lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-12 08:21:54 +03:00
Code Activity
22,161 Commits 172 Branches 268 Tags
351e6885f55fd6354b57b51a5dbaadf3231aa7c8
Commit Graph

560 Commits

Author SHA1 Message Date
Dave Rodgman
e4ec84631b Fix typos 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:52:40 +01:00
Dave Rodgman
b491b2b051 Add SSL error code updates from #4724 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:49:30 +01:00
Dave Rodgman
7078973b7b Improve wording 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman
4a5d3c08c6 Fix typo 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman
30dc603958 Reorder sections 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman
d8a1017abf add section headings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman
36bb5ff6e3 minor updates 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman
d267ec361d Add formatting codes to level 3 headings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman
a0e8db09ac Change headings to level 3 to enable use of sections 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman
949c21b336 Minor updates to migration guide 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman
1cb2331495 Remove line that got into the wrong place 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman
7b0c4dea59 Fix missing part of sentence 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman
759c0109f2 Fix errors in migration guide 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman
1aea40427f Add a very short summary 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman
e45e6401af Re-order to put some more significant items at the top 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:34:02 +01:00
Dave Rodgman
8cccbe11df Update the migration guide 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 09:33:59 +01:00
Dave Rodgman
dc1a3b2d70 Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0 
Cleanup SSL error code space
 2021-06-30 09:02:55 +01:00
Ronald Cron
8682faeb09 Merge pull request #4694 from gilles-peskine-arm/out_size-3.0 
Add output size parameter to signature functions
 2021-06-29 09:43:17 +02:00
Bence Szépkúti
9cd7065307 No other headers are included by mbedtls_config.h 
These have been moved to build_info.h. Update the documentation to
reflect this.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 14:29:42 +01:00
Hanno Becker
2fc9a652bc Address review feedback 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
2e3ecda684 Adust migration guide for SSL error codes 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Bence Szépkúti
dbf5d2b1a7 Improve the instructions in the migration guide 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 10:37:41 +01:00
Bence Szépkúti
1b2a8836c4 Correct documentation references to Mbed TLS 
Use the correct formatting of the product name in the documentation.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 10:37:19 +01:00
Bence Szépkúti
60c863411c Remove references to MBEDTLS_USER_CONFIG_VERSION 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:48 +01:00
Bence Szépkúti
36da4ccc51 Update changelog and migration guide 
This reflect changes to the config version symbols.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:48 +01:00
Bence Szépkúti
8d9132f43c Fix typo 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:48 +01:00
Bence Szépkúti
90b79ab342 Add migration guide and changelog 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:48 +01:00
Bence Szépkúti
dba968f59b Realign Markdown table 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:47 +01:00
Bence Szépkúti
bb0cfeb2d4 Rename config.h to mbedtls_config.h 
This commit was generated using the following script:

# ========================
#!/bin/sh
git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i '
s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g
s/config\.h/mbedtls_config.h/g
y/\n/./
'
mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:28:33 +01:00
Gilles Peskine
f00f152444 Add output size parameter to signature functions 
The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable()
now take an extra parameter indicating the size of the output buffer for the
signature.

No change to RSA because for RSA, the output size is trivial to calculate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-25 00:46:22 +02:00
Gilles Peskine
fedd52ca19 Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation 
Require matching hashlen in RSA functions: implementation
 2021-06-24 10:28:20 +02:00
Gilles Peskine
f06b92d724 Merge pull request #4567 from mstarzyk-mobica/gcm_ad 
Enable multiple calls to mbedtls_gcm_update_ad
 2021-06-23 19:36:23 +02:00
Gilles Peskine
e9bc857327 Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export 
Implement modified key export API for Mbed TLS 3.0
 2021-06-22 18:52:37 +02:00
Gilles Peskine
9dbbc297a3 PK signature function: require exact hash length 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-22 18:39:41 +02:00
Dave Rodgman
5ec5003992 Document the return type change in the migration guide 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-22 13:49:09 +01:00
Manuel Pégourié-Gonnard
e7885e5441 RSA: Require hashlen to match md_alg when applicable 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-22 12:29:27 +02:00
Manuel Pégourié-Gonnard
3e7ddb2bb6 Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0 
Update the default hash and curve selection for X.509 and TLS
 2021-06-22 12:08:37 +02:00
Manuel Pégourié-Gonnard
508d3a5824 Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext 
Remove truncated HMAC extension
 2021-06-22 11:53:10 +02:00
Manuel Pégourié-Gonnard
a805d57261 Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA 
Remove MD2, MD4, RC4, Blowfish and XTEA
 2021-06-22 09:27:41 +02:00
TRodziewicz
f41dc7cb35 Removal of RC4 certs and fixes to docs and tests 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-21 13:27:29 +02:00
Hanno Becker
7e6c178b6d Make key export callback and context connection-specific 
Fixes #2188

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Hanno Becker
d5c9cc7c90 Add migration guide for modified key export API 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard
9a32d45819 Merge pull request #4517 from hanno-arm/ticket_api_3_0 
Implement 3.0-API for SSL session resumption
 2021-06-18 18:34:45 +02:00
Manuel Pégourié-Gonnard
ae35830295 Merge pull request #4661 from mpg/make-blinding-mandatory 
Make blinding mandatory
 2021-06-18 18:32:13 +02:00
Dave Rodgman
8c8166a7f1 Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test 
Move part of timing module out of the library
 2021-06-18 16:35:58 +01:00
Thomas Daubney
ac84469dd1 Modifies Migration Guide entry 
Commit makes corrections to Migration Guide
entry for this task.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-06-18 14:08:56 +01:00
Thomas Daubney
379227cc59 Modifies ChangeLog and Migration Guide 
Entries in ChangeLog and Migration guide files
have been merged to cover both the removal of
MBEDTLS_SSL_TRUNCATED_HMAC and
MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-06-18 10:46:12 +01:00
Gilles Peskine
39957503c5 Remove secp256k1 from the default X.509 and TLS profiles 
For TLS, secp256k1 is deprecated by RFC 8422 §5.1.1. For X.509,
secp256k1 is not deprecated, but it isn't used in practice, especially
in the context of TLS where there isn't much point in having an X.509
certificate which most peers do not support. So remove it from the
default profile. We can add it back later if there is demand.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 23:17:52 +02:00
Gilles Peskine
ec78bc47b5 Meld DEFAULT_ALLOW_SHA1_IN_CERTIFICATES removal migration guide 
Meld the migration guide for the removal of
MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES into the migration guide for
the strengthening of TLS and X.509 defaults, which is more general. The
information in the SHA-1 section was largely already present in the
strengthening section. It is now less straightforward to figure out how to
enable SHA-1 in certificates, but that's a good thing, since no one should
still be doing this in 2021.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 21:46:29 +02:00
Gilles Peskine
6b1f64a150 Wording clarifications 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 21:46:29 +02:00