald-cron-arm/tls13-mvp
...
Define TLS 1.3 MVP and document coding rules
2021-09-29 10:32:49 +02:00
Ronald Cron
7fc96c1a57
Fix test description
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-28 16:29:04 +02:00
Ronald Cron
fb877215b5
Fix supported signature documentation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-28 16:29:04 +02:00
Ronald Cron
8ee9ed6785
Fix and improve the documentation of supported groups
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-28 16:28:58 +02:00
Ronald Cron
f164b6a7ff
Add an overview section
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:48:09 +02:00
Ronald Cron
847c3580b8
Expend coding rules
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:48:09 +02:00
Ronald Cron
3e7c4036b4
Miscellaneous improvements
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:48:09 +02:00
Ronald Cron
fecda8ddb4
Improve the description of common macros usage
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:48:02 +02:00
Ronald Cron
99733f0511
Amend vector variables
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:39:37 +02:00
Ronald Cron
b194466e99
Amend TLS 1.3 prefix
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:39:37 +02:00
Ronald Cron
72064b30cf
Fix usage of backticks
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:39:37 +02:00
Ronald Cron
660c723b09
Add paragraph about expected quality
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:39:37 +02:00
Ronald Cron
7a7032a4ba
Remove out of MVP scope items
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:39:37 +02:00
Ronald Cron
c3b510f096
Amend supported groups and signatures based on spec 9.1 section
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:39:37 +02:00
Ronald Cron
3160d70049
Add comments about key_share and supported_versions support
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 15:39:29 +02:00
Ronald Cron
85e51083d8
Add support for server_name extension
...
Section 9.2 of the specification defines server_name
extension as mandatory if not specified otherwise by
an application profile. Thus add its support to the
MVP scope.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 13:42:39 +02:00
Ronald Cron
004df8ad5f
Improve comment about handshake failure with HRR and CertificateRequest
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 13:42:39 +02:00
Ronald Cron
1fa5088c0b
Improve comment about PSK TLS 1.3 configuration options
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 13:42:27 +02:00
Ronald Cron
023987feef
Use GitHub table format
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 12:05:28 +02:00
Ronald Cron
def52c36e5
Remove obscure comment about TLS 1.3 renegotiation config option
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 12:03:55 +02:00
Manuel Pégourié-Gonnard
13841cb719
Mention areas that are not (well) tested.
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-24 11:43:14 +02:00
Manuel Pégourié-Gonnard
9155b0e396
Clarify that 1.3 is excluded
...
Don't mention "TLS 1.2 only" for PSK, as that could give the impression
that the other things about TLS are supported beyond 1.2, which isn't
the case currently.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-24 10:17:07 +02:00
Manuel Pégourié-Gonnard
ca9101739a
Improve wording and fix some typos.
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-24 10:14:32 +02:00
Manuel Pégourié-Gonnard
d3ac4a9a8a
Clarify wording of "not covered" section
...
The section is about things that are not covered, but some lists are
about things that are covered, which was very confusing.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-24 10:06:04 +02:00
Manuel Pégourié-Gonnard
1e07869381
Fix inaccuracy in key exchange summary
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-22 10:11:53 +02:00
Ronald Cron
3785c907c7
Define TLS 1.3 MVP and document coding rules
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-21 16:16:56 +02:00
Manuel Pégourié-Gonnard
73a0e1da0d
Document parts not covered by USE_PSA_CRYPTO
...
Also, remove the section about design considerations for now. It's
probably more suitable for a developer-oriented document that would also
include considerations about possible paths for the future, which would
better be separated from user documentation (separating the certain that
is now, from the uncertain that might or might not be later).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-21 13:55:00 +02:00
Manuel Pégourié-Gonnard
1b08c5f042
Document current effects of USE_PSA_CRYPTO
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-21 12:59:26 +02:00
Manuel Pégourié-Gonnard
13b0bebf7d
Add docs/use-psa-crypto.md
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-21 12:59:25 +02:00
Gilles Peskine
8ec3c8f015
Do not require test data to be in the repository
...
What matters is that we validate that test data is not removed. Keeping the
test data is the most obvious way, but not the only way.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-15 16:22:14 +02:00
Gilles Peskine
b91f81a55b
Discuss lifetimes, in particular persistence levels
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-15 16:22:14 +02:00
Gilles Peskine
77f8e5cb59
Add considerations on key material representations
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-15 16:22:14 +02:00
Gilles Peskine
d131e400f0
Clarification: forward and backward compatibility
...
The import-and-save and load-and-check parts of the tests don't have to be
actually the same test cases.
Introduce the terms “forward compatibility” and “backward compatibility” and
relate them to import-and-save and load-and-check actions.
These are clarifications of intent that do not represent an intended change
in the strategy or intended coverage.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-15 16:22:14 +02:00
Gilles Peskine
f31c6c111e
Typo
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-15 16:22:14 +02:00
Dave Rodgman
8e5020dead
Remove obsolete reference to _ret in migration guide
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-07-02 12:16:03 +01:00
Dave Rodgman
7b743193b0
Move subsection
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 20:10:10 +01:00
Dave Rodgman
9637bd30a3
Move subsections
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 20:07:57 +01:00
Dave Rodgman
b0e6bb54f9
Move subsection
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 20:03:55 +01:00
Dave Rodgman
26c12eb523
Remove C from code block
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:58:00 +01:00
Dave Rodgman
10963278e7
Mark all code blocks as C
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
a014831732
Add missing backticks
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
7d2ac88f93
Correct hyperlink
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
2482650483
Correct hyperlink
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
2b03457ca5
Improve wording
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
b4d15b1556
Move subsection
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
8128b69ffe
Move subsection
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
715966862d
Move subsection
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
507827e75a
Move subsection
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
68547187f6
Move subsections
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
897a95f46c
Move subsection
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
3f66943bdd
Move subsection
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
2d05e0f440
Move subsection
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
aa1fba2fed
Move subsection
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
7018053460
Reorder subsections
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
28701c63cb
Fix grammatical error
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
ce53b3afd6
Remove reference to removed item
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:13:24 +01:00
Dave Rodgman
9d3417845c
Add backticks where needed
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 19:12:32 +01:00
Dave Rodgman
2e1e623d33
Correct hyperlink syntax
...
Co-authored-by: Tomasz Rodziewicz <40165497+TRodziewicz@users.noreply.github.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 17:58:10 +01:00
Dave Rodgman
6753a775b8
Fix grammatical error
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 17:15:28 +01:00
Dave Rodgman
26ad6c7ea7
Fix typo
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 17:14:01 +01:00
Dave Rodgman
8d91ceb19d
Remove empty 3.0-migration-guide.d
...
This is now captured in 3.0-migration-guide.md
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 16:56:59 +01:00
Dave Rodgman
92170cc3e1
Add general cross-reference for low/high-level crypto
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 14:53:23 +01:00
Dave Rodgman
c936bbb15a
Make blank lines before sections consistent
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 14:53:23 +01:00
Dave Rodgman
b1c6b4a7a5
Add cross-reference
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 14:53:16 +01:00
Dave Rodgman
a3758208ae
Move sub-sections to more appropriate places
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 14:17:03 +01:00
Dave Rodgman
4ea5643046
Change some section names
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 14:16:22 +01:00
Dave Rodgman
d462ca1f72
Fix typos
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 11:26:08 +01:00
Dave Rodgman
a54c16805e
Improve wording relating to removal of MBEDTLS_ERR_SSL_BAD_HS_XXX
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 11:11:07 +01:00
Dave Rodgman
a5a3cce49b
Add link between sections
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 11:06:58 +01:00
Gilles Peskine
a481052407
Add migration guide and changelog entry for MBEDTLS_PRIVATE
...
We forgot those in #4511 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-30 11:06:40 +01:00
Dave Rodgman
e4ec84631b
Fix typos
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:52:40 +01:00
Dave Rodgman
b491b2b051
Add SSL error code updates from #4724
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:49:30 +01:00
Dave Rodgman
7078973b7b
Improve wording
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
4a5d3c08c6
Fix typo
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
30dc603958
Reorder sections
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
d8a1017abf
add section headings
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
36bb5ff6e3
minor updates
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
d267ec361d
Add formatting codes to level 3 headings
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
a0e8db09ac
Change headings to level 3 to enable use of sections
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
949c21b336
Minor updates to migration guide
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
1cb2331495
Remove line that got into the wrong place
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
7b0c4dea59
Fix missing part of sentence
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
759c0109f2
Fix errors in migration guide
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
1aea40427f
Add a very short summary
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
e45e6401af
Re-order to put some more significant items at the top
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:34:02 +01:00
Dave Rodgman
8cccbe11df
Update the migration guide
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 09:33:59 +01:00
Dave Rodgman
dc1a3b2d70
Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0
...
Cleanup SSL error code space
2021-06-30 09:02:55 +01:00
Ronald Cron
8682faeb09
Merge pull request #4694 from gilles-peskine-arm/out_size-3.0
...
Add output size parameter to signature functions
2021-06-29 09:43:17 +02:00
Bence Szépkúti
9cd7065307
No other headers are included by mbedtls_config.h
...
These have been moved to build_info.h. Update the documentation to
reflect this.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 14:29:42 +01:00
Hanno Becker
2fc9a652bc
Address review feedback
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
2e3ecda684
Adust migration guide for SSL error codes
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Bence Szépkúti
dbf5d2b1a7
Improve the instructions in the migration guide
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 10:37:41 +01:00
Bence Szépkúti
1b2a8836c4
Correct documentation references to Mbed TLS
...
Use the correct formatting of the product name in the documentation.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 10:37:19 +01:00
Bence Szépkúti
60c863411c
Remove references to MBEDTLS_USER_CONFIG_VERSION
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
36da4ccc51
Update changelog and migration guide
...
This reflect changes to the config version symbols.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
8d9132f43c
Fix typo
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
90b79ab342
Add migration guide and changelog
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
dba968f59b
Realign Markdown table
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:47 +01:00
Bence Szépkúti
bb0cfeb2d4
Rename config.h to mbedtls_config.h
...
This commit was generated using the following script:
# ========================
#!/bin/sh
git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i '
s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g
s/config\.h/mbedtls_config.h/g
y/\n/./
'
mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h
# ========================
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:33 +01:00
Gilles Peskine
f00f152444
Add output size parameter to signature functions
...
The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable()
now take an extra parameter indicating the size of the output buffer for the
signature.
No change to RSA because for RSA, the output size is trivial to calculate.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-25 00:46:22 +02:00
Gilles Peskine
fedd52ca19
Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation
...
Require matching hashlen in RSA functions: implementation
2021-06-24 10:28:20 +02:00
Gilles Peskine
f06b92d724
Merge pull request #4567 from mstarzyk-mobica/gcm_ad
...
Enable multiple calls to mbedtls_gcm_update_ad
2021-06-23 19:36:23 +02:00
Gilles Peskine
e9bc857327
Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export
...
Implement modified key export API for Mbed TLS 3.0
2021-06-22 18:52:37 +02:00
Gilles Peskine
9dbbc297a3
PK signature function: require exact hash length
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 18:39:41 +02:00
Dave Rodgman
5ec5003992
Document the return type change in the migration guide
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-22 13:49:09 +01:00
Manuel Pégourié-Gonnard
e7885e5441
RSA: Require hashlen to match md_alg when applicable
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-22 12:29:27 +02:00
Manuel Pégourié-Gonnard
3e7ddb2bb6
Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0
...
Update the default hash and curve selection for X.509 and TLS
2021-06-22 12:08:37 +02:00
Manuel Pégourié-Gonnard
508d3a5824
Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext
...
Remove truncated HMAC extension
2021-06-22 11:53:10 +02:00
Manuel Pégourié-Gonnard
a805d57261
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA
...
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-22 09:27:41 +02:00
TRodziewicz
f41dc7cb35
Removal of RC4 certs and fixes to docs and tests
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-21 13:27:29 +02:00
Hanno Becker
7e6c178b6d
Make key export callback and context connection-specific
...
Fixes #2188
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Hanno Becker
d5c9cc7c90
Add migration guide for modified key export API
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard
9a32d45819
Merge pull request #4517 from hanno-arm/ticket_api_3_0
...
Implement 3.0-API for SSL session resumption
2021-06-18 18:34:45 +02:00
Manuel Pégourié-Gonnard
ae35830295
Merge pull request #4661 from mpg/make-blinding-mandatory
...
Make blinding mandatory
2021-06-18 18:32:13 +02:00
Dave Rodgman
8c8166a7f1
Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test
...
Move part of timing module out of the library
2021-06-18 16:35:58 +01:00
Thomas Daubney
ac84469dd1
Modifies Migration Guide entry
...
Commit makes corrections to Migration Guide
entry for this task.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-18 14:08:56 +01:00
Thomas Daubney
379227cc59
Modifies ChangeLog and Migration Guide
...
Entries in ChangeLog and Migration guide files
have been merged to cover both the removal of
MBEDTLS_SSL_TRUNCATED_HMAC and
MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-18 10:46:12 +01:00
Gilles Peskine
39957503c5
Remove secp256k1 from the default X.509 and TLS profiles
...
For TLS, secp256k1 is deprecated by RFC 8422 §5.1.1. For X.509,
secp256k1 is not deprecated, but it isn't used in practice, especially
in the context of TLS where there isn't much point in having an X.509
certificate which most peers do not support. So remove it from the
default profile. We can add it back later if there is demand.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 23:17:52 +02:00
Gilles Peskine
ec78bc47b5
Meld DEFAULT_ALLOW_SHA1_IN_CERTIFICATES removal migration guide
...
Meld the migration guide for the removal of
MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES into the migration guide for
the strengthening of TLS and X.509 defaults, which is more general. The
information in the SHA-1 section was largely already present in the
strengthening section. It is now less straightforward to figure out how to
enable SHA-1 in certificates, but that's a good thing, since no one should
still be doing this in 2021.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:29 +02:00
Gilles Peskine
6b1f64a150
Wording clarifications
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:29 +02:00