mbedtls

mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00

Author	SHA1	Message	Date
Ronald Cron	3a04562ace	Update mbedtls_ssl_read_early_data() definition Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Jerry Yu	032985c351	Add MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA error code Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Ronald Cron	5d0ae9021f	tls13: srv: Refine early data status The main purpose is to know from the status if early data can be received of not and why. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Ronald Cron	149b0e7ca2	ssl.h: Fix comment Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Dave Rodgman	935182fe2b	Merge pull request #1158 from daverodgman/mbedtls-3.5.2rc Mbedtls 3.5.2rc	2024-01-25 12:22:54 +00:00
Dave Rodgman	f5e231ca84	Merge pull request #8719 from daverodgman/iar-codegen Improve codegen of unaligned access for IAR and gcc	2024-01-25 08:31:45 +00:00
Dave Rodgman	13f2f4e7f1	Merge remote-tracking branch 'restricted/development' into mbedtls-3.5.2rc	2024-01-24 09:49:15 +00:00
Dave Rodgman	e23d6479cc	Bump version ./scripts/bump_version.sh --version 3.5.1 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-22 15:45:49 +00:00
Janos Follath	393df9c995	Add warning for PKCS 1.5 decryption Any timing variance dependant on the output of this function enables a Bleichenbacher attack. It is extremely difficult to use safely. In the Marvin attack paper (https://people.redhat.com/~hkario/marvin/marvin-attack-paper.pdf) the author suggests that implementations of PKCS 1.5 decryption that don't include a countermeasure should be considered inherently dangerous. They suggest that all libraries implement the same countermeasure, as implementing different countermeasures across libraries enables the Bleichenbacher attack as well. This is extremely fragile and therefore we don't implement it. The use of PKCS 1.5 in Mbed TLS implements the countermeasures recommended in the TLS standard (7.4.7.1 of RFC 5246) and is not vulnerable. Add a warning to PKCS 1.5 decryption to warn users about this. Signed-off-by: Janos Follath <janos.follath@arm.com>	2024-01-22 15:33:19 +00:00
Janos Follath	fb12d9204d	Merge pull request #8693 from Ryan-Everett-arm/implement-key-slot-mutex Implement the key slot mutex	2024-01-19 20:49:18 +00:00
Dave Rodgman	336efeec50	Move MBEDTLS_COMPILER_IS_GCC & MBEDTLS_GCC_VERSION into build_info Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-19 16:38:53 +00:00
Ryan Everett	558da2ffd3	Move key_slot_mutex to threading.h Make this a global mutex so that we don't have to init and free it. Also rename the mutex to follow the convention Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-01-19 12:59:28 +00:00
Gilles Peskine	4d4891e18a	Merge pull request #8666 from valeriosetti/issue8340 Export the mbedtls_md_psa_alg_from_type function	2024-01-18 13:58:55 +00:00
Ryan Everett	0e3b677cf4	Support PSA_ERROR_SERVICE_FAILURE To be returned in the case where mbedtls_mutex_lock and mbedtls_mutex_unlock fail. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-01-18 10:47:29 +00:00
Gilles Peskine	b1f96c0354	Merge pull request #7815 from gilles-peskine-arm/ecp-export-partial ECP keypair utility functions	2024-01-18 10:29:05 +00:00
Gilles Peskine	c9077cccd3	Merge pull request #8664 from valeriosetti/issue7764 Conversion function from ecp group to PSA curve	2024-01-18 10:28:55 +00:00
Tom Cosgrove	bc5d9165ae	Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile TLS: remove RSA signature algorithms in `suite B` profile	2024-01-12 14:34:28 +00:00
Tom Cosgrove	f1ba1933cf	Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext TLS1.3: SRV/CLI: add support for sending Record Size Limit extension	2024-01-12 13:39:15 +00:00
Manuel Pégourié-Gonnard	eeb96ac9fe	Merge pull request #8433 from yuhaoth/pr/add-deprecated-flag-for-sig_hashes-api Add deprecated flag in document for sig_hashes	2024-01-11 09:33:10 +00:00
Waleed Elmelegy	09561a7575	Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to config_adjust_ssl.h Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Tom Cosgrove	3a6059beca	Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit Comply with the received Record Size Limit extension	2024-01-09 15:22:17 +00:00
Valerio Setti	39faa9cad4	psa_util: rename parameter of mbedtls_ecc_group_from_psa The new name better reflects the fact that the 1st parameter is just the EC family and not the curve. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:53 +01:00
Valerio Setti	d0aa9c1316	psa_util: update documentation for PSA conversion functions Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:53 +01:00
Valerio Setti	eca07140f3	psa_util: update documentation of EC conversion functions Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:52 +01:00
Valerio Setti	0e608807e3	psa: let mbedtls_ecc_group_from_psa() accept only exact bit lengths Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:52 +01:00
Valerio Setti	3b7663de29	psa_util: update the documentation of ECC conversion functions Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:52 +01:00
Valerio Setti	d36c313b53	psa: remove bits_is_sloppy parameter from mbedtls_ecc_group_from_psa() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:52 +01:00
Valerio Setti	ddba51e6c9	psa: rename "mbedtls_ecc_group_of_psa" to "mbedtls_ecc_group_from_psa" Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:52 +01:00
Manuel Pégourié-Gonnard	454ab28be5	Merge pull request #8668 from gilles-peskine-arm/asymmetric_key_data-secpr1 Fix incorrect test data for SECP_R1 in automatically generated tests	2024-01-09 09:21:14 +00:00
Valerio Setti	dd2afcd881	Revert "psa_util: add algorithm's availability checks for MD conversion functions" This reverts commit `3d2e0f5f42`. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 08:41:29 +01:00
Valerio Setti	cd38f27206	Revert "psa_util: fix typo in comment" This reverts commit `98f5db9fca`. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 08:41:03 +01:00
Valerio Setti	d5cab81405	mbedtls_config: update documentation for CIPHER_C and CRYPTO_C Adding auto-enablement sections. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 07:23:33 +01:00
Valerio Setti	9772642b8c	adjust_legacy_crypto: auto-enable CIPHER_C when any builtin cipher is enabled in PSA Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 07:23:33 +01:00
Valerio Setti	1aaffec7cf	Revert "check_config: add check for PSA builtin unauthenticated ciphers" This reverts commit d5d99e800a0d648e976a28819ab8709daabcab9b. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-08 16:57:18 +01:00
Valerio Setti	c95ab2a1a0	mbedtls_config: extend documentation for MBEDTLS_PSA_CRYPTO_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-08 16:57:18 +01:00
Valerio Setti	95c32973f9	check_config: add check for PSA builtin unauthenticated ciphers Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-08 16:57:18 +01:00
Manuel Pégourié-Gonnard	4aad0ff510	Merge pull request #8632 from valeriosetti/issue8598 [G5] Make block_cipher work with PSA	2024-01-08 08:07:53 +00:00
Valerio Setti	98f5db9fca	psa_util: fix typo in comment Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-05 18:17:38 +01:00
Manuel Pégourié-Gonnard	5bad043c06	Merge pull request #8641 from valeriosetti/issue8358 G3-G4 wrap-up	2024-01-04 10:48:00 +00:00
Gilles Peskine	44d557c52d	Indicate which curves Mbed TLS supports Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-03 20:59:38 +01:00
Gilles Peskine	6e2069661e	Note unusual curve size Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-03 20:59:03 +01:00
Gilles Peskine	2a22dac694	Fix typo in curve name Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-03 20:58:55 +01:00
Gilles Peskine	39b7bba8a0	Make input parameter const Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-02 17:56:54 +01:00
Dave Rodgman	1cc90a1003	Merge pull request #8517 from mschulz-at-hilscher/fixes/issue-6910 Fixes redundant declarations for psa_set_key_domain_parameters	2024-01-02 16:34:40 +00:00
Valerio Setti	6315441be7	adjust_legacy_from_psa: relax condition for legacy block cipher auto-enabling CCM/GCM can be either fully accelerated or rely on just the key type being accelerated. This means that ultimately it is just the key type which determines if the legacy block cipher modes need to be auto-enabled or not. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-02 17:21:01 +01:00
Valerio Setti	3d2e0f5f42	psa_util: add algorithm's availability checks for MD conversion functions Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-02 14:57:47 +01:00
Valerio Setti	45c3cae8a5	md: move PSA conversion functions from md_psa.h to psa_util.h Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-02 13:26:04 +01:00
Valerio Setti	e581e140cc	oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C This commit also updates test_suite_pkparse.data file adding MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-29 16:35:58 +01:00
Valerio Setti	1994e72e18	check_config/block_cipher: minor improvements Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-28 18:33:04 +01:00
Valerio Setti	e98ad5931a	mbedls_config: update documentation for MBEDTLS_PKCS[5/12]_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-28 10:42:12 +01:00

1 2 3 4 5 ...

6644 commits