mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2024-12-29 09:21:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,840 Commits 170 Branches 263 Tags 184 MiB
c4c8bdf32e
Commit Graph

6896 Commits

Author SHA1 Message Date
Ronald Cron
c4c8bdf32e Fix PBKDF2_AES_CMAC_PRF_128 dependencies 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-05-17 14:34:06 +02:00
Ronald Cron
97f0ea7611 Fix the resolution of dependencies on HMAC 
The Mbed TLS implementations of ALG_TLS12_PRF,
ALG_TLS12_PSK_TO_MS, ALG_HKDF, ALG_HKDF_EXTRACT,
ALG_HKDF_EXPAND and ALG_PBKDF2 rely on HMAC
operations through the driver interface. Thus
if one of these algorithms is enabled and not
accelerated, we need ALG_HMAC to be enabled
(PSA_WANT_ALG_HMAC and PSA_WANT_KEY_TYPE_HMAC
defined). As HMAC operations occur through
the driver interface, HMAC operations can be
accelerated even if the caller algorithm
is not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-05-17 14:33:44 +02:00
Ronald Cron
a33a824d8a Resolve PBKDF2_AES_CMAC_PRF_128 dependencies 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-05-16 08:12:03 +02:00
Ronald Cron
b0c96f47e7 Resolve some HMAC dependencies automatically 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-05-16 08:12:03 +02:00
Valerio Setti
89f5af84af adjust_legacy_crypto: enable ASN1_[PARSE|WRITE]_C when RSA_C 
RSA needs ASN1 functions to parse/write private and public keys,
but there is no guards in the code for that. So we need to enable
ASN1 support whenever RSA is enabled.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-18 18:47:34 +02:00
Manuel Pégourié-Gonnard
a4b773d3bb
Merge pull request #6955 from inorick/nofa_no_session_tickets 
Guard ticket specific TLS 1.3 function with macro
 2024-04-08 08:56:17 +00:00
Ronald Cron
fe15d90f72 tls13: Fix doc of mbedtls_ssl_session_set() - 2 
Fix documentation of mbedtls_ssl_session_set()
regarding its dependency on MBEDTLS_SSL_SESSION_TICKETS
in TLS 1.3 case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-04 15:52:34 +02:00
Bence Szépkúti
a376f84eb1
Merge pull request #8937 from valeriosetti/issue8712 
Clarify the documentation of mbedtls_pk_setup_opaque
 2024-04-04 13:40:57 +00:00
Ronald Cron
d85eeae740 tls13: Fix doc of mbedtls_ssl_session_set() - 1 
It was eventually decided to not support multiple
tickets in TLS 1.3 ClientHello messages thus
removing the parts in mbedtls_ssl_session_set()
documentation that were anticipating that.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-04 15:39:20 +02:00
Ronald Cron
66a206c26c tls13: Fix doc of mbedtls_ssl_session_get() - 2 
Fix documentation of mbedtls_ssl_session_get()
regarding its interaction with session
ticket enablement.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-04 15:34:22 +02:00
Ronald Cron
81bb589090 tls13: Fix doc of mbedtls_ssl_session_get() - 1 
The API has eventually not been changed to
return multiple tickets through multiple
subsequent call to it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-04 15:30:55 +02:00
Ronald Cron
9314df617b tls: Fix doc of mbedtls_ssl_session_save() 
Fix documentation of mbedtls_ssl_session_save()
regarding its dependency on MBEDTLS_SSL_SESSION_TICKETS
in TLS 1.3 session case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-04 14:07:50 +02:00
Valerio Setti
1c7f5dea8b pk: fix documentation of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-04 09:39:12 +02:00
Minos Galanakis
078f823843 Merge pull request #8990 from tom-cosgrove-arm:record-size-limit-support-is-now-released 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-26 12:32:00 +00:00
Tom Cosgrove
f02c6ef86d Fix typo in psa_key_production_parameters_t doc: 65535 should be 65537 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2024-03-26 12:25:07 +00:00
Tom Cosgrove
1b3b1743f5 Record size limit support is released, so remove warning about only for testing 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2024-03-26 12:23:49 +00:00
Valerio Setti
f9f63edbe4 pk: fix typos in description of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-25 09:38:05 +01:00
Valerio Setti
ac81e23c33 pk: add check_pair info to mbedtls_pk_setup_opaque() documentation 
This also updates use-psa-crypto.md accordingly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-22 14:36:41 +01:00
Minos Galanakis
4492dbd286 Version Bump for 3.6.0 
./scripts/bump_version.sh --version 3.6.0 --so-crypto 16 --so-x509 7  --so-tls 21

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 11:46:25 +00:00
Valerio Setti
42a3954cd3 pk: fix description of mbedtls_pk_setup_opaque for sign_ext() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00
Valerio Setti
fc6b22c95c pk: fix indentation in description of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00
Valerio Setti
80cd479fe0 pk: fix description of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00
Valerio Setti
18702d980f pk: update documentation of mbedtls_pk_setup_opaque() based on #8951 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00
Valerio Setti
55ed91e0aa pk: fix documentation for mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00
Valerio Setti
622f90597e pk: improve documentation of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00
Valerio Setti
f5a6e22032 pk: fix documentation for mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00
Minos Galanakis
b70f0fd9a9 Merge branch 'development' into 'development-restricted' 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-19 22:24:40 +00:00
Manuel Pégourié-Gonnard
af14b89824
Merge pull request #8932 from ronald-cron-arm/enable-tls13-by-default 
Enable TLS 1.3 by default
 2024-03-19 09:51:49 +00:00
Ronald Cron
27eb68d295 Enable TLS 1.3 by default 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-18 13:06:59 +01:00
Dave Rodgman
5ce1577629
Merge pull request #8928 from Ryan-Everett-arm/update-psa-thread-safety-docs 
Update psa-thread-safety.md to reflect version 3.6 changes
 2024-03-18 12:06:39 +00:00
Paul Elliott
78064ac9e0
Merge pull request #8901 from paul-elliott-arm/make_psa_global_data_safe 
Make PSA global_data thread safe
 2024-03-15 19:50:01 +00:00
Manuel Pégourié-Gonnard
c9db499299
Merge pull request #8930 from ronald-cron-arm/tls13-doc-update 
TLS 1.3: Documentation update for 3.6 release
 2024-03-15 16:41:52 +00:00
Ronald Cron
3996ebc037 Fix documentation about anti-replay defenses 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 15:49:11 +01:00
Ronald Cron
933aec86fd Remove experimental warnings related to early data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 14:52:10 +01:00
Bence Szépkúti
567591eec7
Merge pull request #8923 from bensze01/drop-old-compilers 
Drop Support for MSVC 2013, 2015 and Arm Compiler 5
 2024-03-15 12:56:21 +00:00
Bence Szépkúti
e05b54229f Drop reference to Visual Studio 2013 from config 
All supported versions of Visual Studio support AESNI, so drop the
version number.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-03-15 12:19:39 +01:00
Ronald Cron
6bee910dbd
Merge pull request #8858 from waleed-elmelegy-arm/add_alpn_to_session 
Add ALPN information in session tickets
 2024-03-15 09:50:24 +00:00
Ronald Cron
1987a7c068 Document that we do not implement the anti-replay defenses 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:46:04 +01:00
Gilles Peskine
7b333f1e88
Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime 
TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime
 2024-03-14 15:59:25 +00:00
Ryan Everett
f6f973c235 Document security weakness in concurrent execution of psa_destroy_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 15:54:07 +00:00
David Horstmann
4a48becdba Invert and rename config option 
Replace MBEDTLS_PSA_COPY_CALLER_BUFFERS with inverse:
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. This ensures that buffer
protection is enabled by default without any change to the Mbed TLS
config file.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-14 14:47:48 +00:00
Manuel Pégourié-Gonnard
93071cfeec
Merge pull request #8920 from valeriosetti/issue8919 
Generalize some PK functions from MBEDTLS_PSA_CRYPTO_C to MBEDTLS_PSA_CRYPTO_CLIENT
 2024-03-14 11:32:23 +00:00
Waleed Elmelegy
5bc5263b2c Add code improvments and refactoring in dealing with ALPN 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
883f77cb08 Add mbedtls_ssl_session_set_alpn() function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
2824a209bc Add ALPN information in session tickets 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Ronald Cron
40043d03a5
Merge pull request #8884 from ronald-cron-arm/improve-early-data-status 
TLS 1.3: CLI: Split early data user status and internal state
 2024-03-13 11:59:49 +00:00
Dave Rodgman
60c2f47f98
Merge pull request #8888 from minosgalanakis/features/add_ssl_session_accessor_8529 
[MBEDTLS_PRIVATE] Add accessor for session and ciphersuite_id
 2024-03-13 10:02:15 +00:00
Paul Elliott
4de4cc4a29
Merge pull request #8891 from Ryan-Everett-arm/document-SE_C-not-threadsafe 
Officially document non thread-safety of MBEDTLS_PSA_CRYPTO_SE_C
 2024-03-13 09:42:49 +00:00
Valerio Setti
c4c1d3af34 pk: use CRYPTO_CLIENT as guard for PK-PSA bridge functions instead of CRYPTO_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-13 09:52:36 +01:00
Ronald Cron
840de7ff2f tls13: cli: Rename STATUS_NOT_SENT to STATUS_NOT_INDICATED 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00