mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-26 12:39:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
28,729 Commits 172 Branches 263 Tags
Commit Graph

12545 Commits

Author SHA1 Message Date
Gilles Peskine
391dd7fe87 Fix propagation of return value from parse_attribute_value_hex_der_encoded 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
7f420faf03 parse_attribute_value_hex_der_encoded: clean up length validation 
Separate the fits-in-buffer check (*data_length <= data_size) from the
we-think-it's-a-sensible-size check (*data_length <=
MBEDTLS_X509_MAX_DN_NAME_SIZE).

This requires using an intermediate buffer for the DER data, since its
maximum sensible size has to be larger than the maximum sensible size for
the payload, due to the overhead of the ASN.1 tag+length.

Remove test cases focusing on the DER length since the implementation no
longer has a threshold for it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
7077781af5 Fix integer overflow with an input buffer larger than INT_MAX 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
25665781f6 Rewrite parse_attribute_value_hex_der_encoded() 
Rename the function from parse_attribute_value_der_encoded: the hex aspect
seems important.

There was a buffer overflow due to not validating that the intermediate data
fit in the stack buffer. The rewrite doesn't use this buffer, and takes care
not to overflow the buffer that it does use.

Document all that's going on.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Dave Rodgman
6da7872aa2
Merge pull request #1083 from gilles-peskine-arm/development-restricted-merge-20230925 
Merge development into development-restricted
 2023-09-25 18:16:01 +01:00
Valerio Setti
c437faeaa1 psa_crypto: fix guards in mbedtls_ecc_group_to_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
db6b4db7a0 Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
cf29c5d9d5 ssl: don't require MBEDTLS_ECP_DP with TLS1.3 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
6d809cc969 lib/test: use new internal helpers in library's code and tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
f250ada3ab tls/oid: add PSA_WANT_ECC_xxx guards together with existing MBEDTLS_ECP_DP_xxx 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:40 +02:00
Gilles Peskine
ffe590d197
Merge pull request #1058 from waleed-elmelegy-arm/check-set_padding-is-called 
Check set_padding has been called in mbedtls_cipher_finish
 2023-09-25 17:12:36 +02:00
Minos Galanakis
21087754a5 x509_crt: Removed unused intsafe.h 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-09-25 15:17:38 +01:00
Gilles Peskine
ca1e605b9c Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925 
Conflicts:
* `include/mbedtls/build_info.h`: a new fragment to auto-enable
  `MBEDTLS_CIPHER_PADDING_PKCS7` was added in
  c9f4040f7f3356293e90c58d11f6567def641e08 in `development-restricted`.
  In `development`, this section of the file has moved to
  `include/mbedtls/config_adjust_legacy_crypto.h`.
* `library/bignum.c`: function name change in `development-restricted` vs
  comment change in development. The comment change in `development` is not
  really relevant, so just take the line from `development-restricted`.
 2023-09-25 16:16:26 +02:00
Minos Galanakis
a9bb34cd73 x509_crt: Removed length_as_int intermediate variable 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-09-25 14:42:41 +01:00
Minos Galanakis
59108d3f4d x509_crt: Adjusted the len of lpMultiByteStr arg in WideCharToMultiByte 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-09-25 14:12:23 +01:00
Minos Galanakis
08a67ccefd x509_crt: Set WideCharToMultiByte to use -1 for length. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>

WideCharToMultiByte
 2023-09-25 14:12:23 +01:00
Minos Galanakis
40995e1390 x509_crt: Removed checks for windows versions < WINXP 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-09-25 14:12:22 +01:00
Minos Galanakis
fac45fbafe entropy_poll: Removed checks for windows versions < WINXP 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-09-25 14:12:22 +01:00
Minos Galanakis
e8a5d1afbd entropy_poll: Updated documentation for entropy_poll loop. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-09-25 14:12:22 +01:00
Minos Galanakis
2c6e561ff8 entropy_poll.c: Added looping logic to mbedtls_platform_entropy_poll(). 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-09-25 14:12:22 +01:00
Minos Galanakis
4952f705ee Removed unsupported Visual Studio related code in entropy_poll.c and x509_crt.c. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-09-25 14:12:22 +01:00
Minos Galanakis
12b493f4dc entropy_poll/x509_crt: Added MBEDTLS_POP_TARGET_PRAGMA define guards. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-09-25 14:12:21 +01:00
Minos Galanakis
24a1c16fac library Makefile: Moved -lbcrypt to LOCAL_LDFLAGS 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-09-25 14:12:21 +01:00
Minos Galanakis
a277b210ff Code style fixes 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-09-25 14:12:21 +01:00
Simon Butcher
de573f56e5 Fix coding style of length_as_int var in x509_crt.c 
Variable had the very Windows name of lengthAsInt, which is fine for C# but
doesn't match the Mbed TLS coding standards.

Signed-off-by: Simon Butcher <simon.butcher@arm.com>
 2023-09-25 14:12:21 +01:00
Simon Butcher
35e5dad865 Add clarifying comment on use of MultiByteToWideChar() and CP_ACP 
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
 2023-09-25 14:12:21 +01:00
Simon Butcher
def90f4966 Fix formatting and detail of comments in PR #730 
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
 2023-09-25 14:12:20 +01:00
Simon Butcher
e068aa7ad5 Fix the build for mingw and CMake + VStudio 
Changes to the build to add the new Win32 Crypto API's inadvertently broke
the build for mingw and Visual Studio builds when generated by CMake.

Signed-off-by: Simon Butcher <simon.butcher@arm.com>
 2023-09-25 14:12:20 +01:00
Kevin Kane
0ec1e68548 Replace Windows APIs that are banned in Windows Store apps 
CryptGenRandom and lstrlenW are not permitted in Windows Store apps,
meaning apps that use mbedTLS can't ship in the Windows Store.
Instead, use BCryptGenRandom and wcslen, respectively, which are
permitted.

Also make sure conversions between size_t, ULONG, and int are
always done safely; on a 64-bit platform, these types are different
sizes.

Also suppress macro redefinition warning for intsafe.h:

Visual Studio 2010 and earlier generates C4005 when including both
<intsafe.h> and <stdint.h> because a number of <TYPE>_MAX constants
are redefined. This is fixed in later versions of Visual Studio.
The constants are guaranteed to be the same between both files,
however, so we can safely suppress the warning when including
intsafe.h.

Signed-off-by: Kevin Kane <kkane@microsoft.com>
 2023-09-25 14:12:20 +01:00
Dave Rodgman
025bed9eb7
Merge pull request #1076 from daverodgman/more-ct 
Use CT module more consistently
 2023-09-25 11:50:10 +01:00
Dave Rodgman
5a3add2c67
Merge pull request #8234 from kouzhudong/development 
Fix MSVC error C4703 about possibly uninitialized variable in pkwrite.c
 2023-09-25 10:51:46 +01:00
Gilles Peskine
6809f231a6
Merge pull request #8210 from yanrayw/aes_128bit_improvement 
AES 128bit only: add guards in cipher_wrap.c
 2023-09-22 18:15:03 +00:00
Gilles Peskine
18e1d11cfe
Merge pull request #1049 from waleed-elmelegy-arm/Switch-pkparse-to-mbedtls_pkcs5_pbe2_ext 
Switch pkparse to use new pkcs5/12 pbe functions
 2023-09-22 18:06:50 +02:00
Dave Rodgman
4f53520f54
Merge pull request #8241 from daverodgman/cast_warning 
fix cast warning
 2023-09-22 14:23:05 +00:00
Dave Rodgman
c0633bc777 Add comment 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 10:54:43 +01:00
Dave Rodgman
38c3228f3e fix cast warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 10:51:37 +01:00
Gilles Peskine
193f94276e
Merge pull request #1071 from gilles-peskine-arm/ssl_decrypt_stream_short_buffer 
Fix buffer overread in mbedtls_ssl_decrypt_buf with stream cipher
 2023-09-22 11:43:03 +02:00
Dave Rodgman
d03f483dbe Use mbedtls_ct_error_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 10:01:47 +01:00
Dave Rodgman
fbe74a9e51 Add mbedtls_ct_error_if, with tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 09:58:25 +01:00
Tom Cosgrove
41434d043c
Merge pull request #8237 from tom-cosgrove-arm/mbedtls_pk_write_key_der-unused-len-and-unreachable-ret 
Remove unused variable and unreachable return from mbedtls_pk_write_key_der()
 2023-09-22 08:45:48 +00:00
Dave Rodgman
a9d70125a3 Remove mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 21:53:54 +01:00
Dave Rodgman
7ad37e40a6 Remove use of mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 21:53:31 +01:00
Dave Rodgman
530c3da698 Improve implementation of mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 21:06:48 +01:00
Dave Rodgman
61f1beaccf Update library to use mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 19:23:17 +01:00
Dave Rodgman
f81b2a14f2 Generalise mbedtls_ct_error_if to mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 19:22:43 +01:00
Dave Rodgman
aaebc9be51
Merge pull request #8235 from daverodgman/misc-size 2023-09-21 18:42:37 +01:00
Tom Cosgrove
8d276fbc23 Remove unused variable and unreachable return from mbedtls_pk_write_key_der() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-21 17:19:36 +01:00
correy
a15b4851d4 Fix MSVC error C4703 about possibly uninitialized variable in pkwrite.c 
Signed-off-by: correy <112426112@qq.com>
 2023-09-21 20:18:52 +08:00
Dave Rodgman
1a404e8f34 Use mbedtls_ct_error for CT error selection 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 13:12:28 +01:00
Dave Rodgman
e50b537266 Add mbedtls_ct_error_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 11:29:58 +01:00