yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
29689 commits 1 branch 0 tags 94 MiB
Commit graph

1420 commits

Author SHA1 Message Date
Gilles Peskine
d39edead25 Changelog entry for #7298 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-29 13:07:01 +02:00
Manuel Pégourié-Gonnard
ef89fb80d7 Fix ChangeLog entry for FFDH in PSA 
It was jumping directly to "driver support" and omitting the first step
of "PSA support".

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-29 12:26:47 +02:00
Manuel Pégourié-Gonnard
c9d9b1fdb1 Update ChangeLog for ECC.BN EPIC 
Actually not much to change there, from a high level perspective things are
quite simple: you used to be able to disable ECP_C, now you can disable
BIGNUM_C too.

There will be more to update in driver-only-build.md which is the right
place for a more detailed explanation of the limitations.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 08:51:51 +02:00
Dave Rodgman
e614129895 Update padding const-time fix changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-27 16:27:50 +01:00
Dave Rodgman
0fc86b2ddf
Merge pull request #8075 from valeriosetti/issue8016 
driver-only ECC: curve acceleration macros
 2023-09-27 14:39:02 +00:00
Manuel Pégourié-Gonnard
bdc678f910 Add ChangeLog entry for change in driver config API 
While this was arguably a bug as much as it is a change, I'm choosing
the "API changes" section in order to give this more visibility as it
seems likely to "break" (that is, compile in the built-implementation
when it isn't desired) the build of some people who were relying on the
old behaviour by not declaring which curves were accelerated (as most of
our tests did before this PR).

Said otherwise, as a user, I expect that most of the time "Bugfix" is
for things that were not working and are now working, but here
interested users are more likely to see it as "previously doing what I
want, but now no longer doing what I want unless I make changes to my
code". (Though of course there's no clear distinction, see xkcd 1172.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-27 10:53:44 +02:00
Dave Rodgman
6da7872aa2
Merge pull request #1083 from gilles-peskine-arm/development-restricted-merge-20230925 
Merge development into development-restricted
 2023-09-25 18:16:01 +01:00
Gilles Peskine
ffe590d197
Merge pull request #1058 from waleed-elmelegy-arm/check-set_padding-is-called 
Check set_padding has been called in mbedtls_cipher_finish
 2023-09-25 17:12:36 +02:00
Gilles Peskine
ca1e605b9c Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925 
Conflicts:
* `include/mbedtls/build_info.h`: a new fragment to auto-enable
  `MBEDTLS_CIPHER_PADDING_PKCS7` was added in
  c9f4040f7f in `development-restricted`.
  In `development`, this section of the file has moved to
  `include/mbedtls/config_adjust_legacy_crypto.h`.
* `library/bignum.c`: function name change in `development-restricted` vs
  comment change in development. The comment change in `development` is not
  really relevant, so just take the line from `development-restricted`.
 2023-09-25 16:16:26 +02:00
Minos Galanakis
c91d847e0d ChangeLog: Adjusted the updated_windows_apis log 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-09-25 14:12:22 +01:00
Minos Galanakis
7afebccf69 ChangeLog.d: Added mininum required Windows version. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-09-25 14:12:22 +01:00
Minos Galanakis
e960365957 ChangeLog.d: Reworded updated_windows_apis.txt. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-09-25 14:12:22 +01:00
Minos Galanakis
8792717309 Changelog: Removed entry from root file 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-09-25 14:12:21 +01:00
Dave Rodgman
76059e5ef8
Merge pull request #1078 from daverodgman/padding-ct-changelog 
Padding ct changelog
 2023-09-25 14:02:42 +01:00
Manuel Pégourié-Gonnard
1f61b7b8ea Document driver-only hashes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-24 09:48:46 +02:00
Gilles Peskine
18e1d11cfe
Merge pull request #1049 from waleed-elmelegy-arm/Switch-pkparse-to-mbedtls_pkcs5_pbe2_ext 
Switch pkparse to use new pkcs5/12 pbe functions
 2023-09-22 18:06:50 +02:00
Dave Rodgman
d162c662b0 Update changelog text 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 16:33:12 +01:00
Gilles Peskine
193f94276e
Merge pull request #1071 from gilles-peskine-arm/ssl_decrypt_stream_short_buffer 
Fix buffer overread in mbedtls_ssl_decrypt_buf with stream cipher
 2023-09-22 11:43:03 +02:00
Waleed Elmelegy
38202a2b18 Improve pkparse test dependencies and changelog 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 15:21:10 +01:00
Dave Rodgman
c3cb97896b Changelog for padding CT fixes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 10:26:52 +01:00
Gilles Peskine
efaee9a299 Give a production-sounding name to the p256m option 
Now that p256-m is officially a production feature and not just an example,
give it a more suitable name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-20 20:49:47 +02:00
Waleed Elmelegy
8d83b05ee0 Add changelog entry for switching pkparse to new pbe functions 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:29:02 +01:00
Gilles Peskine
452beb9076
Merge pull request #8203 from gilles-peskine-arm/p256-m-production 
Declare p256-m as ready for production
 2023-09-20 09:36:05 +00:00
Gilles Peskine
faf0b8604a mbedtls_ssl_decrypt_buf(): fix buffer overread with stream cipher 
With stream ciphers, add a check that there's enough room to read a MAC in
the record. Without this check, subtracting the MAC length from the data
length resulted in an integer underflow, causing the MAC calculation to try
reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 19:07:50 +02:00
Waleed Elmelegy
6d2c5d5f5c Adjust cipher tests to new requirement of specifying padding mode 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-18 17:41:25 +01:00
Gilles Peskine
8a7fb2d799
Merge pull request #1055 from waleed-elmelegy-arm/add-new-pkcs12-pbe2-ext-fun 
Add new pkcs12 pbe2 ext fun
 2023-09-15 18:43:03 +02:00
mcagriaksoy
7f84471a60 Adding changelog for log level message fix 
Signed-off-by: mcagriaksoy <mcagriaksoy@yandex.com>
 2023-09-14 22:43:08 +02:00
Waleed Elmelegy
50888643f4 Reduce line size in new pkcs function changelog 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-14 18:27:17 +01:00
Gilles Peskine
528ec901ab Add a changelog entry for p256-m 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-13 15:41:23 +02:00
Waleed Elmelegy
0684965f5a Modify changelog entry to add pkcs12 pbe functions 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-13 13:35:16 +01:00
Gilles Peskine
3cea3efc25
Merge pull request #8025 from AgathiyanB/accept-numericoid-hexstring-x509 
Accept numericoid hexstring x509
 2023-09-13 08:54:33 +00:00
Waleed Elmelegy
2b143c67a4 Add changelog entry for checking set_padding() before cipher_finish() 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-12 16:20:35 +01:00
Dave Rodgman
1a1b03bfb4
Merge pull request #1024 from daverodgman/safer-ct-changelog 
Changelog for safer constant-time
 2023-09-12 10:59:14 +01:00
Dave Rodgman
7fda906a68
Merge pull request #8161 from gilles-peskine-arm/config-boolean-options-wrong-section-202309 
Fix module configuration options in mbedtls_config.h
 2023-09-11 15:08:56 +00:00
Yanray Wang
3caaf0c61e Enable CIPHER_ENCRYPT_ONLY when DES is disabled 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-11 10:10:44 +08:00
Dave Rodgman
26923c7e49 Add missing hyphen 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-08 10:45:34 +01:00
Dave Rodgman
241a80b717 Improve changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-08 10:21:18 +01:00
Dave Rodgman
3fc3ae708e wip 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-08 10:21:18 +01:00
Dave Rodgman
d441a14f38 Add reference to x86 asm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-08 10:21:18 +01:00
Dave Rodgman
cd1de6350e Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-08 10:21:18 +01:00
Yanray Wang
9b811658a8 Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-09-07 16:18:00 +08:00
Gilles Peskine
d65ea42262 Fix some TLS 1.3 settings that were required in mbedtls_config.h 
Mbed TLS can be configured by writing a configuration file from scratch,
without copying mbedtls_config.h. As a consequence, all the macro
definitions in mbedtls_config.h must be optional. This was not the case for
some MBEDTLS_SSL_TLS1_3_xxx macros with numerical values related to session
tickets. Fix that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 21:10:35 +02:00
Gilles Peskine
1a7d387072
Merge pull request #1041 from waleed-elmelegy-arm/add-new-pkcs5-pbe2-ext-fun 
Add new pkcs5 pbe2 ext fun
 2023-09-04 15:33:42 +02:00
Dave Rodgman
16a76721b6
Merge pull request #8068 from paul-elliott-arm/fix_tls_zeroization 
Fix TLS pad buffer zeroization
 2023-09-01 23:35:23 +00:00
Tom Cosgrove
02ad791f29
Merge pull request #8116 from gilles-peskine-arm/config_psa-changelog-3.5 
Announce that #7420 is fixed
 2023-09-01 13:53:44 +00:00
Paul Elliott
83ae22dbbd Add Changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-09-01 14:29:04 +01:00
Yanray Wang
a6757765c0 Add ChangeLog entry for MBEDTLS_CIPHER_ENCRYPT_ONLY 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 18:37:38 +08:00
Paul Elliott
6ebe7d2e3a
Merge pull request #8095 from davidhorstmann-arm/initialize-struct-get-other-name 
Coverity fix: Set `type_id` in `x509_get_other_name()`
 2023-08-31 16:26:00 +00:00
Dave Rodgman
730bbee226 Merge remote-tracking branch 'origin/development' into update-restricted-2023-08-30 2023-08-30 11:22:00 +01:00
Waleed Elmelegy
4ac8619282 Improve mbedtls_pkcs5_pbes2_ext changelog description 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-29 14:56:15 +01:00
Gilles Peskine
2a296729d0
Merge pull request #8084 from AgathiyanB/remove-type-qualifier-in-assignment-casts 
Remove type qualifier in assignment casts
 2023-08-24 18:02:11 +00:00
Gilles Peskine
ef483255db Announce that #7420 is fixed 
This is part of a bigger issue https://github.com/Mbed-TLS/mbedtls/issues/7609
which is still pending since there are still configurations that are not
handled correctly. However https://github.com/Mbed-TLS/mbedtls/issues/7420
itself was fixed by https://github.com/Mbed-TLS/mbedtls/pull/7611.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-23 18:08:45 +02:00
Agathiyan Bragadeesh
7d20138385 Add Changelog entry for DN changes 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-23 15:46:29 +01:00
Agathiyan Bragadeesh
1515f351a1 Remove IAR warning fixes to 2.28 from changelog 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 15:24:38 +01:00
Agathiyan Bragadeesh
c5eb13d2a9 Reword IAR changelog for fixing compiler warnings 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 15:13:04 +01:00
Tom Cosgrove
17d5081ffb
Merge pull request #8099 from gilles-peskine-arm/split-config_psa-prepare 
Prepare to split config_psa.h
 2023-08-22 07:30:46 +00:00
David Horstmann
43f7602fcc Fixup incorrectly-formatted ChangeLog entry 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-21 17:34:45 +01:00
Gilles Peskine
7b7ecf5e0d Fix condition to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE 
Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when
MBEDTLS_PSA_CRYPTO_CONFIG is disabled. This didn't make sense and was an
editorial mistake when adding it: it's meant as an addition to
MBEDTLS_PSA_CRYPTO_CONFIG_FILE, so it should be included under the same
conditions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-21 16:09:14 +02:00
Tom Cosgrove
d29648026b
Merge pull request #8017 from ivq/unchecked_return 
Fix a few unchecked return values
 2023-08-21 13:02:53 +00:00
Yanray Wang
edbab91bf8 pkwrite.c: write ChangeLog accurately 
The heap memory is used for both RSA and EC keys. So removing `RSA`
in the ChangeLog.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-08-21 15:17:46 +08:00
Dave Rodgman
1fdc884ed8
Merge pull request #7384 from yuhaoth/pr/add-aes-accelerator-only-mode 
AES: Add accelerator only mode
 2023-08-18 20:55:44 +00:00
David Horstmann
1923c91e15 Add ChangeLog entry for otherName SAN fixes 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-18 19:36:42 +01:00
Waleed Elmelegy
1a89170f8d Add changelog entry for new mbedtls_pkcs5_pbe2_ext function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-17 16:00:58 +01:00
Agathiyan Bragadeesh
48eae138a5 Fix formatting in changelog 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-17 14:08:47 +01:00
Agathiyan Bragadeesh
2c018744e5 Add newline at end of changelog 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-17 14:00:10 +01:00
Gilles Peskine
294be94922
Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation 
PBKDF2 CMAC implementation
 2023-08-17 11:15:16 +00:00
Agathiyan Bragadeesh
da8c587531 Add ChangeLog entry 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-17 09:37:46 +01:00
Yanray Wang
0882828b51 pkwrite: add Changelog entry 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-08-17 15:05:26 +08:00
Gilles Peskine
a4c01dd6e9
Merge pull request #7991 from sarveshb14/fix/psa_rsa_signature_using_large_stack 
rsa_signature: Use heap memory to allocate DER encoded RSA private key
 2023-08-16 09:23:29 +00:00
Gilles Peskine
d370f93898
Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn 
OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's
 2023-08-16 09:19:46 +00:00
Dave Rodgman
f97eb58e51 Fix Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-14 15:19:23 +01:00
Dave Rodgman
b8f23b9cfb Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-14 14:28:23 +01:00
Paul Elliott
83c2e321d9 Add changelog 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-08-11 17:04:06 +01:00
Chien Wong
a4c477becd
Add changelog entry 
Signed-off-by: Chien Wong <m@xv97.com>
 2023-08-11 18:19:15 +08:00
Manuel Pégourié-Gonnard
91c8372c01
Merge pull request #6999 from ivq/ecp_doc 
Doc: Add note on special use of A in ecp group structure
 2023-08-10 08:24:05 +00:00
Chien Wong
a559c05a5b
Add changelog 
Signed-off-by: Chien Wong <m@xv97.com>
 2023-08-09 21:49:58 +08:00
Gilles Peskine
a79256472c
Merge pull request #7788 from marekjansta/fix-x509-ec-algorithm-identifier 
Fixed x509 certificate generation to conform to RFCs when using ECC key
 2023-08-07 19:14:54 +00:00
Dave Rodgman
3b5e8aa05c
Merge pull request #8023 from daverodgman/changelog-warning-fixes 
Clarify changelog not needed for compiler warnings
 2023-08-07 10:56:04 +01:00
Dave Rodgman
003a5e1ca7
Merge pull request #1046 from Mbed-TLS/merge_3.4.1 
Merge 3.4.1
 2023-08-03 18:23:37 +01:00
Dave Rodgman
a0fc9987da Merge branch 'development' into merge_3.4.1 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-03 15:56:59 +01:00
Dave Rodgman
6f80ac4979
Merge pull request #7864 from waleed-elmelegy-arm/enforce-min-RSA-key-size 
Enforce minimum key size when generating RSA key size
 2023-08-03 12:57:52 +00:00
Gilles Peskine
ce64156f6d
Merge pull request #8021 from daverodgman/master-update 
Sync development with accidental merge directly onto master
 2023-08-02 13:30:35 +00:00
Dave Rodgman
1de02049e4 Clarify changelog not needed for compiler warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-02 13:01:14 +01:00
Gilles Peskine
82c159fb54 Prepare changelog for release 
```
./scripts/assemble_changelog.py
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-02 12:51:01 +02:00
Gilles Peskine
a256fd8f94 Write changelog entry for the test data update 
We normally don't mention test updates in the changelog, but this one
explains why we're making a patch release.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-02 12:49:07 +02:00
Gilles Peskine
267bee9be8
Merge pull request #7903 from valeriosetti/issue7773 
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/DH
 2023-08-02 10:16:44 +00:00
Dave Rodgman
7f17bd09cc Merge remote-tracking branch 'origin/master' into master-update 2023-08-02 10:57:07 +01:00
Jerry Yu
6943681820 Improve error message and documents 
- fix grammar error
- Add more information for AES_USE_HARDWARE_ONLY
- Improve error message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:44:03 +08:00
Jerry Yu
9e3e3dd45b Fix code-style too-long line fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:44:02 +08:00
Jerry Yu
4dfbb2e747 add changelog entry 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:44:01 +08:00
Waleed Elmelegy
d7bdbbeb0a Improve naming of mimimum RSA key size generation configurations 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-27 14:50:09 +00:00
Sarvesh Bodakhe
430a4f3968 rsa_signature: Use heap memory to allocate DER encoded RSA private key 
'mbedtls_pk_psa_rsa_sign_ext' function allocates a buffer of maximum
size 5679 bytes (MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES) on the stack to store
DER encoded private key. This increased stack usage significantly for
RSA signature operations when MBEDTLS_PSA_CRYPTO_C is defined.

This issue was discovered when adding support for EAP-TLS 1.3 (rfc9190).

Signed-off-by: Sarvesh Bodakhe <sarvesh.bodakhe@espressif.com>
 2023-07-27 14:51:25 +05:30
Valerio Setti
dfed278218 changelog: fix errors/typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-27 10:57:55 +02:00
Gilles Peskine
7ef14bf8a2
Merge pull request #7835 from gilles-peskine-arm/ssl_premaster_secret-empty-3.4 
Fix empty union when TLS is disabled
 2023-07-27 08:28:21 +00:00
Valerio Setti
4b36c59d42 ChangeLog: improving descriptions of KEY_PAIR changes 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-27 09:15:34 +02:00
Manuel Pégourié-Gonnard
1c739ec277
Merge pull request #7900 from mpg/doc-driver-only 
ECPf wrap-up
 2023-07-26 10:25:54 +02:00
Gilles Peskine
5647d06be8
Merge pull request #7518 from gilles-peskine-arm/psa_inject_entropy-file-stability 
Fix and test MBEDTLS_PSA_INJECT_ENTROPY
 2023-07-21 17:37:15 +02:00
Gilles Peskine
2387bdab0f
Merge pull request #1038 from Mbed-TLS/development 
Merge development into development-restricted
 2023-07-21 15:40:36 +02:00
Thomas Daubney
8907815866 Added ChangeLog entry 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-07-18 18:29:46 +01:00
Ronald Cron
e501d0e71e Add change log and non-regression test 
Add change log and non-regression test
for CCM* with no tag not supported in
CCM only configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-17 11:53:20 +02:00
Marek Jansta
044a98aaa3 Updated changelog 
Signed-off-by: Marek Jansta <jansta@2n.cz>
 2023-07-12 17:15:38 +02:00
Dave Rodgman
f3e488ec40
Merge pull request #7216 from lpy4105/issue/6840/add-getters-for-some-fields 
Add getters for some fields
 2023-07-10 17:14:11 +01:00
Manuel Pégourié-Gonnard
5c41ae867b
Merge pull request #7887 from ronald-cron-arm/fix-hrr-in-psk-kem 
tls13: server: Fix spurious HRR
 2023-07-10 09:58:13 +02:00
Pengyu Lv
5a3f5f450c Add changelog entries 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-10 13:25:28 +08:00
Paul Elliott
2dfe7993af
Merge pull request #6914 from davidhorstmann-arm/cmake-pass-through-config-defines 
Pass `MBEDTLS_CONFIG_FILE` defines through cmake
 2023-07-07 17:01:57 +01:00
Manuel Pégourié-Gonnard
a787c0f986 Add Changelog for driver-only ECC so far 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-07 17:09:14 +02:00
Manuel Pégourié-Gonnard
d38ee855eb Add ChangeLog entry for PK_OPAQUE extensions 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-07 17:09:14 +02:00
Ronald Cron
c75ff730cd Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-07 15:53:34 +02:00
Andrzej Kurek
b8c784cdba Changelog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-07 09:05:41 -04:00
David Horstmann
2d3ba07bf4 Add ChangeLog entry for CMake config defines 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-07-07 11:25:40 +01:00
Dave Rodgman
1917ee7cd1
Merge pull request #7867 from gilles-peskine-arm/readme-python3.8 
Officially require Python 3.8
 2023-07-07 09:58:15 +01:00
Tom Cosgrove
836aed7cf8
Merge pull request #6003 from gstrauss/x509_time 
mbedtls_x509_time performance and reduce memory use
 2023-07-06 09:28:14 +01:00
Dave Rodgman
c8d81ad54d
Merge pull request #7784 from daverodgman/aesce-unroll 2023-07-04 18:41:13 +01:00
Kusumit Ghoderao
5168bd5f0f Add changelog entry 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:03 +05:30
Gilles Peskine
958346917c Officially require Python 3.8 
Our code is still compatible with Python 3.5 at the time of writing, but we
don't want to commit to that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-03 17:59:37 +02:00
Dave Rodgman
9cf17dad9d
Merge pull request #7851 from daverodgman/fix-unused-aes 
Fix AES dependencies - build TF-M config cleanly
 2023-07-03 16:49:00 +01:00
Manuel Pégourié-Gonnard
56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2 
Make use of FFDH keys in TLS 1.3 v.2
 2023-07-03 10:12:33 +02:00
Tom Cosgrove
c4a760c538
Merge pull request #7849 from davidhorstmann-arm/fix-string-to-names-retcode 
Fix false success return code in `mbedtls_x509_string_to_names()`
 2023-06-30 14:28:29 +01:00
Dave Rodgman
c23d2222ea
Merge pull request #7728 from waleed-elmelegy-arm/crypt_and_hash-decrypt-fix 
Fix crypt_and_hash decrypt issue when used with stream cipher
 2023-06-30 11:42:35 +01:00
Dave Rodgman
90282149fa fix trailing whitespace 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 11:29:27 +01:00
Dave Rodgman
6bed2dabc1 Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 10:00:23 +01:00
David Horstmann
582b7cf0d4 Add ChangeLog entry for string_to_names() fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-27 15:38:02 +01:00
Dave Rodgman
9f4fd28eff
Merge pull request #7808 from daverodgman/fix-ct-compile-warning 
Fix for arm64_32 (aka ILP32) on Clang
 2023-06-27 15:23:14 +01:00
Gilles Peskine
e8e1e157cb Fix empty union when TLS is disabled 
When all TLS 1.2 support is disabled, union mbedtls_ssl_premaster_secret was
empty, which is not valid C even if the union is never used. Fixes #6628.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-25 21:41:58 +02:00
Dave Rodgman
140fa15a7f Improve changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-21 12:36:52 +01:00
Dave Rodgman
517e891e55 Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-21 11:16:42 +01:00
Gilles Peskine
fd235bc9df Fix very high stack usage in SSL debug code 
Use a switch instead of an array. The array was very hollow for some enum
types such as mbedtls_ssl_protocol_version (which formerly used small
values, but switched to using the protocol encoding as enum values in Mbed
TLS 3.2.0). Optimizing compilers know how to compile a switch into a lookup
table when the range warrants it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-20 17:48:18 +02:00
Marek Jansta
8bde649c0b Fixed AlgorithmIdentifier parameters when used with ECDSA signature algorithm in x509 certificate 
Signed-off-by: Marek Jansta <jansta@2n.cz>
 2023-06-19 12:49:27 +02:00
Dave Rodgman
418843ed64 Improve changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 15:27:23 +01:00
Valerio Setti
01951f01ad changelog: added entries for explaining changes of this PR 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
Gilles Peskine
f45a5a0ddd
Merge pull request #7700 from silabs-Kusumit/PBKDF2_output_bytes 
PBKDF2: Output bytes
 2023-06-16 10:08:02 +02:00
Dave Rodgman
3650a60586 Update changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-15 18:56:15 +01:00
Gilles Peskine
8c2f18dac2
Merge pull request #7738 from davidhorstmann-arm/fix-iar-typo 
Fix typo in CMakeList.txt in IAR compiler flags
 2023-06-15 19:24:00 +02:00
David Horstmann
ff4b6a8d18 Reword changelog entry 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-15 14:08:19 +01:00
Dave Rodgman
2e7d57270e
Merge pull request #7624 from daverodgman/aes-perf 
AES perf improvements
 2023-06-15 12:10:06 +01:00
Tom Cosgrove
6edf8b8c7b
Merge pull request #7451 from yanrayw/7376_aes_128bit_only 
Introduce config option of 128-bit key only in AES calculation
 2023-06-15 10:35:32 +01:00
Gilles Peskine
6966141561 Changelog entry for the MBEDTLS_CIPHER_BLKSIZE_MAX deprecation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
SlugFiller
daa363b4d3
Add changelog entry 
Signed-off-by: SlugFiller <5435495+SlugFiller@users.noreply.github.com>
 2023-06-14 05:42:12 +03:00
Waleed Elmelegy
3bc6feae89 Add crypt_and_hash decrypt issue to Changelog 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-06-12 17:37:23 +01:00
Dave Rodgman
12d89741bf Improve phrasing 
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
 2023-06-11 16:29:54 +01:00
Dave Rodgman
5a46dfae2c Changelog for SHA-384 max block size bug 
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
 2023-06-11 16:23:02 +01:00
Dave Rodgman
0e22597871 Update Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-09 17:23:20 +01:00
Glenn Strauss
4b2a6e8df3 Reuse time when verifying certificate chain 
Replace mbedtls_x509_time_is_past(), mbedtls_x509_time_is_future()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-06-09 17:01:03 +01:00
Glenn Strauss
416dc03467 mbedtls_x509_time_cmp() compare mbedtls_x509_time 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-06-09 17:01:03 +01:00
Tom Cosgrove
ef2aa0ecad Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c 
If we're built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a
way to detect the crypto extensions required, the code turns off _IF_PRESENT
and falls back to C only (with a warning). This was done after the attributes
are pushed, and the pop is done only #if defined(xxx_IF_PRESENT), so this
commit fixes that.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-06-09 11:29:50 +01:00
Gilles Peskine
95b43a04a9
Merge pull request #7651 from daverodgman/fix-armclang-compile-fail 
Fix armclang compile fail
 2023-06-08 14:36:18 +02:00
Kusumit Ghoderao
e5dd11164a Edit changelog 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-08 16:43:32 +05:30
Dave Rodgman
05d71ffe5b Merge remote-tracking branch 'origin/development' into sha3-updated 2023-06-07 18:02:04 +01:00
Dave Rodgman
cf4d2bdc09 Spell as SHA-3 not SHA3 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 17:08:09 +01:00
Gilles Peskine
d598eaf212
Merge pull request #7106 from davidhorstmann-arm/parse-oid-from-string 
Parse an OID from a string
 2023-06-06 20:57:17 +02:00
Przemek Stekiel
da4fba64b8 Further code optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel
316c19ef93 Adapt guards, dependencies + optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel
f0d5df0c88 Add changelog entry (FFDH in TLS 1.3) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Kusumit Ghoderao
354434c466 Add changelog entry 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-06 15:05:47 +05:30
Gilles Peskine
5c3d6e277c
Merge pull request #7575 from AndrzejKurek/URI-SAN-verification 
Add partial support for URI SubjectAltNames verification
 2023-06-05 16:46:47 +02:00
Gilles Peskine
84b547b5ee
Merge pull request #7400 from AndrzejKurek/cert-write-sans 
Add a possibility to generate certificates with a Subject Alternative Name
 2023-06-05 15:38:38 +02:00
Dave Rodgman
4db4d6b9b0 Improve changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
 2023-06-04 20:41:24 -04:00
Dave Rodgman
49bd1f2cb2 Fix spelling in Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
 2023-06-02 10:31:49 -04:00
Manuel Pégourié-Gonnard
0b68784053
Merge pull request #7577 from mprse/ffdh_drivers 
FFDH 3b: add driver testing (no TLS 1.3)
 2023-06-01 10:26:08 +02:00
David Horstmann
57b5d22a9e Reword ChangeLog entry for consistency 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-05-31 14:36:41 +01:00
Robin Kastberg
925c9b826d
Create bugfix_iar_typo.txt 
Changelog entry

Signed-off-by: Robin Kastberg <robin.kastberg@iar.com>
 2023-05-26 16:06:44 +02:00
Dave Rodgman
1ae50aebb9 Update Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-25 09:46:34 +01:00
Dave Rodgman
a1f51c213c Fix Changelog formatting 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-24 13:02:18 +01:00
Dave Rodgman
a55e12c525 Add Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-24 12:15:26 +01:00
Dave Rodgman
b19b63a639 Changelog update 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-22 19:56:03 +01:00
Dave Rodgman
0805ad10b2 XOR perf improvements 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-19 11:48:10 +01:00
Andrzej Kurek
1bc7df2540 Add documentation and a changelog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-17 15:23:56 -04:00
Tom Cosgrove
6d62faca8e Only include psa_pake_setup() and friends if some PAKE algorithms are required 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-05-12 12:36:24 +01:00
Przemek Stekiel
ea52e1a43f Add changelog entry (FFDH driver dispatch) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-05-11 12:23:12 +02:00
Andrzej Kurek
199eab97e7 Add partial support for URI SubjectAltNames 
Only exact matching without normalization is supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-10 09:57:19 -04:00
Yanray Wang
463351d824 ChangeLog: remove issue number as this is a new feature 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-05-10 18:10:03 +08:00
Yanray Wang
a30c72fc44 rewrite ChangeLog 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-05-10 10:13:39 +08:00
Gilles Peskine
97edeb4fb8
Merge pull request #6866 from mprse/extract-key-ids 
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
 2023-05-08 20:38:29 +02:00
Pol Henarejos
d06c6fc45b
Merge branch 'development' into sha3 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-05-05 16:01:18 +02:00
Yanray Wang
d9bf370fbe add ChangeLog entry 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-05-05 16:28:35 +08:00
Jethro Beekman
0167244be4 Read and write X25519 and X448 private keys 
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
Co-authored-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
Signed-off-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
 2023-05-04 13:01:47 +02:00
Gilles Peskine
d3ca5e5897
Merge pull request #7328 from mprse/ec-jpake-fix1 
Fix the JPAKE driver interface for user+peer
 2023-05-02 20:42:25 +02:00
Gilles Peskine
672a771227 Fix a build error when MBEDTLS_PSA_INJECT_ENTROPY is enabled 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-28 21:00:28 +02:00
Gilles Peskine
53a9ac576d
Merge pull request #7443 from mprse/psa_init_in_programs 
Init PSA in ssl and x509 programs
 2023-04-28 12:49:11 +02:00
JonathanWitthoeft
2a878a85a6
Adjust ChangeLog 
Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
 2023-04-26 19:00:46 -05:00
JonathanWitthoeft
9b265180cc
Make mbedtls_ecdsa_can_do definition unconditional 
Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
 2023-04-26 16:09:28 -05:00
David Horstmann
b6ff8a2c4b Add ChangeLog entry for string-to-OID parsing 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-04-26 12:10:36 +01:00
Przemek Stekiel
6cec5e9d9e Add changelog entry (PSA initialization in sample programs) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-24 08:03:30 +02:00
Gilles Peskine
935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip 
x509 SAN IP parsing
 2023-04-21 22:00:58 +02:00
Ronald Cron
f54762e498
Merge pull request #7415 from Harshal5/fix/declaration_of_mbedtls_ecdsa_sign_det_restartable_function 
ecdsa: fix `-missing-prototypes` warning when `MBEDTLS_ECDSA_SIGN_ALT` is defined
 2023-04-17 15:41:25 +02:00
harshal.patil
8c77644906 ecdsa: fix -missing-prototypes warning when MBEDTLS_ECDSA_SIGN_ALT is defined 
- In `mbedtls/v3.4.0`, ECDSA restartable sign and verify functions (`ecdsa.c`) were made public.
- But the `mbedtls_ecdsa_sign_det_restartable` function prototype was declared in the file `ecdsa.h`,
  only when `MBEDTLS_ECDSA_SIGN_ALT` is not defined.

Signed-off-by: harshal.patil <harshal.patil@espressif.com>
 2023-04-17 12:53:00 +05:30
Eugene K
3208b0b391 add IP SAN tests changes per mbedTLS standards 
Signed-off-by: Eugene K <eugene.kobyakov@netfoundry.io>
 2023-04-11 08:29:42 -04:00
Gilles Peskine
7c1c7ce90e
Merge pull request #7401 from AndrzejKurek/md-guards-missing 
Add missing md.h includes
 2023-04-11 09:32:17 +02:00
Ronald Cron
4d31496294 Update TLS 1.3 documentation and add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Andrzej Kurek
468a99ed0b Add a changelog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-06 03:04:15 -04:00
toth92g
d96027acd2 Correcting documentation issues: 
- Changelog entry is Feature instead of API Change
- Correcting whitespaces around braces
- Also adding defensive mechanism to x509_get_subject_key_id
  to avoid malfunction in case of trailing garbage

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
toth92g
27f9e7815c Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields 
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
Manuel Pégourié-Gonnard
86d5d4bf31
Merge pull request #7103 from valeriosetti/issue6622 
Some MAX_SIZE macros are too small when PSA ECC is accelerated
 2023-04-03 16:23:27 +02:00
Valerio Setti
3a3a756431 adding missing newline at the end of changelog file 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-03 10:55:29 +02:00
Valerio Setti
0a7ff791a6 add Changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-03 09:18:41 +02:00
Dave Rodgman
b8f5ba826b
Merge pull request #6891 from yuhaoth/pr/add-milliseconds-platform-function 
Add milliseconds platform time function
 2023-03-31 11:47:37 +01:00
Andrzej Kurek
9fa1d25aeb Add changelog entry for directoryname SAN 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-29 11:38:47 -04:00
Paul Elliott
d01a3bca05 Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback 
Mbed TLS 3.4.0
 2023-03-27 18:09:49 +01:00
Manuel Pégourié-Gonnard
a71594538f Add a ChangeLog entry for driver-only hashes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:44:59 +01:00
Przemek Stekiel
ebfeb172ee Add change log entry (j-pake user/peer accept any values) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-23 13:37:18 +01:00