mbedtls

Author	SHA1	Message	Date
Paul Elliott	20362cd1ca	Bump library and so versions for 3.2.0 release Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 13:56:01 +01:00
Paul Elliott	2238eed2d9	Update Changelog for 3.2.0 release Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 13:55:59 +01:00
Paul Elliott	2089fd0ea9	Rename Changelog entries that don't have .txt extension Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 13:52:54 +01:00
Paul Elliott	237c87ba0e	Add missing Changelog entries Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 13:52:28 +01:00
Paul Elliott	f518f81d41	Ensure return for mbedtls_ssl_write_alpn_ext() is checked Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 12:37:47 +01:00
Paul Elliott	9a8d78419f	Fixup test tls13_server_certificate_msg_invalid_vector_len The parameters for init_handshake_options had changed on the development branch after this test was created, so fixing up this test in order to correct build failures after merge. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 11:34:14 +01:00
Paul Elliott	20ccd6e8bb	Merge remote-tracking branch 'origin/development' into mbedtls-3.2.0rc2-pr Merge missing commits from development into release	2022-07-11 11:29:32 +01:00
Ronald Cron	ce7d76e2ee	Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr	2022-07-11 10:22:37 +02:00
Paul Elliott	a343d34f0d	Merge pull request #6077 from paul-elliott-arm/fix_generate_debug_helpers_pylint Fix formatting of generate_ssl_debug_helpers.py	2022-07-08 22:28:41 +01:00
Paul Elliott	4a49651860	Fix formatting of generate_ssl_debug_helpers.py Satisfy pylint formatting errors Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-08 20:45:39 +01:00
Dave Rodgman	391e33ac93	Merge pull request #6076 from paul-elliott-arm/fix_generate_debug_helpers Fix generation of ssl_debug_helpers	2022-07-08 17:55:51 +01:00
Paul Elliott	fe9d43c21d	Fix generation of ssl_debug_helpers File was being generated with tabs rather than spaces which breaks release builds Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-08 17:27:25 +01:00
Paul Elliott	6e80e09bd1	Merge pull request #5915 from AndrzejKurek/cid-resumption-clash Fix DTLS 1.2 session resumption	2022-07-06 15:03:36 +01:00
Andrzej Kurek	1ce9ca0630	Changelog rewording Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-06 06:50:30 -04:00
Andrzej Kurek	21b50808cd	Clarify the need for calling mbedtls_ssl_derive_keys after extension parsing Use a more straightforward condition to note that session resumption is happening. Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-06 03:26:55 -04:00
Paul Elliott	826762e315	Merge pull request #5765 from leorosen/fix-some-resource-leaks Fix resource leaks	2022-07-05 23:12:02 +01:00
Andrzej Kurek	3a29e9cf57	Improve changelog wording Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-05 10:49:10 -04:00
Dave Rodgman	c6a4a1cc13	Merge pull request #6011 from gabor-mezei-arm/coverity_22_07_01 Fix uninitialised memory access in test	2022-07-05 13:59:34 +01:00
Andrzej Kurek	ddb8cd601d	test_suite_ssl: Fix handshake options cleanup Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 16:07:28 -04:00
Manuel Pégourié-Gonnard	0358597589	Merge pull request #5757 from mpg/update-doc-use-psa Update "use PSA" documentation (inc. strategy)	2022-07-04 17:59:00 +02:00
Andrzej Kurek	9dc4402afa	test_suite_ssl: zeroize the cache pointer in case if the struct memory gets reused Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:40:15 -04:00
Andrzej Kurek	1e085686ec	test_suite_ssl: remove unnecessary user data checks Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:40:09 -04:00
Andrzej Kurek	3d0d501517	test_suite_ssl: prefer ASSERT_ALLOC over malloc Fix formatting for option initialization Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:39:34 -04:00
Andrzej Kurek	2e1a232261	Fix changelog wording Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:21:59 -04:00
Andrzej Kurek	92d7417d89	Formatting fixes Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:21:59 -04:00
Andrzej Kurek	e11acb2c9b	test_suite_ssl: add proper cache cleanup Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:21:59 -04:00
Andrzej Kurek	e8ad0d7d42	Disable bad session id length test in TLS 1.3 Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:21:59 -04:00
Andrzej Kurek	456a109edb	test_suite_ssl: add required dependencies for default handshake parameters Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:21:59 -04:00
Andrzej Kurek	6e518ab086	test_suite_ssl: add missing options cleanup Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:21:59 -04:00
Andrzej Kurek	ed58b50ea6	test_suite_ssl: add missing MBEDTLS_SSL_SERVER_C dependency Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:21:59 -04:00
Andrzej Kurek	626a931bb9	test_suite_ssl: Add missing arguments in endpoint initialization Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:21:59 -04:00
Andrzej Kurek	9abad0c5ef	Improve the changelog message to contain more details Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:18:29 -04:00
Andrzej Kurek	514683abdc	Add a test with a bad session_id_len that makes cache setting fail Force a bad session_id_len before handshake wrapup. This should result in a forced jump to a clean up of a serialized session. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:18:29 -04:00
Andrzej Kurek	780dc18f74	Refactor test_suite_ssl tests to enable cache setting Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:18:28 -04:00
Paul Elliott	b7aba1a584	Improve Changelog Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-04 06:49:26 -04:00
Paul Elliott	072d2b094d	Add pem_free() to other error paths in pk_parse_public_key() Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-04 06:49:26 -04:00
Leonid Rozenboim	56e01f37a8	Created customary ChangeLog.d entry. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-07-04 06:49:26 -04:00
Leonid Rozenboim	116f50cd96	Fix resource leaks These potential leaks were flagged by the Coverity static analyzer. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-07-04 06:49:26 -04:00
Manuel Pégourié-Gonnard	b5b27c1114	Misc clean-ups in docs/use-psa-crypto.md Note: limitations of opaque PSKs changed from "TLS 1.2 only" to "none" since TLS 1.3 does not support PSK at all so far, and it is expected to support opaque PSKs as soon as it gains PSK support, it will be just a matter of selecting between psa_key_derivation_input_bytes() and psa_key_derivation_input_key() - and testing obviously. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard	465341f438	Add ChangeLog entries for general Use PSA improvements Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard	2dc436d6e7	Tune description of PSA crypto implementation Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard	0dba51cfad	Fix list of what's common to TLS 1.2 and 1.3 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard	9bf9b9e269	Link to restartable ECC EPIC Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard	cbc03f5377	Update README about USE_PSA_CRYPTO Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard	f3f79a00fc	Now compatible with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER Also make a few general clarifications/improvements while at it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard	3e83098e01	Clarify the TLS 1.3 situation Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:44:32 +02:00
Manuel Pégourié-Gonnard	103b9929d1	Remove HKDF-Extract/Expand Being resolved in https://github.com/Mbed-TLS/mbedtls/issues/5784 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard	b2bd34ecdc	Update docs/use-psa-crypto.md The scope of the option has been expanded, now it makes more sense to describe it as "everything except ...". Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard	ff43ff6e78	Remove stability waiver from USE_PSA It was initially motivated by the fact that the PSA Crypto APIs themselves were not stable. In the meantime, PSA Crypto has reached 1.0.0 so this no longer applies. If we want user to be able to fully benefit from PSA in order to isolate long-term secrets, they need to be able to use the new APIs with confidence. There is no reason to think those APIs are any more likely to change than any of our other APIs, and if they do, we'll follow the normal process (deprecated in favour of a new variant). For reference, the APIs in question are: mbedtls_pk_setup_opaque() // to use PSA-held ECDSA/RSA keys in TLS mbedtls_ssl_conf_psk_opaque() // for PSA-held PSKs in TLS mbedtls_ssl_set_hs_psk_opaque() // for PSA-held PSKs in TLS mbedtls_cipher_setup_psa() (deprecated in 3.2) mbedtls_pk_wrap_as_opaque() (documented internal, to be removed in 3.2) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard	97ec0b7bfa	Clarify effect of USE_PSA on TLS 1.3 The previous wording was wrong, there are parts that are affected. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:38:43 +02:00

1 2 3 4 5 ...

20535 commits