mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-05 18:40:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
16,105 Commits 171 Branches 263 Tags
Commit Graph

16105 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Rodgman
88c88eddf4
Merge pull request #4647 from daverodgman/travis-disable-osx-development 
Disable OS X builds on Travis
 2021-06-10 17:48:16 +01:00
Gilles Peskine
02b76b7d18
Merge pull request #4619 from TRodziewicz/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options 
Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code
 2021-06-10 17:43:36 +02:00
Dave Rodgman
d0581e119b Disable OS X builds on Travis 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-10 15:47:18 +01:00
Manuel Pégourié-Gonnard
44eea8f067
Merge pull request #4477 from TRodziewicz/Remove__X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 
Remove MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
 2021-06-10 09:13:14 +02:00
TRodziewicz
2a5e5a2759 Correction to the migration guide entry wording 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 16:54:20 +02:00
TRodziewicz
0ea2576502 Correction to the migr. guide wording and removal of not needed option 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 13:31:42 +02:00
TRodziewicz
b8367380b1 Addition of the migration guide 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 13:31:42 +02:00
TRodziewicz
3ecb92e680 Remove _X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 13:28:16 +02:00
Gilles Peskine
364380e70c
Merge pull request #4618 from ronald-cron-arm/rsa-padding 
Remove mbedtls_rsa_init() padding parameters
 2021-06-09 12:38:54 +02:00
Ronald Cron
f8abfa8b1b Improve migration guide 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-09 10:54:14 +02:00
Gilles Peskine
cc0f250ea2
Merge pull request #4600 from gilles-peskine-arm/backward-compatibility-explanation-3.0 
Document what we mean by backward compatibility
 2021-06-09 10:40:30 +02:00
Gilles Peskine
73876cf9cb Clarify "between major version changes" 
This was diversely interpreted as "compatibility in the period between
two major version changes" (as intended) or "compatibility between two
versions whose major version is different" (unintended).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-08 15:33:53 +02:00
Ronald Cron
3a0375fff4 Fail if a padding disabled by the build-time configuration is selected 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:57 +02:00
Ronald Cron
266b6d2121 tests: Assert success of calls to mbedtls_rsa_set_padding() 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:19 +02:00
Ronald Cron
d2cfa3e980 Improve mbedtls_rsa_init/set_padding() descriptions 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:19 +02:00
Ronald Cron
6fe1bc3f24 Add change log and migration guide 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:19 +02:00
Ronald Cron
c1905a1c3d Change mbedtls_rsa_init() signature 
Remove padding parameters as mbedtls_rsa_init()
cannot return an error code when padding
parameters are invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:19 +02:00
Ronald Cron
ea7631be1c Change mbedtls_rsa_set_padding() signature 
mbedtls_rsa_set_padding() now returns the error
code MBEDTLS_ERR_RSA_INVALID_PADDING when
padding parameters are invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:10 +02:00
Gilles Peskine
41377d6680
Merge pull request #4560 from gilles-peskine-arm/issue-templates 
Separate issue templates
 2021-06-08 12:01:26 +02:00
Gilles Peskine
6dd92c3f6b Wrap lines in the source to <80 columns 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-08 11:40:04 +02:00
Manuel Pégourié-Gonnard
caa0e93f08
Merge pull request #4617 from daverodgman/cmake-version 
Document minimum tool versions for 3.0
 2021-06-08 11:38:03 +02:00
Manuel Pégourié-Gonnard
16fdab79a5
Merge pull request #4382 from hanno-arm/max_record_payload_api 
Remove MFL query API and add API for maximum plaintext size of incoming records
 2021-06-08 11:07:27 +02:00
Manuel Pégourié-Gonnard
dacd044938
Merge pull request #4516 from TRodziewicz/Remove__CHECK_PARAMS_option 
Remove MBEDTLS_CHECK_PARAMS option
 2021-06-08 09:30:48 +02:00
Manuel Pégourié-Gonnard
68237d718a
Merge pull request #4548 from hanno-arm/tls13_key_schedule_upstream 
TLS 1.3 Key schedule: Second level secret generation
 2021-06-08 09:10:58 +02:00
Hanno Becker
61f292ea0a Fix migration guide for now-removed deprecated functions 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-08 07:50:55 +01:00
Hanno Becker
59d3670fa5 Fix ssl-opt.sh test cases grepping for MFL configuration output 
Use and grep for the new max in/out record payload length API instead.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-08 05:35:29 +01:00
Hanno Becker
df3b86343a Fixup rebase slip in library/ssl_misc.h 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-08 05:30:45 +01:00
Gilles Peskine
8d4e32b888
Merge pull request #4522 from mpg/fix-ssl-cf-hmac-alt-dev 
Fix misuse of MD API in SSL constant-flow HMAC
 2021-06-07 20:53:33 +02:00
Gilles Peskine
87d36e311b Add a section heading for LTS branches 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-07 20:43:35 +02:00
Gilles Peskine
d1a8cd5169 Minor clarifications 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-07 20:42:40 +02:00
TRodziewicz
0730cd5d9e Merge branch 'development' into Remove__CHECK_PARAMS_option 2021-06-07 15:41:49 +02:00
TRodziewicz
34428a6849 Remove duplicated ASSERT_ALLOC define 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-07 15:33:15 +02:00
TRodziewicz
442fdc22ea Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-07 13:52:23 +02:00
Ronald Cron
d285b11f21
Merge pull request #4616 from mpg/hide-ssl-deprecated-constant 
Hide ssl deprecated constants
 2021-06-07 13:24:52 +02:00
Manuel Pégourié-Gonnard
13a9776676 Editorial improvements 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-07 12:00:04 +02:00
Manuel Pégourié-Gonnard
3b5a7c198c Update ChangeLog and migration guide 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-07 11:13:34 +02:00
Dave Rodgman
be4af04fcf Update minimum CMake version in CMakeLists.txt 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-07 09:18:50 +01:00
Dave Rodgman
f21e4621f8 Changelog entry for updated tool versions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-07 09:18:50 +01:00
Dave Rodgman
2f458d3dcc Update README to document minimum tool versions 
Fixes #4379.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-07 09:18:50 +01:00
Manuel Pégourié-Gonnard
9371a40476 Stop referencing private constants in documentation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-04 12:29:42 +02:00
Manuel Pégourié-Gonnard
cac90a15ed Hide constants for TLS 1.0 and TLS 1.1 
ssl_server2 had a check that we never try to use a minor version lower
than 2 with DTLS, but that check is no longer needed, as there's no way
that would happen now that MBEDTLS_SSL_MINOR_VERSION_1 is no longer
public.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-04 12:29:33 +02:00
Hanno Becker
d60b6c62d5 Remove per-version ciphersuite configuration API 
This commit removes the API

```
    mbedtls_ssl_conf_ciphersuites_for_version()
```

which allows to configure lists of acceptable ciphersuites
for each supported version of SSL/TLS: SSL3, TLS 1.{0,1,2}.

With Mbed TLS 3.0, support for SSL3, TLS 1.0 and TLS 1.1
is dropped. Moreover, upcoming TLS 1.3 support has a different
notion of cipher suite and will require a different API.

This means that it's only for TLS 1.2 that we require
a ciphersuite configuration API, and

```
   mbedtls_ssl_conf_ciphersuites()
```

can be used for that. The version-specific ciphersuite
configuration API `mbedtls_ssl_conf_ciphersuites_for_version()`,
in turn, is no longer needed.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-04 12:20:10 +02:00
Manuel Pégourié-Gonnard
0c1a42a147
Merge pull request #4611 from gilles-peskine-arm/random-range-uniformity-3.0 
Fix non-uniform random generation in a range
 2021-06-04 10:43:15 +02:00
Manuel Pégourié-Gonnard
f9f9cc217c
Merge pull request #4579 from tom-daubney-arm/rm_ecdh_legacy_context_config_option 
Remove `MBEDTLS_ECDH_LEGACY_CONTEXT` config option
 2021-06-04 10:02:59 +02:00
Gilles Peskine
afb2bd2f22 Note that the byte order in mpi_fill_random_internal() is deliberate 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
405b091d9e Use MBEDTLS_MPI_CHK where warranted 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
ed32b576a4 New internal function mbedtls_mpi_resize_clear 
The idiom "resize an mpi to a given size" appeared 4 times. Unify it
in a single function. Guarantee that the value is set to 0, which is
required by some of the callers and not a significant expense where
not required.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
ceefe5d269 Lift function call out of inner loop 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
9077e435c6 Fix mistakes in test case descriptions 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
87823d7913 Use ternary operator with the most common case first 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00