* Security: we're improving a countermeasure.
* Requirement change: the library will no longer compile on a platform
without setbuf().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Also have check_config.h enforce this. And MBEDTLS_SSL_EXPORT_KEYS has been removed,
so no longer mention it.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes#769.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
GCC 12 emits a warning because it thinks `buffer1` is used after having been
freed. The code is correct C because we're only using the value of
`(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for
anything useful: it doesn't really matter if an alloc-free-alloc sequence
returns the same address twice. So don't print that bit of information, and
this way we don't need to save the old address.
Fixes#5974.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix an issue whereby a variable was used to check the size of incoming
TLS records against the configured maximum prior to it being set to the
right value.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
The issue was fixed while adding support for static ECDH with Opaque
keys: https://github.com/Mbed-TLS/mbedtls/pull/5624
This is just adding the ChangeLog entry for that fix.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This was intended as experimental, and we've been saying for a long time
that it's superseded by the "unified driver interface", but we hadn't
documented that inside the Mbed TLS source code. So announce it as
deprecated.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or
mbedtls_mpi_write_string() in base 2.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If the key agreement or the public key export in
ssl_write_client_key_exchange() fails, the handshake enters a failed state.
The only valid thing you can do in a failed handshake is to abort it, which
calls mbedtls_ssl_handshake_free(), which destroys ecdh_psa_privey. While
it's good hygiene to destroy the key in the function that creates it, it
would have been cleaned up a little later in the normal course of things
anyway, so there wasn't an actual bug.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The entry for “Fix several bugs…” already covers this. This is borderline an
internal detail anyway.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Consolidate the entries for SHA512 and SHA256 since they are being released
together.
List the algorithms generically as SHA-2 since this also applies to SHA224
and SHA384.
Clearly state that the instructions are only supported when building for
Aarch64 (64-bit ARMv8+) and not for Aarch32 (32-bit ARMv8+).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
