mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-22 09:40:09 +00:00

Author	SHA1	Message	Date
Ronald Cron	6e31127f08	tls13: srv: Define specific return macros for binder check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	139a4185b1	Merge pull request #8587 from yanrayw/issue/4911/ssl_setup-check-RNG-configuration TLS: check RNG when calling mbedtls_ssl_setup()	2024-03-08 07:38:39 +00:00
Ronald Cron	93795f2639	tls13: Improve comment about cast to uint32_t Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-07 09:57:07 +01:00
Dave Rodgman	5ba2b2b8cc	Ensure blocksize is compile-time const when DES not present Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-06 11:38:49 +00:00
Dave Rodgman	7f86d356b1	Improve PBKDF2 with CMAC perf by ~16% 10x perf in cmac_multiply_by_u; 2% uplift in AES-CMAC benchmarks Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-06 11:17:16 +00:00
Moritz Fischer	967f8cde84	library: psa_crypto: Explicitly initialize shared_secret When building with -Og (specifically Zephyr with CONFIG_DEBUG_OPTIMIZATIONS=y) one observes the following warning: 'shared_secret' may be used uninitialized [-Werror=maybe-uninitialized] Fix this by zero initializing 'shared_secret' similar to the issue addressed in commit 2fab5c960 ("Work around for GCC bug"). Signed-off-by: Moritz Fischer <moritzf@google.com>	2024-03-05 22:32:32 +00:00
Gilles Peskine	71cc260563	Merge pull request #8728 from minosgalanakis/features/add_mbedtls_x509_crt_get_ca_istrue_accesor_6151 [MBEDTLS_PRIVATE] Add mbedtls_x509_crt_get_ca_istrue() accesor	2024-03-05 18:04:06 +00:00
Dave Rodgman	3c4166aef3	Merge pull request #8863 from minosgalanakis/feature/add_ecdh_context_5016 [MBEDTLS_PRIVATE] Add a getter for the ECDH context->grp.id member.	2024-03-05 16:58:13 +00:00
Ryan	0b14d1407d	Document deprecated transaction system as non thread safe Not all of the writes to this field are protected by a mutex. There is no also no protection in place to stop another thread from overwriting the current transaction Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-05 14:06:02 +00:00
Ronald Cron	2e7dfd5181	tls13: Remove unnecessary cast from size_t to uint32_t Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-05 13:48:11 +01:00
Gilles Peskine	d06244b813	Merge pull request #8821 from davidhorstmann-arm/fix-config-bitflag Update `SSL_SERIALIZED_SESSION_CONFIG_BITFLAG` with new flags	2024-03-05 09:59:42 +00:00
Gilles Peskine	8462146d01	Merge pull request #8867 from gilles-peskine-arm/psa_key_attributes-remove_core Merge psa_core_key_attributes_t back into psa_key_attributes_t	2024-03-05 09:59:24 +00:00
Dave Rodgman	a38fad9dad	Adjust defaults Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-04 18:27:32 +00:00
Gilles Peskine	48230e84cb	In library, with make, only require the framework for generated files This way, `make lib` will work in the absence of the framework, as long as generated files are present. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-04 17:12:59 +01:00
Gilles Peskine	f9bbe0de4c	Show guidance if the framework is not found Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-04 17:12:59 +01:00
Gilles Peskine	1c13aa78c2	Framework submodule: fix the libtestdriver1 build `make -C tests libtestdriver1` copies `library/Makefile` to `tests/libtestdriver1/library/Makefile`, where `../framework` does not point to the framework submodule. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-04 17:12:59 +01:00
Gilles Peskine	fad79fcdd9	Merge remote-tracking branch 'development' into ecp-write-ext-3.6 Conflicts: * library/pk.c: mbedtls_pk_wrap_as_opaque() changed in the feature branch and was removed in the target branch.	2024-03-04 08:52:08 +01:00
Minos Galanakis	2abbac74dc	x509: Added `mbedtls_x509_crt_get_ca_istrue()` API accessor. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-04 02:22:01 +00:00
Manuel Pégourié-Gonnard	e33b349c90	Merge pull request #8864 from valeriosetti/issue8848 Deprecate or remove mbedtls_pk_wrap_as_opaque	2024-03-01 15:54:32 +00:00
Dave Rodgman	8a4df2293a	Adjust default unroll settings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-01 15:12:59 +00:00
Ronald Cron	5dbfcceb81	tls13: cli: Fix error code not checked Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:15:30 +01:00
Ronald Cron	de9b03dcba	tls13: Rename early_data_count to total_early_data_size Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:14:17 +01:00
Ronald Cron	62f971aa60	tls13: cli: Enforce maximum size of early data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:10:22 +01:00
Ronald Cron	a4f0a71a01	ssl: Add early_data_count field Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:10:22 +01:00
David Horstmann	71fa1a94e7	Fix code style Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-01 12:32:18 +00:00
David Horstmann	76ba26a542	Fixup: add peer_cert_digest_type to comment Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-01 12:03:35 +00:00
David Horstmann	f686f1dc17	Fix naming inconsistencies in config bits Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-01 11:20:32 +00:00
Ronald Cron	19bfe0a631	tls13: Rename early_data_count to total_early_data_size Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	70eab45ba6	tls13: generic: Fix log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	01d273d31f	Enforce maximum size of early data in case of HRR Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	919e596c05	Enforce maximum size of early data when rejected Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	8571804382	tls13: srv: Enforce maximum size of early data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:09 +01:00
Ronald Cron	c286519747	tls13: srv: Do not forget to include max_early_data_size in the ticket Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:03:51 +01:00
Ronald Cron	26a9811027	ssl: Add early_data_count field Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:03:51 +01:00
David Horstmann	531aca2810	Fix missing fields in ssl session struct comment The endpoint and version were factorized out into the main session. Update the session struct comment to reflect these new fields, as was previously missed. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 18:14:28 +00:00
David Horstmann	cb01b361e1	Move session descriptions into a single comment Describe the TLS 1.2, TLS 1.3 and full session structs in the same place for ease of reference. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 18:10:13 +00:00
David Horstmann	80a9668762	Add config guards to session struct comments This shows which fields of the session are dependent on which config options. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 18:00:32 +00:00
David Horstmann	e59f970f28	Move session functions to same part of file Ensure that session save and load functions are not scattered throughout ssl_tls.c but are in the same part of the file. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 17:50:44 +00:00
David Horstmann	92b258bb50	Update ssl session serialization config bitflag Add config bits for server name indication, early data and record size limit, which all cause the serialized session to be structured differently. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 17:41:31 +00:00
David Horstmann	5c5a32f52a	Add session config bit for KEEP_PEER_CERTIFICATE This config option decides whether the session stores the entire certificate or just a digest of it, but was missing from the serialization config bitflag. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 17:41:31 +00:00
Gilles Peskine	469f7811fa	Require framework directory to exist when building The framework directory will be provided by a submodule. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-29 18:19:56 +01:00
Valerio Setti	1a58e9a232	psa_util: change guard for mbedtls_psa_get_random() to CRYPTO_CLIENT This commit also: - updates changelog - add a stub function to be used in component_test_psa_crypto_client() test Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-29 16:14:29 +01:00
Ronald Cron	9b4e964c2c	Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data TLS 1.3: Add mbedtls_ssl_write_early_data() API	2024-02-29 14:31:55 +00:00
Minos Galanakis	d753738fc0	echd: Added `mbedtls_ecdh_get_grp_id` getter. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-02-29 13:31:34 +00:00
Gilles Peskine	84a7bfbd33	mbedtls_ecp_write_key_ext(): Upgrade import_pair_into_psa as well It wasn't done with the others because that code was added in a concurrent branch. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-28 14:21:32 +01:00
Gilles Peskine	b395e74edd	mbedtls_ecp_write_key_ext(): make key const Having a non-const `key` parameter was anotherf defect of mbedtls_ecp_write_key(). Take this opportunity to fix it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-28 14:18:28 +01:00
Gilles Peskine	c0f7a8680f	mbedtls_ecp_write_key(): deprecate the old function Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-28 13:19:42 +01:00
Gilles Peskine	84b9f1b039	mbedtls_ecp_write_key_ext(): migrate internally Stop using mbedtls_ecp_write_key() except to test it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-28 13:19:42 +01:00
Gilles Peskine	e3fb4ccabf	mbedtls_ecp_write_key_ext(): new function Same as mbedtls_ecp_write_key(), but doesn't require the caller to figure out the length of the output and possibly distinguish between Weierstrass and Montgomery curves. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-28 13:19:42 +01:00
Manuel Pégourié-Gonnard	7f523bf9eb	Merge pull request #8845 from gilles-peskine-arm/ecp-write-doc-3.6 Document ECP write functions	2024-02-28 11:04:38 +00:00

1 2 3 4 5 ...

13147 Commits