mbedtls

mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00

Author	SHA1	Message	Date
Hanno Becker	2fc9a652bc	Address review feedback Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	2e3ecda684	Adust migration guide for SSL error codes Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Gilles Peskine	fedd52ca19	Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation Require matching hashlen in RSA functions: implementation	2021-06-24 10:28:20 +02:00
Gilles Peskine	f06b92d724	Merge pull request #4567 from mstarzyk-mobica/gcm_ad Enable multiple calls to mbedtls_gcm_update_ad	2021-06-23 19:36:23 +02:00
Gilles Peskine	e9bc857327	Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export Implement modified key export API for Mbed TLS 3.0	2021-06-22 18:52:37 +02:00
Gilles Peskine	9dbbc297a3	PK signature function: require exact hash length Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-22 18:39:41 +02:00
Dave Rodgman	5ec5003992	Document the return type change in the migration guide Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-22 13:49:09 +01:00
Manuel Pégourié-Gonnard	e7885e5441	RSA: Require hashlen to match md_alg when applicable Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-22 12:29:27 +02:00
Manuel Pégourié-Gonnard	3e7ddb2bb6	Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0 Update the default hash and curve selection for X.509 and TLS	2021-06-22 12:08:37 +02:00
Manuel Pégourié-Gonnard	a805d57261	Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA Remove MD2, MD4, RC4, Blowfish and XTEA	2021-06-22 09:27:41 +02:00
TRodziewicz	f41dc7cb35	Removal of RC4 certs and fixes to docs and tests Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-21 13:27:29 +02:00
Hanno Becker	7e6c178b6d	Make key export callback and context connection-specific Fixes #2188 Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Hanno Becker	d5c9cc7c90	Add migration guide for modified key export API Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard	9a32d45819	Merge pull request #4517 from hanno-arm/ticket_api_3_0 Implement 3.0-API for SSL session resumption	2021-06-18 18:34:45 +02:00
Manuel Pégourié-Gonnard	ae35830295	Merge pull request #4661 from mpg/make-blinding-mandatory Make blinding mandatory	2021-06-18 18:32:13 +02:00
Dave Rodgman	8c8166a7f1	Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test Move part of timing module out of the library	2021-06-18 16:35:58 +01:00
Gilles Peskine	39957503c5	Remove secp256k1 from the default X.509 and TLS profiles For TLS, secp256k1 is deprecated by RFC 8422 §5.1.1. For X.509, secp256k1 is not deprecated, but it isn't used in practice, especially in the context of TLS where there isn't much point in having an X.509 certificate which most peers do not support. So remove it from the default profile. We can add it back later if there is demand. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 23:17:52 +02:00
Gilles Peskine	ec78bc47b5	Meld DEFAULT_ALLOW_SHA1_IN_CERTIFICATES removal migration guide Meld the migration guide for the removal of MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES into the migration guide for the strengthening of TLS and X.509 defaults, which is more general. The information in the SHA-1 section was largely already present in the strengthening section. It is now less straightforward to figure out how to enable SHA-1 in certificates, but that's a good thing, since no one should still be doing this in 2021. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:29 +02:00
Gilles Peskine	6b1f64a150	Wording clarifications Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:29 +02:00
Gilles Peskine	b1940a76ad	In TLS, order curves by resource usage, not size TLS used to prefer larger curves, under the idea that a larger curve has a higher security strength and is therefore harder to attack. However, brute force attacks are not a practical concern, so this was not particularly meaningful. If a curve is considered secure enough to be allowed, then we might as well use it. So order curves by resource usage. The exact definition of what this means is purposefully left open. It may include criteria such as performance and memory usage. Risk of side channels could be a factor as well, although it didn't affect the current choice. The current list happens to exactly correspond to the numbers reported by one run of the benchmark program for "full handshake/s" on my machine. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:29 +02:00
Gilles Peskine	3758fd6b79	Changelog entry and migration guide for hash and curve profile upgrades Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:14 +02:00
Manuel Pégourié-Gonnard	8707259318	Improve ChangeLog and migration guide entries Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-17 09:41:00 +02:00
Manuel Pégourié-Gonnard	e6e51aab55	Add ChangeLog and migration guide entries Merge part of the RSA entries into this one, as I think it's easier for users to have all similar changes in one place regardless of whether they were introduce in the same PR or not. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-17 09:38:38 +02:00
Mateusz Starzyk	bd513bb53d	Enable multiple calls to mbedtls_gcm_update_ad. Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-06-16 14:34:09 +02:00
TRodziewicz	15a7b73708	Documentation rewording Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-16 11:22:53 +02:00
TRodziewicz	8f91c721d3	Code review follow-up corrections Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-16 10:34:45 +02:00
TRodziewicz	7ff652ae53	Addition of ChangeLog and migration guide entry files. Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-16 10:34:39 +02:00
Gilles Peskine	17575dcb03	Merge pull request #4629 from TRodziewicz/rename_functions_whose_deprecated_variants_have_been_removd Rename the _ret() functions	2021-06-15 20:32:07 +02:00
TRodziewicz	9c90226df1	Addition of the migration guide and change log files Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-15 15:49:20 +02:00
TRodziewicz	28a4a963fc	Corrections to the docs wording and changes to aux scripts Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-15 00:18:32 +02:00
TRodziewicz	3946f79cab	Correction according to code review (function and param. names change and docs rewording) Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-14 13:46:21 +02:00
TRodziewicz	8b223b6509	Addition of the migration guide entry file. Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-14 11:56:33 +02:00
TRodziewicz	1fcd72e93c	change log and migr. guide fixes and _DEPRECATED_REMOVED removed Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-14 11:16:06 +02:00
Gilles Peskine	02b76b7d18	Merge pull request #4619 from TRodziewicz/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code	2021-06-10 17:43:36 +02:00
TRodziewicz	2a5e5a2759	Correction to the migration guide entry wording Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-09 16:54:20 +02:00
TRodziewicz	0ea2576502	Correction to the migr. guide wording and removal of not needed option Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-09 13:31:42 +02:00
TRodziewicz	b8367380b1	Addition of the migration guide Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-09 13:31:42 +02:00
TRodziewicz	1e66642d68	Addition of change log and migration guide files. Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-09 11:25:28 +02:00
Ronald Cron	f8abfa8b1b	Improve migration guide Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-06-09 10:54:14 +02:00
Ronald Cron	6fe1bc3f24	Add change log and migration guide Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-06-08 14:11:19 +02:00
Manuel Pégourié-Gonnard	16fdab79a5	Merge pull request #4382 from hanno-arm/max_record_payload_api Remove MFL query API and add API for maximum plaintext size of incoming records	2021-06-08 11:07:27 +02:00
Hanno Becker	61f292ea0a	Fix migration guide for now-removed deprecated functions Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-08 07:50:55 +01:00
TRodziewicz	0730cd5d9e	Merge branch 'development' into Remove__CHECK_PARAMS_option	2021-06-07 15:41:49 +02:00
TRodziewicz	442fdc22ea	Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-07 13:52:23 +02:00
Manuel Pégourié-Gonnard	13a9776676	Editorial improvements Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-07 12:00:04 +02:00
Manuel Pégourié-Gonnard	3b5a7c198c	Update ChangeLog and migration guide Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-07 11:13:34 +02:00
Manuel Pégourié-Gonnard	84191eab06	Merge pull request #4315 from Kxuan/feat-pre-compute-tls Static initialize comb table	2021-06-03 11:41:54 +02:00
kXuan	782c2b9f36	fix comment, ChangeLog & migration-guide for MBEDTLS_ECP_FIXED_POINT_OPTIM Signed-off-by: kXuan <kxuanobj@gmail.com>	2021-06-03 15:47:40 +08:00
Manuel Pégourié-Gonnard	1b1327cc0d	Merge pull request #4581 from TRodziewicz/remove_supp_for_extensions_in_pre-v3_X.509_certs Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option	2021-06-02 13:48:03 +02:00
Manuel Pégourié-Gonnard	df77624ab5	Merge pull request #4490 from TRodziewicz/Combine__SSL_<CID-TLS1_3>_PADDING_GRANULARITY_options Combine _SSL_<CID-TLS1_3>_PADDING_GRANULARITY options	2021-06-02 13:47:48 +02:00

1 2 3

115 commits