Tom Cosgrove
6d62faca8e
Only include psa_pake_setup() and friends if some PAKE algorithms are required
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-05-12 12:36:24 +01:00
Gilles Peskine
97edeb4fb8
Merge pull request #6866 from mprse/extract-key-ids
...
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
2023-05-08 20:38:29 +02:00
Jethro Beekman
0167244be4
Read and write X25519 and X448 private keys
...
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
Co-authored-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
Signed-off-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
2023-05-04 13:01:47 +02:00
Gilles Peskine
d3ca5e5897
Merge pull request #7328 from mprse/ec-jpake-fix1
...
Fix the JPAKE driver interface for user+peer
2023-05-02 20:42:25 +02:00
Gilles Peskine
53a9ac576d
Merge pull request #7443 from mprse/psa_init_in_programs
...
Init PSA in ssl and x509 programs
2023-04-28 12:49:11 +02:00
JonathanWitthoeft
2a878a85a6
Adjust ChangeLog
...
Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
2023-04-26 19:00:46 -05:00
JonathanWitthoeft
9b265180cc
Make mbedtls_ecdsa_can_do definition unconditional
...
Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
2023-04-26 16:09:28 -05:00
Przemek Stekiel
6cec5e9d9e
Add changelog entry (PSA initialization in sample programs)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-24 08:03:30 +02:00
Gilles Peskine
935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip
...
x509 SAN IP parsing
2023-04-21 22:00:58 +02:00
Ronald Cron
f54762e498
Merge pull request #7415 from Harshal5/fix/declaration_of_mbedtls_ecdsa_sign_det_restartable_function
...
ecdsa: fix `-missing-prototypes` warning when `MBEDTLS_ECDSA_SIGN_ALT` is defined
2023-04-17 15:41:25 +02:00
harshal.patil
8c77644906
ecdsa: fix -missing-prototypes
warning when MBEDTLS_ECDSA_SIGN_ALT
is defined
...
- In `mbedtls/v3.4.0`, ECDSA restartable sign and verify functions (`ecdsa.c`) were made public.
- But the `mbedtls_ecdsa_sign_det_restartable` function prototype was declared in the file `ecdsa.h`,
only when `MBEDTLS_ECDSA_SIGN_ALT` is not defined.
Signed-off-by: harshal.patil <harshal.patil@espressif.com>
2023-04-17 12:53:00 +05:30
Eugene K
3208b0b391
add IP SAN tests changes per mbedTLS standards
...
Signed-off-by: Eugene K <eugene.kobyakov@netfoundry.io>
2023-04-11 08:29:42 -04:00
Gilles Peskine
7c1c7ce90e
Merge pull request #7401 from AndrzejKurek/md-guards-missing
...
Add missing md.h includes
2023-04-11 09:32:17 +02:00
Ronald Cron
4d31496294
Update TLS 1.3 documentation and add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Andrzej Kurek
468a99ed0b
Add a changelog entry
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-06 03:04:15 -04:00
toth92g
d96027acd2
Correcting documentation issues:
...
- Changelog entry is Feature instead of API Change
- Correcting whitespaces around braces
- Also adding defensive mechanism to x509_get_subject_key_id
to avoid malfunction in case of trailing garbage
Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
toth92g
27f9e7815c
Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields
...
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates
Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
Manuel Pégourié-Gonnard
86d5d4bf31
Merge pull request #7103 from valeriosetti/issue6622
...
Some MAX_SIZE macros are too small when PSA ECC is accelerated
2023-04-03 16:23:27 +02:00
Valerio Setti
3a3a756431
adding missing newline at the end of changelog file
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-03 10:55:29 +02:00
Valerio Setti
0a7ff791a6
add Changelog
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-03 09:18:41 +02:00
Dave Rodgman
b8f5ba826b
Merge pull request #6891 from yuhaoth/pr/add-milliseconds-platform-function
...
Add milliseconds platform time function
2023-03-31 11:47:37 +01:00
Andrzej Kurek
9fa1d25aeb
Add changelog entry for directoryname SAN
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:38:47 -04:00
Paul Elliott
d01a3bca05
Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback
...
Mbed TLS 3.4.0
2023-03-27 18:09:49 +01:00
Manuel Pégourié-Gonnard
a71594538f
Add a ChangeLog entry for driver-only hashes
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
Przemek Stekiel
ebfeb172ee
Add change log entry (j-pake user/peer accept any values)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 13:37:18 +01:00
Paul Elliott
dbe435cda0
Assemble Changelog for 3.4.0 release
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-23 10:46:10 +00:00
Tom Cosgrove
4903139bc4
Add security entry to ChangeLog for AES-NI
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-22 17:43:40 +00:00
Tom Cosgrove
a9c58584be
Add security entry to ChangeLog for AES-CE
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-22 17:42:17 +00:00
Paul Elliott
e214827347
Add TLS1.2 Opaque ECJPAKE changelog entry
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-22 15:03:32 +00:00
Valerio Setti
89029e7366
changelog: fix description for ECDH changes
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
8427b56d71
added changelog for accelerated ECDH changes
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Paul Elliott
1b5957165a
Add Changelog for PSA to Mbed TLS error translation unification
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-21 16:38:31 +00:00
Tom Cosgrove
c4d759b697
Update AESCE changelog entry
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-21 16:31:18 +00:00
Tom Cosgrove
dcc0ee1a1e
Update changelog entry, splitting into two sections
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-21 15:52:20 +00:00
Jerry Yu
8d3fa9bd7b
Add changelog entry for #6932 and #7203
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-21 15:52:08 +00:00
Paul Elliott
3201f56952
Rename misnamed changelog entries
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-21 15:46:33 +00:00
Paul Elliott
f1eb5e2a04
Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-21 15:35:17 +00:00
Dave Rodgman
3543806026
Merge pull request #7190 from yanrayw/6197_rsa_get_padding_hashID
...
RSA: provide interface to retrieve padding mode and hash_id
2023-03-20 18:34:53 +00:00
Dave Rodgman
d3b6e92967
Merge pull request #997 from gilles-peskine-arm/aesni-intrinsics
...
Implement AESNI with intrinsics
2023-03-20 18:20:51 +00:00
Manuel Pégourié-Gonnard
e9a60224fd
Add ChangeLog entry for driver-only EC J-PAKE
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-20 10:03:55 +01:00
Yanray Wang
b46ccf235c
fix line length of ChangeLog
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-20 12:41:10 +08:00
Dave Rodgman
f992e6fe38
Changelog for AESCE support
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-17 17:52:38 +00:00
Dave Rodgman
8a7ed6951d
Changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 18:58:11 +08:00
Paul Elliott
9f02a4177b
Merge pull request #7009 from mprse/csr_write_san
...
Added ability to include the SubjectAltName extension to a CSR - v.2
2023-03-17 10:07:27 +00:00
Gilles Peskine
74b4223c81
Announce the expanded AESNI support
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 17:50:15 +01:00
Dave Rodgman
680dbd46ae
Merge pull request #7270 from DemiMarie/oid-fix
...
Fix segfault in mbedtls_oid_get_numeric_string
2023-03-16 12:21:36 +00:00
Demi Marie Obenour
889534a4d2
Fix segfault in mbedtls_oid_get_numeric_string
...
When passed an empty OID, mbedtls_oid_get_numeric_string would read one
byte from the zero-sized buffer and return an error code that depends on
its value. This is demonstrated by the test suite changes, which
check that an OID with length zero and an invalid buffer pointer does
not cause Mbed TLS to segfault.
Also check that second and subsequent subidentifiers are terminated, and
add a test case for that. Furthermore, stop relying on integer division
by 40, use the same loop for both the first and subsequent
subidentifiers, and add additional tests.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-03-16 01:06:41 -04:00
Gilles Peskine
2a44ac245f
Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api
...
ssl_cache: Add cache entry removal api
2023-03-15 15:38:06 +01:00
Janos Follath
0086f8626a
Add changelog entry
...
PR7083 silently fixed a security vulnerability in public, this commit
adds a changelog entry for it.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-15 13:31:48 +00:00
Dave Rodgman
a94c90d30d
Merge pull request #7282 from gilles-peskine-arm/changelog-6567-psa_key_derivation_abort-no-other_secret
...
Add changelog entry for a bug in non-PAKE code fixed during PAKE work
2023-03-15 09:27:33 +00:00