yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
17062 commits 1 branch 0 tags 94 MiB
Commit graph

571 commits

Author SHA1 Message Date
Ronald Cron
57864faf84
Merge pull request #4634 from Patater/mbed-can-do-timing 
config: Allow Mbed to implement TIMING_C
 2021-06-11 09:14:13 +02:00
Gilles Peskine
02b76b7d18
Merge pull request #4619 from TRodziewicz/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options 
Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code
 2021-06-10 17:43:36 +02:00
Manuel Pégourié-Gonnard
8323244ca3 Add ChangeLog entry about RSA side channel. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-10 13:30:07 +02:00
Jaeden Amero
197496af69 config: Allow Mbed to implement TIMING_C 
Mbed OS now provides POSIX-like time functions, although not alarm() nor
signal(). It is possible to implement MBEDTLS_TIMING_ALT on Mbed OS, so
we should not artificially prevent this in check-config. Remove the the
check that prevents implementing MBEDTLS_TIMING_ALT on Mbed OS.

Note that this limitation originally was added in the following commit,
although there isn't much context around why the restriction was
imposed: 63e7ebaaa1 ("Add material for generating yotta module"). In
2015, Mbed OS was quite a different thing: no RTOS, no threads, just an
asynchronous event loop model. I'd suppose the asynchronous event loop
model made it difficult before to implement MBEDTLS_TIMING_C on Mbed OS,
but that is no longer the case.

Fixes #4633

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
 2021-06-09 13:47:27 +01:00
TRodziewicz
b8367380b1 Addition of the migration guide 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 13:31:42 +02:00
TRodziewicz
3ecb92e680 Remove _X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 13:28:16 +02:00
TRodziewicz
1e66642d68 Addition of change log and migration guide files. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 11:25:28 +02:00
Ronald Cron
6fe1bc3f24 Add change log and migration guide 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:19 +02:00
Manuel Pégourié-Gonnard
caa0e93f08
Merge pull request #4617 from daverodgman/cmake-version 
Document minimum tool versions for 3.0
 2021-06-08 11:38:03 +02:00
Manuel Pégourié-Gonnard
16fdab79a5
Merge pull request #4382 from hanno-arm/max_record_payload_api 
Remove MFL query API and add API for maximum plaintext size of incoming records
 2021-06-08 11:07:27 +02:00
Manuel Pégourié-Gonnard
dacd044938
Merge pull request #4516 from TRodziewicz/Remove__CHECK_PARAMS_option 
Remove MBEDTLS_CHECK_PARAMS option
 2021-06-08 09:30:48 +02:00
Gilles Peskine
8d4e32b888
Merge pull request #4522 from mpg/fix-ssl-cf-hmac-alt-dev 
Fix misuse of MD API in SSL constant-flow HMAC
 2021-06-07 20:53:33 +02:00
TRodziewicz
0730cd5d9e Merge branch 'development' into Remove__CHECK_PARAMS_option 2021-06-07 15:41:49 +02:00
TRodziewicz
442fdc22ea Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-07 13:52:23 +02:00
Manuel Pégourié-Gonnard
13a9776676 Editorial improvements 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-07 12:00:04 +02:00
Manuel Pégourié-Gonnard
3b5a7c198c Update ChangeLog and migration guide 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-07 11:13:34 +02:00
Dave Rodgman
f21e4621f8 Changelog entry for updated tool versions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-07 09:18:50 +01:00
Chris Kay
d259e347e6 Add CMake package config file 
This change enables automatic detection and consumption of Mbed TLS
library targets from within other CMake projects. By generating an
`MbedTLSConfig.cmake` file, consuming projects receive a more complete
view of these targets, allowing them to be used as dependencies which
properly inherit the transitive dependencies of the libraries.

This is fairly fragile, as it seems Mbed TLS's libraries do not appear
to properly model their dependencies on other targets, including
third-party dependencies. It is, however, sufficient for building and
linking the compiled Mbed TLS libraries when there are no third-party
dependencies involved. Further work is needed for more complex
use-cases, but this will likely meet the needs of most projects.

Resolves #298. Probably useful for #2857.

Signed-off-by: Chris Kay <chris.kay@arm.com>
 2021-06-04 16:02:48 +01:00
Gilles Peskine
5b0589e9ab Fix non-constant-time comparison in mbedtls_mpi_random 
Calling mbedtls_mpi_cmp_int reveals the number of leading zero limbs
to an adversary who is capable of very fine-grained timing
measurements. This is very little information, but could be practical
with secp521r1 (1/512 chance of the leading limb being 0) if the
adversary can measure the precise timing of a large number of
signature operations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-04 14:47:24 +02:00
Manuel Pégourié-Gonnard
0c1a42a147
Merge pull request #4611 from gilles-peskine-arm/random-range-uniformity-3.0 
Fix non-uniform random generation in a range
 2021-06-04 10:43:15 +02:00
Manuel Pégourié-Gonnard
f9f9cc217c
Merge pull request #4579 from tom-daubney-arm/rm_ecdh_legacy_context_config_option 
Remove `MBEDTLS_ECDH_LEGACY_CONTEXT` config option
 2021-06-04 10:02:59 +02:00
Gilles Peskine
9367f4b1d9 Add changelog entry for non-uniform MPI random generation 
Fix #4245.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
fdc58c1e8b Changelog entry for adding mbedtls_mpi_random() 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Manuel Pégourié-Gonnard
84191eab06
Merge pull request #4315 from Kxuan/feat-pre-compute-tls 
Static initialize comb table
 2021-06-03 11:41:54 +02:00
kXuan
782c2b9f36
fix comment, ChangeLog & migration-guide for MBEDTLS_ECP_FIXED_POINT_OPTIM 
Signed-off-by: kXuan <kxuanobj@gmail.com>
 2021-06-03 15:47:40 +08:00
Thomas Daubney
adb93d732f Adds ChangeLog entry 
Commit adds required ChangeLog entry.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-06-02 13:45:57 +01:00
Manuel Pégourié-Gonnard
1b1327cc0d
Merge pull request #4581 from TRodziewicz/remove_supp_for_extensions_in_pre-v3_X.509_certs 
Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option
 2021-06-02 13:48:03 +02:00
Manuel Pégourié-Gonnard
df77624ab5
Merge pull request #4490 from TRodziewicz/Combine__SSL_<CID-TLS1_3>_PADDING_GRANULARITY_options 
Combine _SSL_<CID-TLS1_3>_PADDING_GRANULARITY options
 2021-06-02 13:47:48 +02:00
Manuel Pégourié-Gonnard
1b3b27cbb0
Merge pull request #4587 from TRodziewicz/remove_3DES_ciphersuites 
Remove 3DES ciphersuites
 2021-06-02 11:01:42 +02:00
Gilles Peskine
fe3069b7f1
Merge pull request #4585 from mpg/cipher-aead-delayed 
Clarify multi-part AEAD calling sequence in Cipher module
 2021-06-01 12:04:19 +02:00
TRodziewicz
f059e74a22 Re-wording ChangeLog and reverting overzealous removal from config.h 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-01 11:17:07 +02:00
Manuel Pégourié-Gonnard
c01b87b820 Fix some typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-01 09:40:53 +02:00
kXuan
22fc906d57
Add ChangeLog and migration guide for MBEDTLS_ECP_FIXED_POINT_OPTIM 
Signed-off-by: kXuan <kxuanobj@gmail.com>
 2021-06-01 14:01:59 +08:00
Manuel Pégourié-Gonnard
6d84e917bb
Merge pull request #4568 from creiter32/to_upstream/csr_critical_extensions 
Expose flag for critical extensions
 2021-05-31 12:46:59 +02:00
Manuel Pégourié-Gonnard
ee57ebe553 Add ChangeLog and migration guide entries 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-31 12:25:01 +02:00
TRodziewicz
3670e387dc Remove 3DES ciphersuites 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-31 12:11:53 +02:00
Manuel Pégourié-Gonnard
daae68d9b2
Merge pull request #4565 from mpg/fixup-changelog-4495-4286 
Fix the "rm (D)TLS 1.0 1.1" ChangeLog entry
 2021-05-31 11:37:04 +02:00
Ronald Cron
ea62d2f391
Merge pull request #4369 from hanno-arm/relax_psk_config 
Implement relaxed semantics for static PSK configuration in Mbed TLS 3.0
 2021-05-31 10:03:56 +02:00
TRodziewicz
dee975af7d Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option 
Remove define

Add ChangeLog file and migration guide entry

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-28 15:27:01 +02:00
Hanno Becker
934ab00f77 Minor improvement of ChangeLog wording 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-28 09:52:54 +01:00
Hanno Becker
196739b478 Change wording in documentation of PSK configuration 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-28 05:33:14 +01:00
TRodziewicz
062f353804 Changes after code review 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-27 17:34:14 +02:00
TRodziewicz
caf2ae04b8 ChangeLog and migration guide added. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-27 17:33:51 +02:00
Christoph Reiter
95273f4b07 Expose flag for critical extensions 
Enables creating X.509 CSRs with critical extensions.

Signed-off-by: Christoph Reiter <christoph.reiter@infineon.com>
 2021-05-27 14:27:43 +02:00
Ronald Cron
142c205ffc
Merge pull request #4513 from Patater/psa-without-genprime-fix 
psa: Support RSA signature without MBEDTLS_GENPRIME
 2021-05-27 14:19:24 +02:00
TRodziewicz
5c251c6a5e Add the ChangeLog file 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-26 13:36:40 +02:00
TRodziewicz
5e3c398de2 A small change in ChangeLog just to restart Travis build 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-26 13:19:14 +02:00
TRodziewicz
e8dd7097c3 Combine MBEDTLS_SSL_<CID-TLS1_3>_PADDING_GRANULARITY options 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-26 13:19:08 +02:00
Manuel Pégourié-Gonnard
c87a07de90 Fix the "rm (D)TLS 1.0 1.1" ChangeLog entry 
- Removing MBEDTLS_SSL_RECORD_CHECKING has nothing to do with TLS 1.0,
TLS 1.1 and DTLS 1.0. It has been included here as a consequence of an
unfortunate typo in the description of 4286. Actually, this macro was
removed independently and we already have a ChangeLog entry about it:
ChangeLog.d/issue4361.txt

- While at it, remove the word "deprecated": these macros and functions
had not been documented as deprecated in any version of the library
before being removed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-26 10:38:59 +02:00
Gilles Peskine
b7abba28e3
Merge pull request #4515 from tom-daubney-arm/remove_rsa_mode_params_2 
Remove rsa mode params part 2
 2021-05-25 20:36:33 +02:00
Gilles Peskine
8a5304d446
Merge pull request #4553 from gilles-peskine-arm/aria_alt-3.0 
Fix ARIA_ALT header and self-test and CAMELLIA_ALT self-test
 2021-05-25 20:32:40 +02:00
Thomas Daubney
731b952b69 Additional corrections to ChangeLog 
Commit makes further corrections to the
wording in the ChangeLog entry.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-05-25 16:26:24 +01:00
Thomas Daubney
6f966112c7 Corrections to ChangeLog and Migration guide 
Corrections to address wording of ChangeLog
and Migration guide.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-05-25 15:00:19 +01:00
Gilles Peskine
0e1f05d34b Changelog entry for the ARIA_ALT and CAMELLIA_ALT fixes 
Fix ARMmbed/mbed-os#14694

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-25 15:33:14 +02:00
TRodziewicz
9d1ce40898 Additional corrections 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 14:07:17 +02:00
TRodziewicz
4ca18aae38 Corrections after the code review 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 13:38:00 +02:00
TRodziewicz
d807060e0a Addition of migration guide and corrections to the ChangeLog file 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:50:51 +02:00
TRodziewicz
28126050f2 Removal of constants and functions and a new ChangeLog file 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:48:12 +02:00
Thomas Daubney
2fbbe1d2fe Corrections to ChangeLog and Migration guide 
This commit fixes typos and re-words
the migration guide. It also adds
the issue number to the ChangeLog.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-05-24 10:53:57 +01:00
Hanno Becker
fb1add76fd Don't use markdown formatting in ChangeLog 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-23 06:03:55 +01:00
Hanno Becker
24628b69be Add ChangeLog entry 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-23 06:03:55 +01:00
Thomas Daubney
62b0d1dbc8 Adds ChangeLog and Migration guide entry 
Commit adds relevant entry to the
ChangeLog and to the
Migration guide.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-05-21 17:05:12 +01:00
Ronald Cron
f823722af4
Merge pull request #4532 from gilles-peskine-arm/host_test-int32-3.0 
Fix build error in host_test.function when int32_t is not int
 2021-05-21 16:02:28 +02:00
Janos Follath
7fc487c4d6
Merge pull request #4347 from hanno-arm/ssl_session_cache_3_0 
Add session ID as an explicit parameter to SSL session cache API
 2021-05-21 09:28:55 +01:00
Manuel Pégourié-Gonnard
59c4412767
Merge pull request #4497 from netfoundry/fix-mingw-build-development 
Use proper formatting macros when using MinGW provided stdio
 2021-05-21 10:03:26 +02:00
Ronald Cron
ca72287583
Merge pull request #4304 from mstarzyk-mobica/convert_NO_SHA384_to_positive 
Modify config option for SHA384.
 2021-05-21 08:04:33 +02:00
Jaeden Amero
424fa93efd psa: Support RSA signature without MBEDTLS_GENPRIME 
On space-constrained platforms, it is a useful configuration to be able
to import/export and perform RSA key pair operations, but to exclude RSA
key generation, potentially saving flash space. It is not possible to
express this with the PSA_WANT_ configuration system at the present
time. However, in previous versions of Mbed TLS (v2.24.0 and earlier) it
was possible to configure a software PSA implementation which was
capable of making RSA signatures but not capable of generating RSA keys.
To do this, one unset MBEDTLS_GENPRIME.

Since the addition of MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR, this
expressivity was lost. Expressing that you wanted to work with RSA key
pairs forced you to include the ability to generate key pairs as well.

Change psa_crypto_rsa.c to only call mbedtls_rsa_gen_key() if
MBEDTLS_GENPRIME is also set. This restores the configuration behavior
present in Mbed TLS v2.24.0 and earlier versions.

It left as a future exercise to add the ability to PSA to be able to
express a desire for a software or accelerator configuration that
includes RSA key pair operations, like signature, but excludes key pair
generation.

Without this change, linker errors will occur when attempts to call,
which doesn't exist when MBEDTLS_GENPRIME is unset.
    psa_crypto_rsa.c.obj: in function `rsa_generate_key':
    psa_crypto_rsa.c:320: undefined reference to `mbedtls_rsa_gen_key'

Fixes #4512

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
 2021-05-20 17:08:59 +01:00
Gilles Peskine
e913174c8a
Merge pull request #4543 from gilles-peskine-arm/undefined-reference-3.0 
Fix missing compilation guard around psa_crypto_driver_wrappers.c
 2021-05-20 17:20:31 +02:00
Ronald Cron
49fef37ebf
Merge pull request #4342 from gilles-peskine-arm/gcm-update-any-length 
GCM: allow arbitrary lengths for update
Only the ABI-API-checking job failed and this is expected thus good to go.
 2021-05-20 15:08:55 +02:00
Mateusz Starzyk
17011a3185 Merge branch 'development' into convert_NO_SHA384_to_positive 
Conflicts:
	library/version_features.c
	programs/test/query_config.c

Files were removed in development branch and modified by current branch.
Conflicts fixes by removing them.
 2021-05-20 14:18:12 +02:00
Gilles Peskine
eb30b0cc39 Merge remote-tracking branch 'upstream-public/development' into no-generated-files-3.0 
Conflicts: generated files that are removed in this branch and have
changed in development. Resolved by keeping the files removed.
 2021-05-20 10:40:48 +02:00
Gilles Peskine
383339c1f1 Changelog entry for the requirement to generate source files 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-20 10:37:22 +02:00
Manuel Pégourié-Gonnard
729fa5be88
Merge pull request #4450 from mstarzyk-mobica/remove_null_entropy 
Remove MBEDTLS_TEST_NULL_ENTROPY config option.
 2021-05-20 09:19:55 +02:00
Gilles Peskine
1905a24488 Fix missing compilation guard around psa_crypto_driver_wrappers.c 
Fix #4411.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-19 21:06:01 +02:00
Manuel Pégourié-Gonnard
2213871654
Merge pull request #4489 from TRodziewicz/Remove__SSL_RECORD_CHECKING 
Remove  ssl record checking
 2021-05-19 13:57:51 +02:00
Ronald Cron
0e3ec27598
Merge pull request #4506 from gilles-peskine-arm/array-parameters-to-pointers-sha512 
Change sha256 and sha512 output type from an array to a pointer
 2021-05-19 12:37:17 +02:00
Mateusz Starzyk
d9a4c73c99 Add changelog entries for MBEDTLS_SHA224_C and MBEDTLS_SHA384_C. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-05-19 12:36:24 +02:00
Gilles Peskine
f09a66dd78
Merge pull request #4526 from gilles-peskine-arm/pr_4510-changelog 
Add changelog entry for #4510
 2021-05-19 11:58:03 +02:00
Mateusz Starzyk
86ead6aba3 Add changelog entries for SHA1 and SHA384 ciphersuites bugfixes. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-05-19 11:56:06 +02:00
Manuel Pégourié-Gonnard
5ca21db813 Fix misuse of MD API in SSL constant-flow HMAC 
The sequence of calls starts-update-starts-update-finish is not a
guaranteed valid way to abort an operation and start a new one. Our
software implementation just happens to support it, but alt
implementations may very well not support it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-19 10:33:40 +02:00
Gilles Peskine
a7a4306adf Fix build error when int32_t is not int 
Fix a pointer mismatch when int32_t is not int, for example on Cortex-M where
in32_t is long int. Fix #4530

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-18 16:43:43 +02:00
Gilles Peskine
e7e958b1f1
Merge pull request #4393 from gilles-peskine-arm/generate-tests-python3-make-2.x 
Use Python 3 instead of Python 2 to generate test files
 2021-05-18 13:30:36 +02:00
Hanno Becker
ea620864ac Fix formatting of changelog entry 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-18 08:36:36 +01:00
Hanno Becker
217715d32b Add ChangeLog entry 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-18 05:28:53 +01:00
Gilles Peskine
3eac612650 Add changelog entry for #4510 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-17 22:18:35 +02:00
Ronald Cron
fdcde47f36
Merge pull request #4458 from davidhorstmann-arm/remove-max-content-len 
Remove MBEDTLS_SSL_MAX_CONTENT_LEN option
 2021-05-17 16:36:04 +02:00
Manuel Pégourié-Gonnard
5605911fd3
Merge pull request #4447 from hanno-arm/ssl_config_cleanup 
Avoid and remove some SSL error codes for Mbed TLS 3.0
 2021-05-17 10:55:17 +02:00
Hanno Becker
9067148918 Add ChangeLog entry 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 20:13:57 +01:00
Hanno Becker
59b97bbe06 Fixup glitch in ChangeLog entry 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 17:12:15 +01:00
Hanno Becker
a808ec3f0d Add ChangeLog entry 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 17:10:15 +01:00
TRodziewicz
95f8f22c27 Migration guide added and ChangeLog clarified 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-14 14:07:51 +02:00
Gilles Peskine
d7b3d92476 Change sha256 output type from an array to a pointer 
The output parameter of mbedtls_sha256_finish_ret and mbedtls_sha256_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-224 hash into a
28-byte buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-13 00:46:29 +02:00
Gilles Peskine
e02e02f203 Change sha512 output type from an array to a pointer 
The output parameter of mbedtls_sha512_finish_ret and mbedtls_sha512_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-384 hash into a
48-byte buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-13 00:32:45 +02:00
eugene
b46d1a74f9 fix changelog entry 
Signed-off-by: eugene <eugene.kobyakov@netfoundry.io>
 2021-05-12 14:36:24 -04:00
eugene
e42a50da04 use proper formatting macros when using MinGW provided stdio 
add changelog entry

Signed-off-by: eugene <eugene.kobyakov@netfoundry.io>
 2021-05-12 12:59:30 -04:00
Ronald Cron
7dbcc3c794
Merge pull request #4470 from d3zd3z/fix-posix-define 
Check if feature macro is defined before define it
 2021-05-12 15:47:12 +02:00
TRodziewicz
102c89ed65 Remove the MBEDTLS_SSL_RECORD_CHECKING option 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-12 13:28:59 +02:00
David Brown
803d3e4c70 Add changelog for posix definition 
Signed-off-by: David Brown <david.brown@linaro.org>
 2021-05-11 12:44:40 -06:00
Mateusz Starzyk
72f60dfcc1 Remove MBEDTLS_TEST_NULL_ENTROPY config option. 
Building the library without entropy sources negates any and all security
provided by the library.
This option was originally requested a relatively long time ago and it
does not provide any tangible benefit for users any more.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-05-11 13:15:19 +02:00
David Horstmann
95d516f319 Remove MBEDTLS_SSL_MAX_CONTENT_LEN option 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-05-10 17:02:48 +01:00
Gilles Peskine
015109b066 Changelog entry for the removal of config-psa-crypto.h in 3.0 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-10 10:36:37 +02:00
Manuel Pégourié-Gonnard
b548cda1cf
Merge pull request #4397 from TRodziewicz/change_config_h_defaults 
Four config.h defaults have been changed.
 2021-05-07 12:42:39 +02:00
Manuel Pégourié-Gonnard
dd57b2f240
Merge pull request #4445 from TRodziewicz/remove_deprecated_things_-_remainder 
Remove deprecated functions and constants.
 2021-05-07 10:05:30 +02:00
Gilles Peskine
e0de27729e Changelog entry for no longer explicitly invoking python2 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-06 11:35:18 +02:00
TRodziewicz
c1c479fbe9 Fllow-up of the review: ChangeLog expansion, mmigration guides added and comments fixed 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-06 00:53:22 +02:00
Gilles Peskine
275b9b2ef4
Merge pull request #4402 from mpg/migration-guide-3.0 
Migration guide for 3.0
 2021-05-05 14:30:39 +02:00
Ronald Cron
98d00d06a0
Merge pull request #4426 from ronald-cron-arm/remove-enable-weak-ciphersuites 
Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option
 2021-05-04 17:20:36 +02:00
Ronald Cron
d5d04962ef Add change log and migration guide 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-05-04 15:59:10 +02:00
Manuel Pégourié-Gonnard
759f551010 Add a missing ChangeLog entry 
Was missed in https://github.com/ARMmbed/mbedtls/pull/4324

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-04 11:35:08 +02:00
Gilles Peskine
59d97a16d6
Merge pull request #4437 from gilles-peskine-arm/aes2crypt-removal-2.x 
Remove the sample program aescrypt2
 2021-04-30 11:15:22 +02:00
TRodziewicz
85dfc4de20 Applying current changes 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-30 00:07:04 +02:00
TRodziewicz
18efb73743 Remove deprecated functions and constants. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-29 23:12:19 +02:00
Ronald Cron
1a85d3b122
Merge pull request #4146 from stevew817/allow_skipping_3des_cmac_when_alt 
Allow CMAC self-test to skip tests for unsupported primitives (2)
 2021-04-29 16:04:39 +02:00
Gilles Peskine
85f023b007
Merge pull request #3950 from gilles-peskine-arm/dhm_min_bitlen-bits 
Enforce dhm_min_bitlen exactly
 2021-04-29 14:55:30 +02:00
Dave Rodgman
c86f330aed
Merge pull request #3777 from hanno-arm/x509-info-optimization_rebased 
Reduce ROM usage due to X.509 info
 2021-04-28 17:31:55 +01:00
Gilles Peskine
e67665ca20
Merge pull request #4006 from chris-jones-arm/development 
Add macro to check error code additions/combinations
 2021-04-28 16:47:29 +02:00
Tomasz Rodziewicz
e66f49c3ce
Merge branch 'development_3.0' into change_config_h_defaults 2021-04-28 16:37:27 +02:00
Gilles Peskine
98b3cd6b23 Remove the sample program aescrypt2 
The sample program aescrypt2 shows bad practice: hand-rolled CBC
implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key
stretching, no algorithm agility. The new sample program pbcrypt does
the same thing, but better. So remove aescrypt2.

Fix #1906

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-28 15:57:30 +02:00
Gilles Peskine
2c8041d6df
Merge pull request #4433 from bensze01/psa_aead_output_size 
[development] PSA: Update AEAD output buffer macros to PSA API version 1.0
 2021-04-28 13:30:40 +02:00
Bence Szépkúti
da95ef9ae0 Remove PSA AEAD output size compatibility macros 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-04-28 10:01:20 +02:00
Ronald Cron
3e7481e6a2
Merge pull request #4219 from stevew817/fix_missing_parenthesis 
Add missing parenthesis when MBEDTLS_ECP_NORMALIZE_MXZ_ALT is declared

@mpg comment has been addressed thus this can be merged.
 2021-04-28 08:35:00 +02:00
Hanno Becker
54dcf5e6c9 Add ChangeLog entry 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-27 17:20:56 +01:00
Dave Rodgman
0c37b4f826 Improve changelog entry for #4217 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-27 17:01:24 +01:00
Bence Szépkúti
58d8518eb1 Update changelog 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-04-27 04:41:43 +02:00
Dave Rodgman
12f93f4fc2
Merge pull request #4407 from ARMmbed/dev3_signoffs 
Merge development_3.0 into development
 2021-04-26 19:48:16 +01:00
TRodziewicz
87bfa20f1c Removing trailing space from ChangeLog file 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-26 20:08:53 +02:00
Dave Rodgman
10ba553c2e Update Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-26 16:23:22 +01:00
Dave Rodgman
ddb8ea6847 Fix Changelog entry 
Rename a Changelog.d file, so that it gets picked up as expected by
scripts/assemble_changelog.py.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-26 16:23:21 +01:00
Dave Rodgman
a00e8502c9 Documentation updates for Mbed TLS 3.0 
Update documentation to reflect the branch changes.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-26 16:23:21 +01:00
TRodziewicz
ede3085563 Add ChangeLog file and fix comment in config.h 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-26 15:44:25 +02:00
Ronald Cron
b5939e814e
Merge pull request #4160 from stevew817/feature/driver_builtin_keys 
Add implementation for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS

Merging as it has been ready for four days now and I prefer not having to go through other rebases especially given the coming change of scope of development (3.0 rather than 2.2x).
 2021-04-23 09:40:31 +02:00
Steven Cooreman
894b9c4635 Add documentation for change in CMAC self-test behaviour 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-04-23 08:19:43 +02:00
Tomasz Rodziewicz
9a97a13d3e
Merge branch 'development_3.0' into remove_depr_error_codes 2021-04-22 12:53:15 +02:00
Manuel Pégourié-Gonnard
f6b677ea98
Merge pull request #4349 from mpg/apply-4334-3.0 
Apply 4334 to development-3.0
 2021-04-22 12:42:40 +02:00
Tomasz Rodziewicz
7bdbc45275
Update issue4283.txt 
Corrections in the ChangeLog file after a review.
 2021-04-21 16:50:15 +02:00
Tomasz Rodziewicz
d6c246f5bf
Merge branch 'development_3.0' into remove_depr_error_codes 2021-04-21 12:31:43 +02:00
Mateusz Starzyk
f9c7b3eb11 Remove PKCS#11 library wrapper. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-04-21 11:05:00 +02:00
Manuel Pégourié-Gonnard
1cc91e7475
Merge pull request #4366 from gilles-peskine-arm/development_3.0-merge_2.x-20210419 
Merge development 2.x into 3.0 (Apr 19)
 2021-04-19 13:08:48 +02:00
Manuel Pégourié-Gonnard
16529bd439
Merge pull request #4344 from TRodziewicz/remove_deprecated_things_in_crypto_compat_h 
Remove deprecated things from crypto_compat.h and dependent tests.
 2021-04-19 10:55:21 +02:00
Gilles Peskine
ee259130e4 Merge branch 'development' into development_3.0 
Conflicts:
* visualc/VS2010/mbedTLS.vcxproj: resolved by re-generating the file
  with scripts/generate_visualc_files.pl.
 2021-04-19 10:51:59 +02:00
Manuel Pégourié-Gonnard
0bbb38c67e
Merge pull request #4199 from TRodziewicz/mul_shortcut_fix 
Fix ECDSA failing when the hash is all-bits-zero
 2021-04-19 09:54:12 +02:00
Mateusz Starzyk
bf4c4f9cd5 Reword changelog entry for removal of SHA-1 
from the default TLS configuration.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-04-16 18:39:10 +02:00
Mateusz Starzyk
a58625f90d Remove optional SHA-1 in the default TLS configuration. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-04-16 18:39:10 +02:00
Mateusz Starzyk
a17fb8eac8 Fix line lenghts in changelog entry for removal of old TLS features. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-04-16 10:32:17 +02:00
Gilles Peskine
295fc13ef3 Split mbedtls_gcm_update_ad out of mbedtls_gcm_starts 
The GCM interface now has separate functions to start the operation
and to pass the associated data.

This is in preparation for allowing the associated data to be passed
in chunks with repeatated calls to mbedtls_gcm_update_ad().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-15 21:34:33 +02:00
Gilles Peskine
a56c448636 Add output length parameters to mbedtls_gcm_update 
Alternative implementations of GCM may delay the output of partial
blocks from mbedtls_gcm_update(). Add an output length parameter to
mbedtls_gcm_update() to allow such implementations to delay the output
of partial blocks. With the software implementation, there is no such
delay.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-15 21:34:33 +02:00
Gilles Peskine
9461e45a17 Add output parameter to mbedtls_gcm_finish 
Alternative implementations of GCM may delay the output of partial
blocks from mbedtls_gcm_update(). Add an output parameter to
mbedtls_gcm_finish() to allow such implementations to pass the final
partial block back to the caller. With the software implementation,
this final output is always empty.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-15 18:41:38 +02:00
Gilles Peskine
441907ec30 Remove alignment requirement for mbedtls_gcm_update: documentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-15 18:41:38 +02:00
Bence Szépkúti
8072db2fcb Add changelog 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-04-15 17:32:16 +02:00
Steven Cooreman
5be864f645 Add changelog for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-04-15 15:06:52 +02:00