mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-04 15:39:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
20,388 Commits 170 Branches 263 Tags
Commit Graph

158 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
103b9929d1 Remove HKDF-Extract/Expand 
Being resolved in https://github.com/Mbed-TLS/mbedtls/issues/5784

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
2a47d23927 Update strategy.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
83c538869e Update psa-limitations 
- misc updates about on-going/recent work
- removal of the section about mixed-PSK: being done in #5762
- clarifications in some places
- some typo fixes

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
b8a6c2320e Update testing.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
2ffb93a83b Rm tasks-g2.md 
That document was always temporary (said so at the top). Now superseded
by https://github.com/orgs/Mbed-TLS/projects/1#column-18338322

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:38:43 +02:00
Ronald Cron
3cb707dc6d Fix and improve logs and documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-01 14:36:52 +02:00
Ronald Cron
2ba0d23c65 Update TLS 1.3 support documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-01 11:25:49 +02:00
Manuel Pégourié-Gonnard
11ccb35987
Merge pull request #5994 from gilles-peskine-arm/storage-format-doc-2.25-development 
Update storage format specification for Mbed TLS 2.25.0+
 2022-07-01 09:25:35 +02:00
Gilles Peskine
0b7ee23fe0 Historical update: the layout on stdio changed in Mbed Crypto 1.1.0 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 12:16:50 +02:00
Gilles Peskine
38989612d6 Typos 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 12:16:32 +02:00
Gilles Peskine
219a34839c Repeat the seed file documentation in 2.25.0 
This way the 2.25.0 section is now fully self-contained.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 12:15:53 +02:00
Gilles Peskine
3d65a19ee3 Fix wrong type in C snippet 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 12:15:35 +02:00
Tom Cosgrove
d7adb3c7d9 Add comments about MBEDTLS_PSA_CRYPTO_C also being required by MBEDTLS_SSL_PROTO_TLS1_3 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-06-30 09:48:40 +01:00
Gilles Peskine
25e39f24b9 Add section for Mbed TLS 2.25.0+ 
We hadn't updated the storage specification in a while. There have been no
changes to the storage layout, but the details of the contents of some
fields have changed.

Since this is now a de facto stable format (unchanged between 2.25 and 3.2),
describe it fully, avoiding references to previous versions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 09:16:53 +02:00
Tom Cosgrove
afb2fe1acf Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3 
Also have check_config.h enforce this. And MBEDTLS_SSL_EXPORT_KEYS has been removed,
so no longer mention it.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-06-29 16:36:12 +01:00
Ronald Cron
6b14c69277 Improve documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:21:13 +02:00
Ronald Cron
139d0aa9d3 Fix typo in documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:21:13 +02:00
Ronald Cron
44b23b10e1 tls13: Document TLS 1.3 handshake implementation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:18:42 +02:00
bootstrap-prime
6dbbf44d78
Fix typos in documentation and constants with typo finding tool 
Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>
 2022-05-18 14:15:33 -04:00
Dave Rodgman
65a141a7b0 Fix minor grammatical error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:54 +01:00
Andrzej Kurek
5c65c5781f Fix additional misspellings found by codespell 
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-05-11 21:25:54 +01:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. 
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:51 +01:00
Dave Rodgman
017a19997a Update references to old Github organisation 
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-03-31 14:43:16 +01:00
Ronald Cron
8f6d39a81d Make some handshake TLS 1.3 utility routines available for TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Gilles Peskine
790f7428d2 Storage format test regressions are now checked mechanically 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-22 19:16:42 +01:00
Jerry Yu
bd19287a8e fix docs issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
adb1869f8d fix document about tls13 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
72a0565e13 docs: Add version support description 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Ronald Cron
87829e5429 Fix documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-14 16:31:33 +01:00
Ronald Cron
4279bac965 Document TLS 1.3 MVP limitation regarding MBEDTLS_USE_PSA_CRYPTO 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-11 15:10:22 +01:00
Manuel Pégourié-Gonnard
c70013e4bc Clarify the trailer field situation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-10 13:16:50 +01:00
Manuel Pégourié-Gonnard
c7f3254379 Clarify a sentence 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-10 13:00:33 +01:00
Manuel Pégourié-Gonnard
58d101b721 Fix a few more typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-10 12:58:09 +01:00
Manuel Pégourié-Gonnard
2c5fbad479
Merge pull request #5004 from mpg/doc-psa-migration 
Document PSA migration strategy
 2022-02-09 12:07:12 +01:00
Manuel Pégourié-Gonnard
839bb8a238 Fix an inaccuracy 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 10:33:41 +01:00
Manuel Pégourié-Gonnard
80759c4917 Fix a few more typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 10:33:11 +01:00
Manuel Pégourié-Gonnard
8ebed21216 Fix a few typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-07 10:23:49 +01:00
Manuel Pégourié-Gonnard
539b9a52f9 Fix discussion of RSA-PSS salt length 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-07 10:19:08 +01:00
Manuel Pégourié-Gonnard
2467aed961 Misc updates to testing.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 10:42:30 +01:00
Manuel Pégourié-Gonnard
ce6c0875d1 Misc updates to strategy.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 10:34:20 +01:00
Manuel Pégourié-Gonnard
8e559daaa8 Misc updates to psa-limitations.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 10:26:07 +01:00
Manuel Pégourié-Gonnard
335cbf61da Remove temporary documents 
The dependencies-xxx.md documents where merely a support for study,
now distilled to strategy.md, psa-limitation.md, and tasks-xx.md
and/or github issues.

The tasks-g1.md document has now been fully converted to a list of
github issues.

These documents would quickly become out-of-date and there's little
point in updating them, so it's better to remove them. They're still in
the github history if anyone wants to have a look.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 09:55:45 +01:00
Manuel Pégourié-Gonnard
ec3fd75cbc Update strategy with late 2021 discussion 
Unless I missed something, this should now reflect the current strategy.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:15 +01:00
Manuel Pégourié-Gonnard
5218774efb Add note about HKDF for TLS 1.3 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
ab1d3084b7 Goal 1 tasks are now all reflected on github 
Replace descriptions with links just to double-check nothing has been
forgotten.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
0950359220 Improve "abstraction layers" section 
- fix inaccuracy about PSA hash implementation
- add note about context-less operations
- provide summary

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
a6c601c079 Explain compile-time incompatibilities 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
7497991356 Expand discussion of goals 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
e459be2ed1 Complete discussion of RSASSA-PSS 
Update to latest draft of PSA Crypto 1.1.0: back to strict verification
by default, but ANY_SALT introduced.

Commands used to observe default values of saltlen:

    openssl genpkey -algorithm rsa-pss -out o.key
    openssl req -x509 -new -key o.key -subj "/CN=CA" -sha256 -out o.crt

    certtool --generate-privkey --key-type rsa-pss --outfile g.key
    certtool --generate-self-signed --load-privkey g.key --outfile g.crt

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
f5ee4b3da4 Add data about RSA-PSS test files 
Data gathered with:

    for c in server9*.crt; do echo $c; openssl x509 -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in crl-rsa-pss-*; do echo $c; openssl crl -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in server9.req.*; do echo $c; openssl req -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done

Unfortunately there is no record of how these files have been generated.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00