mbedtls

Author	SHA1	Message	Date
Manuel Pégourié-Gonnard	a6c601c079	Explain compile-time incompatibilities Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	7497991356	Expand discussion of goals Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	e459be2ed1	Complete discussion of RSASSA-PSS Update to latest draft of PSA Crypto 1.1.0: back to strict verification by default, but ANY_SALT introduced. Commands used to observe default values of saltlen: openssl genpkey -algorithm rsa-pss -out o.key openssl req -x509 -new -key o.key -subj "/CN=CA" -sha256 -out o.crt certtool --generate-privkey --key-type rsa-pss --outfile g.key certtool --generate-self-signed --load-privkey g.key --outfile g.crt Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	f5ee4b3da4	Add data about RSA-PSS test files Data gathered with: for c in server9.crt; do echo $c; openssl x509 -noout -text -in $c \| grep '^ Signature Algorithm: rsassaPss' -A3 \| sed '1d'; done for c in crl-rsa-pss-; do echo $c; openssl crl -noout -text -in $c \| grep '^ Signature Algorithm: rsassaPss' -A3 \| sed '1d'; done for c in server9.req.*; do echo $c; openssl req -noout -text -in $c \| grep '^ Signature Algorithm: rsassaPss' -A3 \| sed '1d'; done Unfortunately there is no record of how these files have been generated. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	b902164cf0	Add temporary list of tasks for G1 and G2 Work in progress, some tasks have very explicit definitions and details on how to execute, others much less so; some may need splitting. These documents are temporary anyway, to give a rough idea of the work remaining to reach those goals (both of which we started, but only for some use case so far). Ultimately the result will be actionable and estimated tasks on github. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	d9edd56bf8	Document PSA limitations that could be problems (WIP: the study of RSA-PSS is incomplete.) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	b89fd95146	Document the general strategy for PSA migration Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	1b52d09494	Document test strategy for USE_PSA_CRYPTO Note: removed `mbedtls_x509write_crt_set_subject_key()` from the list of things that should be tested, as it's taking public key rather than a keypair. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard	0d0a104b2d	Add study for TLS/X.509 dependencies on crypto This is an updated version of the study that was done a few years ago. The script `syms` was used to list symbols form libmbedtls.a / libmbedx509.a that are defined externally. It was run with config.py full minus MBEDTLS_USE_PSA_CRYPTO minus MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-18 09:13:00 +01:00
Archana	21b20c72d3	Add Changelog and update documentation Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-19 10:35:15 +05:30
Archana	c08248d650	Rename the template file from .conf to .jinja Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-19 10:35:15 +05:30
Archana	a8939b6da3	Restructure scripts' folder alignment Moved python script generate_driver_wrappers.py under scripts and corresponding template file under script/data_files. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-18 12:57:15 +05:30
Archana	1f1a34a226	Rev 1.0 of Driver Wrappers code gen The psa_crypto_driver_wrappers.c is merely rendered with no real templating in version 1.0. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-18 12:22:06 +05:30
Ronald Cron	b1822efe22	docs: TLS 1.3: Improve wording Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 14:28:13 +01:00
Ronald Cron	7aa6fc1992	docs: TLS 1.3: Update prototype upstreaming status Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:22:21 +01:00
Ronald Cron	653d5bc781	docs: TLS 1.3: Swap prototype upstreaming status and MVP definition Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:22:21 +01:00
Ronald Cron	43ffc9d659	docs: TLS 1.3: Update TLS 1.3 documentation file name Update TLS 1.3 documentation file name and its overview section. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:22:21 +01:00
Ronald Cron	0abf07ca2c	Make PSA crypto mandatory for TLS 1.3 As we want to move to PSA for cryptographic operations let's mandate PSA crypto from the start. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:22:21 +01:00
Dave Rodgman	d7c091060f	Merge pull request #5242 from paul-elliott-arm/explain_TLS13_decision TLS1.3: Edit docs to explain not changing curve order.	2021-12-07 11:01:04 +00:00
Paul Elliott	cce0f5a085	Fix typo Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-03 16:13:30 +00:00
Paul Elliott	c0d335bc1e	Second draft of explanation Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-02 16:38:05 +00:00
Paul Elliott	fe08944246	Fix spelling error Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-11-30 10:55:53 +00:00
Paul Elliott	89c8e098ee	Convert tabs to spaces Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-11-30 10:54:52 +00:00
Paul Elliott	66491c7d08	Edit docs to explain not changing curve order TLS1.3 MVP would benefit from a different curve group preference order in order to not cause a HelloRetryRequest (which are not yet handled), however changing the curve group preference order would affect both TLS1.2 and TLS1.3, which is undesirable for something rare that can be worked around. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-11-29 10:39:44 +00:00
Xiaofei Bai	746f9481ea	Fix 1_3/13 usages in macros and function names Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:08:36 +00:00
Andrzej Kurek	e3ed82473a	Fix duplicate variable name in getting_started.md Rename the key id variables to not clash with the raw key data. This was introduced in `cf56a0a3`. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2021-11-19 13:40:20 +01:00
Manuel Pégourié-Gonnard	9a7cf9a196	Merge pull request #5045 from gilles-peskine-arm/rm-PSACryptoDriverModelSpec-development Remove the old driver model specification draft	2021-10-29 09:36:15 +02:00
Dave Rodgman	c8aaac89d0	Fix naming examples in TLS 1.3 style guide Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-10-18 13:00:51 +01:00
Gilles Peskine	4086159910	Remove obsolete specification draft See https://armmbed.github.io/mbed-crypto/psa/#hardware-abstraction-layer instead. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-07 19:14:01 +02:00
Manuel Pégourié-Gonnard	0729885c2b	Merge pull request #4963 from ronald-cron-arm/tls13-mvp Define TLS 1.3 MVP and document coding rules	2021-09-29 10:32:49 +02:00
Ronald Cron	7fc96c1a57	Fix test description Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-28 16:29:04 +02:00
Ronald Cron	fb877215b5	Fix supported signature documentation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-28 16:29:04 +02:00
Ronald Cron	8ee9ed6785	Fix and improve the documentation of supported groups Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-28 16:28:58 +02:00
Ronald Cron	f164b6a7ff	Add an overview section Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:48:09 +02:00
Ronald Cron	847c3580b8	Expend coding rules Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:48:09 +02:00
Ronald Cron	3e7c4036b4	Miscellaneous improvements Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:48:09 +02:00
Ronald Cron	fecda8ddb4	Improve the description of common macros usage Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:48:02 +02:00
Ronald Cron	99733f0511	Amend vector variables Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:39:37 +02:00
Ronald Cron	b194466e99	Amend TLS 1.3 prefix Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:39:37 +02:00
Ronald Cron	72064b30cf	Fix usage of backticks Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:39:37 +02:00
Ronald Cron	660c723b09	Add paragraph about expected quality Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:39:37 +02:00
Ronald Cron	7a7032a4ba	Remove out of MVP scope items Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:39:37 +02:00
Ronald Cron	c3b510f096	Amend supported groups and signatures based on spec 9.1 section Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:39:37 +02:00
Ronald Cron	3160d70049	Add comments about key_share and supported_versions support Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 15:39:29 +02:00
Ronald Cron	85e51083d8	Add support for server_name extension Section 9.2 of the specification defines server_name extension as mandatory if not specified otherwise by an application profile. Thus add its support to the MVP scope. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 13:42:39 +02:00
Ronald Cron	004df8ad5f	Improve comment about handshake failure with HRR and CertificateRequest Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 13:42:39 +02:00
Ronald Cron	1fa5088c0b	Improve comment about PSK TLS 1.3 configuration options Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 13:42:27 +02:00
Ronald Cron	023987feef	Use GitHub table format Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 12:05:28 +02:00
Ronald Cron	def52c36e5	Remove obscure comment about TLS 1.3 renegotiation config option Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-27 12:03:55 +02:00
Manuel Pégourié-Gonnard	13841cb719	Mention areas that are not (well) tested. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-24 11:43:14 +02:00
Manuel Pégourié-Gonnard	9155b0e396	Clarify that 1.3 is excluded Don't mention "TLS 1.2 only" for PSK, as that could give the impression that the other things about TLS are supported beyond 1.2, which isn't the case currently. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-24 10:17:07 +02:00
Manuel Pégourié-Gonnard	ca9101739a	Improve wording and fix some typos. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-24 10:14:32 +02:00
Manuel Pégourié-Gonnard	d3ac4a9a8a	Clarify wording of "not covered" section The section is about things that are not covered, but some lists are about things that are covered, which was very confusing. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-24 10:06:04 +02:00
Manuel Pégourié-Gonnard	1e07869381	Fix inaccuracy in key exchange summary Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-22 10:11:53 +02:00
Ronald Cron	3785c907c7	Define TLS 1.3 MVP and document coding rules Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-21 16:16:56 +02:00
Manuel Pégourié-Gonnard	73a0e1da0d	Document parts not covered by USE_PSA_CRYPTO Also, remove the section about design considerations for now. It's probably more suitable for a developer-oriented document that would also include considerations about possible paths for the future, which would better be separated from user documentation (separating the certain that is now, from the uncertain that might or might not be later). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-21 13:55:00 +02:00
Manuel Pégourié-Gonnard	1b08c5f042	Document current effects of USE_PSA_CRYPTO Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-21 12:59:26 +02:00
Manuel Pégourié-Gonnard	13b0bebf7d	Add docs/use-psa-crypto.md Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-21 12:59:25 +02:00
Gilles Peskine	8ec3c8f015	Do not require test data to be in the repository What matters is that we validate that test data is not removed. Keeping the test data is the most obvious way, but not the only way. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-07-15 16:22:14 +02:00
Gilles Peskine	b91f81a55b	Discuss lifetimes, in particular persistence levels Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-07-15 16:22:14 +02:00
Gilles Peskine	77f8e5cb59	Add considerations on key material representations Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-07-15 16:22:14 +02:00
Gilles Peskine	d131e400f0	Clarification: forward and backward compatibility The import-and-save and load-and-check parts of the tests don't have to be actually the same test cases. Introduce the terms “forward compatibility” and “backward compatibility” and relate them to import-and-save and load-and-check actions. These are clarifications of intent that do not represent an intended change in the strategy or intended coverage. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-07-15 16:22:14 +02:00
Gilles Peskine	f31c6c111e	Typo Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-07-15 16:22:14 +02:00
Dave Rodgman	8e5020dead	Remove obsolete reference to _ret in migration guide Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-07-02 12:16:03 +01:00
Dave Rodgman	7b743193b0	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 20:10:10 +01:00
Dave Rodgman	9637bd30a3	Move subsections Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 20:07:57 +01:00
Dave Rodgman	b0e6bb54f9	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 20:03:55 +01:00
Dave Rodgman	26c12eb523	Remove C from code block Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:58:00 +01:00
Dave Rodgman	10963278e7	Mark all code blocks as C Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	a014831732	Add missing backticks Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	7d2ac88f93	Correct hyperlink Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	2482650483	Correct hyperlink Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	2b03457ca5	Improve wording Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	b4d15b1556	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	8128b69ffe	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	715966862d	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	507827e75a	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	68547187f6	Move subsections Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	897a95f46c	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	3f66943bdd	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	2d05e0f440	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	aa1fba2fed	Move subsection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	7018053460	Reorder subsections Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	28701c63cb	Fix grammatical error Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	ce53b3afd6	Remove reference to removed item Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:13:24 +01:00
Dave Rodgman	9d3417845c	Add backticks where needed Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 19:12:32 +01:00
Dave Rodgman	2e1e623d33	Correct hyperlink syntax Co-authored-by: Tomasz Rodziewicz <40165497+TRodziewicz@users.noreply.github.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 17:58:10 +01:00
Dave Rodgman	6753a775b8	Fix grammatical error Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 17:15:28 +01:00
Dave Rodgman	26ad6c7ea7	Fix typo Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 17:14:01 +01:00
Dave Rodgman	8d91ceb19d	Remove empty 3.0-migration-guide.d This is now captured in 3.0-migration-guide.md Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 16:56:59 +01:00
Dave Rodgman	92170cc3e1	Add general cross-reference for low/high-level crypto Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 14:53:23 +01:00
Dave Rodgman	c936bbb15a	Make blank lines before sections consistent Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 14:53:23 +01:00
Dave Rodgman	b1c6b4a7a5	Add cross-reference Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 14:53:16 +01:00
Dave Rodgman	a3758208ae	Move sub-sections to more appropriate places Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 14:17:03 +01:00
Dave Rodgman	4ea5643046	Change some section names Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 14:16:22 +01:00
Dave Rodgman	d462ca1f72	Fix typos Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 11:26:08 +01:00
Dave Rodgman	a54c16805e	Improve wording relating to removal of MBEDTLS_ERR_SSL_BAD_HS_XXX Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 11:11:07 +01:00
Dave Rodgman	a5a3cce49b	Add link between sections Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 11:06:58 +01:00
Gilles Peskine	a481052407	Add migration guide and changelog entry for MBEDTLS_PRIVATE We forgot those in #4511. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-30 11:06:40 +01:00
Dave Rodgman	e4ec84631b	Fix typos Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:52:40 +01:00
Dave Rodgman	b491b2b051	Add SSL error code updates from #4724 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:49:30 +01:00
Dave Rodgman	7078973b7b	Improve wording Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	4a5d3c08c6	Fix typo Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	30dc603958	Reorder sections Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	d8a1017abf	add section headings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	36bb5ff6e3	minor updates Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	d267ec361d	Add formatting codes to level 3 headings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	a0e8db09ac	Change headings to level 3 to enable use of sections Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	949c21b336	Minor updates to migration guide Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	1cb2331495	Remove line that got into the wrong place Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	7b0c4dea59	Fix missing part of sentence Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	759c0109f2	Fix errors in migration guide Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	1aea40427f	Add a very short summary Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	e45e6401af	Re-order to put some more significant items at the top Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:34:02 +01:00
Dave Rodgman	8cccbe11df	Update the migration guide Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-30 09:33:59 +01:00
Dave Rodgman	dc1a3b2d70	Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0 Cleanup SSL error code space	2021-06-30 09:02:55 +01:00
Ronald Cron	8682faeb09	Merge pull request #4694 from gilles-peskine-arm/out_size-3.0 Add output size parameter to signature functions	2021-06-29 09:43:17 +02:00
Bence Szépkúti	9cd7065307	No other headers are included by mbedtls_config.h These have been moved to build_info.h. Update the documentation to reflect this. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 14:29:42 +01:00
Hanno Becker	2fc9a652bc	Address review feedback Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	2e3ecda684	Adust migration guide for SSL error codes Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Bence Szépkúti	dbf5d2b1a7	Improve the instructions in the migration guide Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 10:37:41 +01:00
Bence Szépkúti	1b2a8836c4	Correct documentation references to Mbed TLS Use the correct formatting of the product name in the documentation. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 10:37:19 +01:00
Bence Szépkúti	60c863411c	Remove references to MBEDTLS_USER_CONFIG_VERSION Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:48 +01:00
Bence Szépkúti	36da4ccc51	Update changelog and migration guide This reflect changes to the config version symbols. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:48 +01:00
Bence Szépkúti	8d9132f43c	Fix typo Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:48 +01:00
Bence Szépkúti	90b79ab342	Add migration guide and changelog Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:48 +01:00
Bence Szépkúti	dba968f59b	Realign Markdown table Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:47 +01:00
Bence Szépkúti	bb0cfeb2d4	Rename config.h to mbedtls_config.h This commit was generated using the following script: # ======================== #!/bin/sh git ls-files \| grep -v '^ChangeLog' \| xargs sed -b -E -i ' s/((check\|crypto\|full\|mbedtls\|query)_config)\.h/\1\nh/g s/config\.h/mbedtls_config.h/g y/\n/./ ' mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:33 +01:00
Gilles Peskine	f00f152444	Add output size parameter to signature functions The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(), mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable() now take an extra parameter indicating the size of the output buffer for the signature. No change to RSA because for RSA, the output size is trivial to calculate. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-25 00:46:22 +02:00
Gilles Peskine	fedd52ca19	Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation Require matching hashlen in RSA functions: implementation	2021-06-24 10:28:20 +02:00
Gilles Peskine	f06b92d724	Merge pull request #4567 from mstarzyk-mobica/gcm_ad Enable multiple calls to mbedtls_gcm_update_ad	2021-06-23 19:36:23 +02:00
Gilles Peskine	e9bc857327	Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export Implement modified key export API for Mbed TLS 3.0	2021-06-22 18:52:37 +02:00
Gilles Peskine	9dbbc297a3	PK signature function: require exact hash length Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-22 18:39:41 +02:00
Dave Rodgman	5ec5003992	Document the return type change in the migration guide Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-22 13:49:09 +01:00
Manuel Pégourié-Gonnard	e7885e5441	RSA: Require hashlen to match md_alg when applicable Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-22 12:29:27 +02:00
Manuel Pégourié-Gonnard	3e7ddb2bb6	Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0 Update the default hash and curve selection for X.509 and TLS	2021-06-22 12:08:37 +02:00
Manuel Pégourié-Gonnard	508d3a5824	Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext Remove truncated HMAC extension	2021-06-22 11:53:10 +02:00
Manuel Pégourié-Gonnard	a805d57261	Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA Remove MD2, MD4, RC4, Blowfish and XTEA	2021-06-22 09:27:41 +02:00
TRodziewicz	f41dc7cb35	Removal of RC4 certs and fixes to docs and tests Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-21 13:27:29 +02:00
Hanno Becker	7e6c178b6d	Make key export callback and context connection-specific Fixes #2188 Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Hanno Becker	d5c9cc7c90	Add migration guide for modified key export API Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard	9a32d45819	Merge pull request #4517 from hanno-arm/ticket_api_3_0 Implement 3.0-API for SSL session resumption	2021-06-18 18:34:45 +02:00
Manuel Pégourié-Gonnard	ae35830295	Merge pull request #4661 from mpg/make-blinding-mandatory Make blinding mandatory	2021-06-18 18:32:13 +02:00
Dave Rodgman	8c8166a7f1	Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test Move part of timing module out of the library	2021-06-18 16:35:58 +01:00
Thomas Daubney	ac84469dd1	Modifies Migration Guide entry Commit makes corrections to Migration Guide entry for this task. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-06-18 14:08:56 +01:00
Thomas Daubney	379227cc59	Modifies ChangeLog and Migration Guide Entries in ChangeLog and Migration guide files have been merged to cover both the removal of MBEDTLS_SSL_TRUNCATED_HMAC and MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-06-18 10:46:12 +01:00
Gilles Peskine	39957503c5	Remove secp256k1 from the default X.509 and TLS profiles For TLS, secp256k1 is deprecated by RFC 8422 §5.1.1. For X.509, secp256k1 is not deprecated, but it isn't used in practice, especially in the context of TLS where there isn't much point in having an X.509 certificate which most peers do not support. So remove it from the default profile. We can add it back later if there is demand. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 23:17:52 +02:00
Gilles Peskine	ec78bc47b5	Meld DEFAULT_ALLOW_SHA1_IN_CERTIFICATES removal migration guide Meld the migration guide for the removal of MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES into the migration guide for the strengthening of TLS and X.509 defaults, which is more general. The information in the SHA-1 section was largely already present in the strengthening section. It is now less straightforward to figure out how to enable SHA-1 in certificates, but that's a good thing, since no one should still be doing this in 2021. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:29 +02:00
Gilles Peskine	6b1f64a150	Wording clarifications Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:29 +02:00
Gilles Peskine	b1940a76ad	In TLS, order curves by resource usage, not size TLS used to prefer larger curves, under the idea that a larger curve has a higher security strength and is therefore harder to attack. However, brute force attacks are not a practical concern, so this was not particularly meaningful. If a curve is considered secure enough to be allowed, then we might as well use it. So order curves by resource usage. The exact definition of what this means is purposefully left open. It may include criteria such as performance and memory usage. Risk of side channels could be a factor as well, although it didn't affect the current choice. The current list happens to exactly correspond to the numbers reported by one run of the benchmark program for "full handshake/s" on my machine. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:29 +02:00

1 2 3 4 5 ...

559 commits