yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
20734 commits 89 branches 205 tags 114 MiB
Commit graph

20734 commits

This branch
This branch
All branches
Author SHA1 Message Date
Paul Elliott fe9d43c21d Fix generation of ssl_debug_helpers 
File was being generated with tabs rather than spaces which breaks
release builds

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-08 17:27:25 +01:00
Paul Elliott 6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash 
Fix DTLS 1.2 session resumption
 2022-07-06 15:03:36 +01:00
Andrzej Kurek 1ce9ca0630 Changelog rewording 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 06:50:30 -04:00
Andrzej Kurek 21b50808cd Clarify the need for calling mbedtls_ssl_derive_keys after extension parsing 
Use a more straightforward condition to note that session resumption
is happening.
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 03:26:55 -04:00
Paul Elliott 826762e315
Merge pull request #5765 from leorosen/fix-some-resource-leaks 
Fix resource leaks
 2022-07-05 23:12:02 +01:00
Andrzej Kurek 3a29e9cf57 Improve changelog wording 
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-05 10:49:10 -04:00
Dave Rodgman c6a4a1cc13
Merge pull request #6011 from gabor-mezei-arm/coverity_22_07_01 
Fix uninitialised memory access in test
 2022-07-05 13:59:34 +01:00
Werner Lewis c1999d5746 Add fallback when rk unaligned with padlock 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-07-05 11:55:15 +01:00
Andrzej Kurek ddb8cd601d test_suite_ssl: Fix handshake options cleanup 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 16:07:28 -04:00
Manuel Pégourié-Gonnard 0358597589
Merge pull request #5757 from mpg/update-doc-use-psa 
Update "use PSA" documentation (inc. strategy)
 2022-07-04 17:59:00 +02:00
Andrzej Kurek 9dc4402afa test_suite_ssl: zeroize the cache pointer in case if the struct memory gets reused 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:40:15 -04:00
Andrzej Kurek 1e085686ec test_suite_ssl: remove unnecessary user data checks 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:40:09 -04:00
Andrzej Kurek 3d0d501517 test_suite_ssl: prefer ASSERT_ALLOC over malloc 
Fix formatting for option initialization
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:39:34 -04:00
Andrzej Kurek 2e1a232261 Fix changelog wording 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Andrzej Kurek 92d7417d89 Formatting fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Andrzej Kurek e11acb2c9b test_suite_ssl: add proper cache cleanup 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Andrzej Kurek e8ad0d7d42 Disable bad session id length test in TLS 1.3 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Andrzej Kurek 456a109edb test_suite_ssl: add required dependencies for default handshake parameters 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Andrzej Kurek 6e518ab086 test_suite_ssl: add missing options cleanup 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Andrzej Kurek ed58b50ea6 test_suite_ssl: add missing MBEDTLS_SSL_SERVER_C dependency 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Andrzej Kurek 626a931bb9 test_suite_ssl: Add missing arguments in endpoint initialization 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Andrzej Kurek 9abad0c5ef Improve the changelog message to contain more details 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:18:29 -04:00
Andrzej Kurek 514683abdc Add a test with a bad session_id_len that makes cache setting fail 
Force a bad session_id_len before handshake wrapup. This should
result in a forced jump to a clean up of a serialized session.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:18:29 -04:00
Andrzej Kurek 780dc18f74 Refactor test_suite_ssl tests to enable cache setting 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:18:28 -04:00
Paul Elliott b7aba1a584 Improve Changelog 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-04 06:49:26 -04:00
Paul Elliott 072d2b094d Add pem_free() to other error paths in pk_parse_public_key() 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-04 06:49:26 -04:00
Leonid Rozenboim 56e01f37a8 Created customary ChangeLog.d entry. 
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-07-04 06:49:26 -04:00
Leonid Rozenboim 116f50cd96 Fix resource leaks 
These potential leaks were flagged by the Coverity static analyzer.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-07-04 06:49:26 -04:00
Manuel Pégourié-Gonnard b5b27c1114 Misc clean-ups in docs/use-psa-crypto.md 
Note: limitations of opaque PSKs changed from "TLS 1.2 only" to "none"
since TLS 1.3 does not support PSK at all so far, and it is expected to
support opaque PSKs as soon as it gains PSK support, it will be just a
matter of selecting between psa_key_derivation_input_bytes() and
psa_key_derivation_input_key() - and testing obviously.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard 465341f438 Add ChangeLog entries for general Use PSA improvements 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard 2dc436d6e7 Tune description of PSA crypto implementation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard 0dba51cfad Fix list of what's common to TLS 1.2 and 1.3 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard 9bf9b9e269 Link to restartable ECC EPIC 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard cbc03f5377 Update README about USE_PSA_CRYPTO 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard f3f79a00fc Now compatible with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 
Also make a few general clarifications/improvements while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard 3e83098e01 Clarify the TLS 1.3 situation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:44:32 +02:00
Manuel Pégourié-Gonnard 103b9929d1 Remove HKDF-Extract/Expand 
Being resolved in https://github.com/Mbed-TLS/mbedtls/issues/5784

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard b2bd34ecdc Update docs/use-psa-crypto.md 
The scope of the option has been expanded, now it makes more sense to
describe it as "everything except ...".

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard ff43ff6e78 Remove stability waiver from USE_PSA 
It was initially motivated by the fact that the PSA Crypto APIs
themselves were not stable. In the meantime, PSA Crypto has reached
1.0.0 so this no longer applies.

If we want user to be able to fully benefit from PSA in order to
isolate long-term secrets, they need to be able to use the new APIs with
confidence. There is no reason to think those APIs are any more likely
to change than any of our other APIs, and if they do, we'll follow the
normal process (deprecated in favour of a new variant).

For reference, the APIs in question are:

mbedtls_pk_setup_opaque() // to use PSA-held ECDSA/RSA keys in TLS

mbedtls_ssl_conf_psk_opaque()   // for PSA-held PSKs in TLS
mbedtls_ssl_set_hs_psk_opaque() // for PSA-held PSKs in TLS

mbedtls_cipher_setup_psa() (deprecated in 3.2)
mbedtls_pk_wrap_as_opaque() (documented internal, to be removed in 3.2)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard 97ec0b7bfa Clarify effect of USE_PSA on TLS 1.3 
The previous wording was wrong, there are parts that are affected.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard 2a47d23927 Update strategy.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard 83c538869e Update psa-limitations 
- misc updates about on-going/recent work
- removal of the section about mixed-PSK: being done in #5762
- clarifications in some places
- some typo fixes

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard b8a6c2320e Update testing.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard 2ffb93a83b Rm tasks-g2.md 
That document was always temporary (said so at the top). Now superseded
by https://github.com/orgs/Mbed-TLS/projects/1#column-18338322

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard 4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection 
Permissions 2a: TLS 1.2 ciphersuite selection
 2022-07-04 12:37:02 +02:00
Paul Elliott 41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf 
Turn off stdio buffering with setbuf()
 2022-07-04 10:12:22 +01:00
Ronald Cron 0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk 
Refactor signature algorithm chooser
 2022-07-04 09:10:08 +02:00
Paul Elliott 7c6b0e4464
Merge pull request #5972 from wernerlewis/migration_guide_removals 
Add guidance for deprecated functions and macros to migration guide
 2022-07-01 17:40:21 +01:00
Neil Armstrong 6931e439e4 Fix Handshake select ECDH-RSA- test dependencies 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 18:30:10 +02:00
Paul Elliott bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints 
Add accessors to config DN hints for cert request
 2022-07-01 17:23:14 +01:00