lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-15 06:41:43 +03:00
Code Activity
22,161 Commits 172 Branches 268 Tags
351e6885f55fd6354b57b51a5dbaadf3231aa7c8
Commit Graph

560 Commits

Author SHA1 Message Date
Gilles Peskine
b1940a76ad In TLS, order curves by resource usage, not size 
TLS used to prefer larger curves, under the idea that a larger curve has a
higher security strength and is therefore harder to attack. However, brute
force attacks are not a practical concern, so this was not particularly
meaningful. If a curve is considered secure enough to be allowed, then we
might as well use it.

So order curves by resource usage. The exact definition of what this means
is purposefully left open. It may include criteria such as performance and
memory usage. Risk of side channels could be a factor as well, although it
didn't affect the current choice.

The current list happens to exactly correspond to the numbers reported by
one run of the benchmark program for "full handshake/s" on my machine.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 21:46:29 +02:00
Gilles Peskine
3758fd6b79 Changelog entry and migration guide for hash and curve profile upgrades 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 21:46:14 +02:00
Thomas Daubney
50afb4378f Adds Migration guide 
Commit adds a migraiton guide entry that was
missing.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-06-17 09:23:41 +01:00
Manuel Pégourié-Gonnard
8707259318 Improve ChangeLog and migration guide entries 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-17 09:41:00 +02:00
Manuel Pégourié-Gonnard
e6e51aab55 Add ChangeLog and migration guide entries 
Merge part of the RSA entries into this one, as I think it's easier for
users to have all similar changes in one place regardless of whether
they were introduce in the same PR or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-17 09:38:38 +02:00
Mateusz Starzyk
bd513bb53d Enable multiple calls to mbedtls_gcm_update_ad. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-06-16 14:34:09 +02:00
TRodziewicz
15a7b73708 Documentation rewording 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-16 11:22:53 +02:00
TRodziewicz
8f91c721d3 Code review follow-up corrections 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-16 10:34:45 +02:00
TRodziewicz
7ff652ae53 Addition of ChangeLog and migration guide entry files. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-16 10:34:39 +02:00
Gilles Peskine
17575dcb03 Merge pull request #4629 from TRodziewicz/rename_functions_whose_deprecated_variants_have_been_removd 
Rename the _ret() functions
 2021-06-15 20:32:07 +02:00
TRodziewicz
9c90226df1 Addition of the migration guide and change log files 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-15 15:49:20 +02:00
Manuel Pégourié-Gonnard
8cad2e22fc Merge pull request #4595 from gilles-peskine-arm/alt-dummy-headers-3.0 
Lighten and test constraints on context types in alternative implementations
 2021-06-15 12:12:46 +02:00
TRodziewicz
28a4a963fc Corrections to the docs wording and changes to aux scripts 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-15 00:18:32 +02:00
Gilles Peskine
cadd3d860e Give examples of PLATFORM_XXX_ALT 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:14:28 +02:00
Gilles Peskine
bf26bef157 Discuss the durability of PSA drivers vs ALT when introducing them 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:14:28 +02:00
Gilles Peskine
a71db94c66 Document that contexts must be movable 
Fix #4451.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:14:28 +02:00
Gilles Peskine
f35c42bdb9 Document the remaining constraints on ALT context types 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:14:28 +02:00
Gilles Peskine
6a2fb61896 Rename library/ecp_alt.h to ecp_internal_alt.h 
library/ecp_alt.h (declaring individual functions of the ECP module that can
be substituted, included when building the library with
MBEDTLS_ECP_INTERNAL_ALT enabled) clashes with ecp_alt.h (not provided,
declaring types of the ECP module when the whole implementation is
substituted, included when building the library with MBEDTLS_ECP_ALT enabled).
Depending on the search path during build, this can make MBEDTLS_ECP_ALT
unusable.

Rename library/ecp_alt.h to follow the naming convention of other alt headers:
MBEDTLS_XXX_ALT corresponds to xxx_alt.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:10:37 +02:00
Gilles Peskine
b9ccb25f33 Starter-class documentation of alternative implementations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:10:37 +02:00
TRodziewicz
3946f79cab Correction according to code review (function and param. names change 
and docs rewording)

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-14 13:46:21 +02:00
TRodziewicz
8b223b6509 Addition of the migration guide entry file. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-14 11:56:33 +02:00
TRodziewicz
1fcd72e93c change log and migr. guide fixes and _DEPRECATED_REMOVED removed 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-14 11:16:06 +02:00
Gilles Peskine
02b76b7d18 Merge pull request #4619 from TRodziewicz/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options 
Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code
 2021-06-10 17:43:36 +02:00
TRodziewicz
2a5e5a2759 Correction to the migration guide entry wording 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 16:54:20 +02:00
TRodziewicz
0ea2576502 Correction to the migr. guide wording and removal of not needed option 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 13:31:42 +02:00
TRodziewicz
b8367380b1 Addition of the migration guide 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 13:31:42 +02:00
TRodziewicz
1e66642d68 Addition of change log and migration guide files. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 11:25:28 +02:00
Ronald Cron
f8abfa8b1b Improve migration guide 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-09 10:54:14 +02:00
Ronald Cron
6fe1bc3f24 Add change log and migration guide 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:19 +02:00
Manuel Pégourié-Gonnard
16fdab79a5 Merge pull request #4382 from hanno-arm/max_record_payload_api 
Remove MFL query API and add API for maximum plaintext size of incoming records
 2021-06-08 11:07:27 +02:00
Hanno Becker
61f292ea0a Fix migration guide for now-removed deprecated functions 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-08 07:50:55 +01:00
TRodziewicz
0730cd5d9e Merge branch 'development' into Remove__CHECK_PARAMS_option 2021-06-07 15:41:49 +02:00
TRodziewicz
442fdc22ea Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-07 13:52:23 +02:00
Manuel Pégourié-Gonnard
13a9776676 Editorial improvements 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-07 12:00:04 +02:00
Manuel Pégourié-Gonnard
3b5a7c198c Update ChangeLog and migration guide 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-07 11:13:34 +02:00
Manuel Pégourié-Gonnard
84191eab06 Merge pull request #4315 from Kxuan/feat-pre-compute-tls 
Static initialize comb table
 2021-06-03 11:41:54 +02:00
kXuan
782c2b9f36 fix comment, ChangeLog & migration-guide for MBEDTLS_ECP_FIXED_POINT_OPTIM 
Signed-off-by: kXuan <kxuanobj@gmail.com>
 2021-06-03 15:47:40 +08:00
Manuel Pégourié-Gonnard
1b1327cc0d Merge pull request #4581 from TRodziewicz/remove_supp_for_extensions_in_pre-v3_X.509_certs 
Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option
 2021-06-02 13:48:03 +02:00
Manuel Pégourié-Gonnard
df77624ab5 Merge pull request #4490 from TRodziewicz/Combine__SSL_<CID-TLS1_3>_PADDING_GRANULARITY_options 
Combine _SSL_<CID-TLS1_3>_PADDING_GRANULARITY options
 2021-06-02 13:47:48 +02:00
Manuel Pégourié-Gonnard
1b3b27cbb0 Merge pull request #4587 from TRodziewicz/remove_3DES_ciphersuites 
Remove 3DES ciphersuites
 2021-06-02 11:01:42 +02:00
Ronald Cron
3dafa9bda8 Merge pull request #4555 from ronald-cron-arm/m-ccm-api 
Define CCM multi-part API
 2021-06-02 09:56:43 +02:00
Gilles Peskine
fe3069b7f1 Merge pull request #4585 from mpg/cipher-aead-delayed 
Clarify multi-part AEAD calling sequence in Cipher module
 2021-06-01 12:04:19 +02:00
Manuel Pégourié-Gonnard
c01b87b820 Fix some typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-01 09:40:53 +02:00
Ronald Cron
f668bd18df Add migration guide for developers of CCM alternative implementation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-01 09:07:46 +02:00
kXuan
22fc906d57 Add ChangeLog and migration guide for MBEDTLS_ECP_FIXED_POINT_OPTIM 
Signed-off-by: kXuan <kxuanobj@gmail.com>
 2021-06-01 14:01:59 +08:00
TRodziewicz
231649a020 Changing the migration guide entry wording. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-31 13:12:16 +02:00
TRodziewicz
4e57f4cdfd Adding removed defines to check_config.h and fixing the migration guide entry. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-31 12:58:25 +02:00
Manuel Pégourié-Gonnard
6d84e917bb Merge pull request #4568 from creiter32/to_upstream/csr_critical_extensions 
Expose flag for critical extensions
 2021-05-31 12:46:59 +02:00
Manuel Pégourié-Gonnard
ee57ebe553 Add ChangeLog and migration guide entries 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-31 12:25:01 +02:00
TRodziewicz
3670e387dc Remove 3DES ciphersuites 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-31 12:11:53 +02:00