mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-30 10:45:34 +03:00

Author	SHA1	Message	Date
Gilles Peskine	39c227207c	The fully static key store will miss the 3.6.1 release Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-08-14 11:40:55 +02:00
Gilles Peskine	fc1b6f54a3	Mention the option name for the dynamic key store Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-08-14 11:40:20 +02:00
Gilles Peskine	fd01bec6b6	Miscellaneous clarifications Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-07-31 15:37:46 +02:00
Gilles Peskine	f13fdf8a80	Expand on performance Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-07-31 15:37:39 +02:00
Gilles Peskine	1a0107bf1b	Discuss why we have so many variants Explain that the hybrid key store is the historical implementation and neither alternative is a drop-in replacement. Discuss how we could potentially reduce the number of variants after the next major release. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-07-31 15:36:13 +02:00
Gilles Peskine	dbd726bb45	Link to issue about freeing empty slices Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-07-31 00:21:42 +02:00
Gilles Peskine	ac6b61077a	Improve and fix explanation of next_free In particular, fix an off-by-one error right after I explain how the number is off by one from what you'd expect. State explicitly that the number can be negative. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-07-31 00:12:46 +02:00
Gilles Peskine	7d8ababd0c	Update macro name about the static key store Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-07-31 00:12:30 +02:00
Gilles Peskine	47f3fcd0f3	Typos and minor clarifications Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-07-31 00:12:21 +02:00
Gilles Peskine	c7d9b2b586	psa_open_key does not lock the key in memory Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-06-24 18:31:37 +02:00
Gilles Peskine	3343e78655	Document the key store design Include the proposed dynamic and fully-static key stores that are currently proposed in https://github.com/Mbed-TLS/mbedtls/pull/9240 and https://github.com/Mbed-TLS/mbedtls/pull/9302 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-06-24 16:59:45 +02:00
David Horstmann	ea09152be9	Update file paths for moved files Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-05-31 15:51:41 +01:00
David Horstmann	9638ca389b	Update references to mbedtls_dev Change these to point to the new mbedtls_framework module in the framework submodule. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-05-13 14:44:37 +01:00
Minos Galanakis	b70f0fd9a9	Merge branch 'development' into 'development-restricted' Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-19 22:24:40 +00:00
David Horstmann	3147034457	Mention MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS Explain this option and the way it relates to the copying macros. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 15:59:03 +00:00
David Horstmann	0ea8071bda	Remove 'Question' line around testing This question has been resolved, as we know that we can test transparently. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 15:51:03 +00:00
David Horstmann	4d01066311	Mention metatest.c Add a note that validation of validation was implemented in metatest.c and explain briefly what that program is for. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 15:02:08 +00:00
David Horstmann	872ee6ece0	Mention MBEDTLS_TEST_MEMORY_CAN_POISON The configuration of memory poisoning is now performed via compile-time detection setting MBEDTLS_MEMORY_CAN_POISON. Update the design to take account of this. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 15:00:08 +00:00
David Horstmann	12b35bf3c2	Discuss test wrappers and updating them Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 14:48:52 +00:00
David Horstmann	5ea99af0f2	Add discussion of copying conveience macros Namely LOCAL_INPUT_DECLARE() and friends Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 14:12:12 +00:00
David Horstmann	1c3b227065	Abstractify example in design exploration Since this is just an example, remove specific-sounding references to mbedtls_psa_core_poison_memory() and replace with more abstract and generic-sounding memory_poison_hook() and memory_unpoison_hook(). Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 13:37:59 +00:00
David Horstmann	3f2dcdd142	Rename mbedtls_psa_core_poison_memory() The actual functions were called mbedtls_test_memory_poison() and mbedtls_test_memory_unpoison(). Update the design section to reflect this. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 13:32:57 +00:00
David Horstmann	331b2cfb31	Clarify design decision in light of actions We were successful in adding transparent memory-poisoning testing, so simplify to the real design decision we made. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-18 13:17:25 +00:00
Dave Rodgman	5ce1577629	Merge pull request #8928 from Ryan-Everett-arm/update-psa-thread-safety-docs Update psa-thread-safety.md to reflect version 3.6 changes	2024-03-18 12:06:39 +00:00
Ryan Everett	765b75f2f8	Update docs/architecture/psa-thread-safety/psa-thread-safety.md Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com> Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-18 10:20:43 +00:00
Ryan Everett	f266b51e3f	Respond to feedback on psa-thread-safety.md A few typo fixes, extrapolations and extra details. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-15 17:30:31 +00:00
Ryan Everett	c408ef463c	Update slot transition diagram Adds missing transition and italicises internal functions Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-15 17:29:46 +00:00
Ronald Cron	a9bdc8fbb8	Improve tls13-support.md Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-15 15:52:04 +01:00
Ronald Cron	b372b2e5bb	docs: Move TLS 1.3 early data doc to a dedicated file Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-15 10:41:52 +01:00
Ronald Cron	d76a2d8b98	tls13-support.md: Stop referring to the prototype Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-15 10:41:52 +01:00
Ronald Cron	1b606d8835	tls13-support.md: Early data supported now Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-15 10:41:52 +01:00
Ronald Cron	124ed8a775	tls13-support.md: Some fixes Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-15 10:41:52 +01:00
David Horstmann	24c269fd4a	Rewrite section on PSA copy functions The finally implemented functions were significantly different from the initial design idea, so update the document accordingly. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-14 18:03:35 +00:00
Ryan Everett	d4d6a7a20d	Rework and update psa-thread-safety.md I have restructured this file, and updated it to reflect changes in design/designs now being implemented. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-14 15:22:06 +00:00
Ryan Everett	c9515600fd	Fix state transition diagram This now represents the implemented model Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-14 13:22:05 +00:00
David Horstmann	93fa4e1b87	Merge branch 'development' into buffer-sharing-merge	2024-03-12 15:05:06 +00:00
Gilles Peskine	3f557ad59c	Wording improvement Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-07 11:22:16 +01:00
Gilles Peskine	30a303f1a8	ECDSA signature conversion: put bits first Metadata, then inputs, then outputs. https://github.com/Mbed-TLS/mbedtls/pull/8703#discussion_r1474697136 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-06 19:45:11 +01:00
Manuel Pégourié-Gonnard	f1562a7217	Merge pull request #8657 from gilles-peskine-arm/pk-psa-bridge-design PK-PSA bridge design document	2024-01-31 09:51:43 +00:00
Gilles Peskine	36dee75368	Update ECDSA signature conversion based on experimentation Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-30 16:15:17 +01:00
Dave Rodgman	047c724c22	Merge remote-tracking branch 'restricted/development-restricted' into update-development-r Conflicts: programs/Makefile tests/scripts/check-generated-files.sh	2024-01-26 12:42:51 +00:00
Gilles Peskine	dd77343381	Open question for ECDSA signature that can be resolved during implementation Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-17 14:33:32 +01:00
Gilles Peskine	d5b04a0c63	Add a usage parameter to mbedtls_pk_get_psa_attributes Let the user specify whether to use the key as a sign/verify key, an encrypt/decrypt key or a key agreement key. Also let the user indicate if they just want the public part when the input is a key pair. Based on a discussion in https://github.com/Mbed-TLS/mbedtls/pull/8682#discussion_r1444936480 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-17 14:31:57 +01:00
Gilles Peskine	702d9f65f6	Resolve several open questions as nothing special to do Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-17 12:58:25 +01:00
Gilles Peskine	42a025dc9c	Reference filed issues All PK-related actions are now covered. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-17 12:35:31 +01:00
Gilles Peskine	5a64c42693	Reference ongoing work Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-17 10:09:16 +01:00
Gilles Peskine	89ca6c7e72	typo Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-17 10:08:56 +01:00
Gilles Peskine	32294044e1	Generalize mbedtls_pk_setup_opaque beyond MBEDTLS_USE_PSA_CRYPTO It's useful in applications that want to use some PSA opaque keys regardless of whether all pk operations go through PSA. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-17 10:07:55 +01:00
Manuel Pégourié-Gonnard	0f45a1aec5	Fix typos / improve syntax Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-01-10 09:43:30 +01:00
Manuel Pégourié-Gonnard	60c9eee267	Improve wording & fix typos Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-01-09 10:09:17 +01:00

1 2 3 4 5 ...

405 Commits