lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity
22,562 Commits 174 Branches 272 Tags
mbedtls-3.3.0
Commit Graph

5542 Commits

Author SHA1 Message Date
Dave Rodgman
48223bc19e Bump version to 3.3.0. No changes to .so versions. 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-08 14:43:19 +00:00
Ronald Cron
fbba0e9d75 Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface 
TLS 1.3: Refactor early data configuration interface.
 2022-12-07 09:42:12 +01:00
Dave Rodgman
92011eef34 Merge pull request #6717 from tom-cosgrove-arm/fix-typos-2212 
Fix typos prior to release
 2022-12-06 15:00:34 +00:00
Jerry Yu
12c46bd14f fix various issues 
- disable reuse of max_early_data_size.
- make conf_early_data available for server.
- various comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-06 11:02:51 +08:00
Dave Rodgman
dbcbf44d65 Update include/mbedtls/mbedtls_config.h 
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-05 11:15:10 +00:00
Tom Cosgrove
1797b05602 Fix typos prior to release 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-04 17:19:59 +00:00
Dave Rodgman
235d1d8519 Improve wording 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-01 18:45:02 +00:00
Dave Rodgman
6ebaf7a1f8 Whitespace fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-01 18:33:58 +00:00
Dave Rodgman
bc5f03dabc Disable PKCS7 by default; improve docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-01 18:32:23 +00:00
Jerry Yu
cc4e007ff6 Add max_early_data_size to mbedtls_ssl_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-01 23:11:48 +08:00
Jerry Yu
16f6853b05 Add max_early_data_size config option 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-01 23:11:48 +08:00
Manuel Pégourié-Gonnard
ffc330fafa Merge pull request #6264 from hannestschofenig/rfc9146_2 
CID update to RFC 9146
 2022-11-29 09:25:14 +01:00
Dave Rodgman
bf9b23abf8 Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0 
Fix NULL+0 undefined behavior in PSA crypto ECB
 2022-11-25 17:07:46 +00:00
Bence Szépkúti
6e85673e8d Merge pull request #3431 from naynajain/development-pkcs7 
PKCS7 Parser - RFC 2315
 2022-11-25 15:55:46 +01:00
Gilles Peskine
5a34b36bbd Remove more now-redundant definitions of inline 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-25 13:26:44 +01:00
Hannes Tschofenig
6b6b63f039 Added closing SECTION of doxygen markup 
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-25 11:19:05 +01:00
Hannes Tschofenig
b2e6615625 Added deprecated warning in check_config.h 
Warns about the removal of the legacy DTLS Connection ID feature in a future version of Mbed TLS.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-25 11:18:57 +01:00
Hannes Tschofenig
e2c46e0413 Reference to RFC 9146 added 
Added deprecated keyword to MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-25 11:18:51 +01:00
Hannes Tschofenig
88e5566a9b Changed order of conditions in check_config.h 
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-25 11:18:38 +01:00
Manuel Pégourié-Gonnard
91f88db019 Merge pull request #6639 from mpg/doc-driver-only-limitation 
Document another limitation of driver-only hashes
 2022-11-25 09:44:35 +01:00
Bence Szépkúti
ae79fb2c2e Merge branch 'development' into pr3431 2022-11-25 03:12:43 +01:00
Manuel Pégourié-Gonnard
fecc6b2fe4 Minor tune-up to ChangeLog & documentation 
- fix a recurring typo
- use clearer names

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-24 09:40:12 +01:00
Gilles Peskine
6157fee306 Unify defintions of inline for MSVC (and old armcc?) 
Having multiple definitions was cumbersome, and meant we might forget the
definition when adding an inline definition to a file that didn't have one
before (as I did when I added an inline definition in common.h).

Resolves #6649.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-23 16:15:21 +01:00
Ronald Cron
4a8c9e2cff tls13: Add definition of mbedtls_ssl_{write,read}_early_data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-23 14:29:37 +01:00
Manuel Pégourié-Gonnard
ef25a99f20 Merge pull request #6533 from valeriosetti/issue5847 
Use PSA EC-JPAKE in TLS (1.2) - Part 2
 2022-11-23 13:27:30 +01:00
Ronald Cron
cb0e680779 Merge pull request #6476 from yuhaoth/pr/fix-tls13-mbedtls_ssl_is_handshake_over 
TLS 1.3: Fix tls13 mbedtls ssl is handshake over
 2022-11-23 12:12:02 +01:00
Ronald Cron
d8603a7b44 Merge pull request #6638 from ronald-cron-arm/tls13-misc 
TLS 1.3: Adjustments for the coming release
 2022-11-23 09:07:36 +01:00
Bence Szépkúti
a17d038ee1 Merge branch 'development' into pr3431 2022-11-22 15:54:52 +01:00
Gilles Peskine
4f19d86e3f Merge pull request #6608 from mprse/ecjpake_password_fix 
Make a copy of the password key in operation object while setting j-pake password
 2022-11-22 14:52:12 +01:00
Ronald Cron
da13072c5b tls13: Make ..._RECEIVED_NEW_SESSION_TICKET experimental 
We are considering using a callback instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-22 13:21:13 +01:00
Manuel Pégourié-Gonnard
18a3856a03 Document another limitation of driver-only hashes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-22 11:59:55 +01:00
Ronald Cron
c2e110f445 tls13: Disable MBEDTLS_SSL_EARLY_DATA by default 
Eventually we want it to be enabled by default
when TLS 1.3 is enabled but currently the
feature is on development thus it should not be
enabled by default.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-22 09:01:46 +01:00
Gilles Peskine
339406daf9 Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub 
Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
 2022-11-21 19:51:58 +01:00
Jerry Yu
a8d3c5048f Rename new session ticket name for TLS 1.3 
NewSessionTicket is different with TLS 1.2.
It should not share same state.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:35 +08:00
Jerry Yu
5ed73ff6de Add NEW_SESSION_TICKET* into handshake over states 
All state list after HANDSHAKE_OVER as is_handshakeover

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:34 +08:00
Jerry Yu
0b61217c36 set new_session_ticket_* to handshake_over 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:34 +08:00
Valerio Setti
aca21b717c tls: psa_pake: enforce not empty passwords 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 18:20:50 +01:00
Przemek Stekiel
152ae07682 Change password ec j-pake operation fields to more suitable 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-17 13:24:36 +01:00
Ronald Cron
d12922a69a Merge pull request #6486 from xkqian/tls13_add_early_data_indication 
The merge job of the internal CI ran successfully. This is good to go.
 2022-11-17 12:48:50 +01:00
Xiaokang Qian
51c5a8b561 Update ticket flag macros 
Define the ALLOW_PSK_RESUMPTION and ALLOW_PSK_EPHEMERAL_RESUMPTION
to the key exchange mode EXCHANGE_MODE_PSK and
EXCHANGE_MODE_PSK_EPHEMERAL to facilate later check.
Since they are 1( 1u<<0 ) and 4( 1u<<2 ), so define
ALLOW_EARLY_DATA to 8( 1u<<3 ).

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-16 08:32:51 +00:00
Gilles Peskine
6110a16555 Document mbedtls_mpi_uint and mbedtls_mpi_sint 
Since they're part of the public API (even if only through a few functions),
they should be documented.

I deliberately skipped documenting how to configure the size of the type.
Right now, MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 have no Doxygen
documentation, so it's ambiguous whether they're part of the public API.
Resolving this ambiguity is out of scope of my current work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-15 22:56:17 +01:00
Przemek Stekiel
348410f709 Make a copy of the key in operation while setting pake password 
Additionally use psa_get_and_lock_key_slot_with_policy() to obtain key.
This requires making this function public. This will have to be solved while adding driver dipatch for EC-JPAKE.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-15 22:22:07 +01:00
Gilles Peskine
128895775d Document invariants of MPI objects 
Note that s must be +1 for zero.

Note that p may be NULL for zero, when n is 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-15 20:33:21 +01:00
Xiaokang Qian
2cd5ce0c6b Fix various issues cause rebase to latest code 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-15 10:33:53 +00:00
Xiaokang Qian
72b9b17e11 Add comments to fix mini format issue 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-15 02:51:27 +00:00
Dave Rodgman
d384b64dd2 Merge branch 'development' into rfc9146_2 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-14 17:43:15 +00:00
Xiaokang Qian
402bb1ee90 Update documents and check 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:22 +00:00
Xiaokang Qian
de95604f6c Update ticket_flags related macros 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:22 +00:00
Xiaokang Qian
fe3483f9a1 Update early data doument and config dependencies 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:22 +00:00
Xiaokang Qian
ae07cd995a Change ticket_flag base on review 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:22 +00:00