Commit graph

1091 commits

Author SHA1 Message Date
Tom Cosgrove
6d62faca8e Only include psa_pake_setup() and friends if some PAKE algorithms are required
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-05-12 12:36:24 +01:00
Gilles Peskine
97edeb4fb8
Merge pull request #6866 from mprse/extract-key-ids
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
2023-05-08 20:38:29 +02:00
Jethro Beekman
0167244be4 Read and write X25519 and X448 private keys
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
Co-authored-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
Signed-off-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
2023-05-04 13:01:47 +02:00
Gilles Peskine
d3ca5e5897
Merge pull request #7328 from mprse/ec-jpake-fix1
Fix the JPAKE driver interface for user+peer
2023-05-02 20:42:25 +02:00
Gilles Peskine
53a9ac576d
Merge pull request #7443 from mprse/psa_init_in_programs
Init PSA in ssl and x509 programs
2023-04-28 12:49:11 +02:00
JonathanWitthoeft
2a878a85a6
Adjust ChangeLog
Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
2023-04-26 19:00:46 -05:00
JonathanWitthoeft
9b265180cc
Make mbedtls_ecdsa_can_do definition unconditional
Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
2023-04-26 16:09:28 -05:00
Przemek Stekiel
6cec5e9d9e Add changelog entry (PSA initialization in sample programs)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-24 08:03:30 +02:00
Gilles Peskine
935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip
x509 SAN IP parsing
2023-04-21 22:00:58 +02:00
Ronald Cron
f54762e498
Merge pull request #7415 from Harshal5/fix/declaration_of_mbedtls_ecdsa_sign_det_restartable_function
ecdsa: fix `-missing-prototypes` warning when `MBEDTLS_ECDSA_SIGN_ALT` is defined
2023-04-17 15:41:25 +02:00
harshal.patil
8c77644906 ecdsa: fix -missing-prototypes warning when MBEDTLS_ECDSA_SIGN_ALT is defined
- In `mbedtls/v3.4.0`, ECDSA restartable sign and verify functions (`ecdsa.c`) were made public.
- But the `mbedtls_ecdsa_sign_det_restartable` function prototype was declared in the file `ecdsa.h`,
  only when `MBEDTLS_ECDSA_SIGN_ALT` is not defined.

Signed-off-by: harshal.patil <harshal.patil@espressif.com>
2023-04-17 12:53:00 +05:30
Eugene K
3208b0b391 add IP SAN tests changes per mbedTLS standards
Signed-off-by: Eugene K <eugene.kobyakov@netfoundry.io>
2023-04-11 08:29:42 -04:00
Gilles Peskine
7c1c7ce90e
Merge pull request #7401 from AndrzejKurek/md-guards-missing
Add missing md.h includes
2023-04-11 09:32:17 +02:00
Ronald Cron
4d31496294 Update TLS 1.3 documentation and add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Andrzej Kurek
468a99ed0b Add a changelog entry
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-06 03:04:15 -04:00
toth92g
d96027acd2 Correcting documentation issues:
- Changelog entry is Feature instead of API Change
- Correcting whitespaces around braces
- Also adding defensive mechanism to x509_get_subject_key_id
  to avoid malfunction in case of trailing garbage

Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
toth92g
27f9e7815c Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates

Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
Manuel Pégourié-Gonnard
86d5d4bf31
Merge pull request #7103 from valeriosetti/issue6622
Some MAX_SIZE macros are too small when PSA ECC is accelerated
2023-04-03 16:23:27 +02:00
Valerio Setti
3a3a756431 adding missing newline at the end of changelog file
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-03 10:55:29 +02:00
Valerio Setti
0a7ff791a6 add Changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-03 09:18:41 +02:00
Dave Rodgman
b8f5ba826b
Merge pull request #6891 from yuhaoth/pr/add-milliseconds-platform-function
Add milliseconds platform time function
2023-03-31 11:47:37 +01:00
Andrzej Kurek
9fa1d25aeb Add changelog entry for directoryname SAN
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:38:47 -04:00
Paul Elliott
d01a3bca05 Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback
Mbed TLS 3.4.0
2023-03-27 18:09:49 +01:00
Manuel Pégourié-Gonnard
a71594538f Add a ChangeLog entry for driver-only hashes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
Przemek Stekiel
ebfeb172ee Add change log entry (j-pake user/peer accept any values)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 13:37:18 +01:00
Paul Elliott
dbe435cda0 Assemble Changelog for 3.4.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-23 10:46:10 +00:00
Tom Cosgrove
4903139bc4 Add security entry to ChangeLog for AES-NI
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-22 17:43:40 +00:00
Tom Cosgrove
a9c58584be Add security entry to ChangeLog for AES-CE
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-22 17:42:17 +00:00
Paul Elliott
e214827347 Add TLS1.2 Opaque ECJPAKE changelog entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-22 15:03:32 +00:00
Valerio Setti
89029e7366 changelog: fix description for ECDH changes
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
8427b56d71 added changelog for accelerated ECDH changes
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Paul Elliott
1b5957165a Add Changelog for PSA to Mbed TLS error translation unification
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-21 16:38:31 +00:00
Tom Cosgrove
c4d759b697 Update AESCE changelog entry
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-21 16:31:18 +00:00
Tom Cosgrove
dcc0ee1a1e Update changelog entry, splitting into two sections
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-21 15:52:20 +00:00
Jerry Yu
8d3fa9bd7b Add changelog entry for #6932 and #7203
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-21 15:52:08 +00:00
Paul Elliott
3201f56952 Rename misnamed changelog entries
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-21 15:46:33 +00:00
Paul Elliott
f1eb5e2a04 Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-21 15:35:17 +00:00
Dave Rodgman
3543806026
Merge pull request #7190 from yanrayw/6197_rsa_get_padding_hashID
RSA: provide interface to retrieve padding mode and hash_id
2023-03-20 18:34:53 +00:00
Dave Rodgman
d3b6e92967
Merge pull request #997 from gilles-peskine-arm/aesni-intrinsics
Implement AESNI with intrinsics
2023-03-20 18:20:51 +00:00
Manuel Pégourié-Gonnard
e9a60224fd Add ChangeLog entry for driver-only EC J-PAKE
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-20 10:03:55 +01:00
Yanray Wang
b46ccf235c fix line length of ChangeLog
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-20 12:41:10 +08:00
Dave Rodgman
f992e6fe38 Changelog for AESCE support
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-17 17:52:38 +00:00
Dave Rodgman
8a7ed6951d Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 18:58:11 +08:00
Paul Elliott
9f02a4177b
Merge pull request #7009 from mprse/csr_write_san
Added ability to include the SubjectAltName extension to a CSR - v.2
2023-03-17 10:07:27 +00:00
Gilles Peskine
74b4223c81 Announce the expanded AESNI support
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 17:50:15 +01:00
Dave Rodgman
680dbd46ae
Merge pull request #7270 from DemiMarie/oid-fix
Fix segfault in mbedtls_oid_get_numeric_string
2023-03-16 12:21:36 +00:00
Demi Marie Obenour
889534a4d2 Fix segfault in mbedtls_oid_get_numeric_string
When passed an empty OID, mbedtls_oid_get_numeric_string would read one
byte from the zero-sized buffer and return an error code that depends on
its value.  This is demonstrated by the test suite changes, which
check that an OID with length zero and an invalid buffer pointer does
not cause Mbed TLS to segfault.

Also check that second and subsequent subidentifiers are terminated, and
add a test case for that.  Furthermore, stop relying on integer division
by 40, use the same loop for both the first and subsequent
subidentifiers, and add additional tests.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-03-16 01:06:41 -04:00
Gilles Peskine
2a44ac245f
Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api
ssl_cache: Add cache entry removal api
2023-03-15 15:38:06 +01:00
Janos Follath
0086f8626a Add changelog entry
PR7083 silently fixed a security vulnerability in public, this commit
adds a changelog entry for it.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-15 13:31:48 +00:00
Dave Rodgman
a94c90d30d
Merge pull request #7282 from gilles-peskine-arm/changelog-6567-psa_key_derivation_abort-no-other_secret
Add changelog entry for a bug in non-PAKE code fixed during PAKE work
2023-03-15 09:27:33 +00:00