mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-25 18:02:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
27,501 Commits 172 Branches 267 Tags
Commit Graph

27501 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
35b49c4d7d Ignore tests of built-in interfaces for driver-only testing parity 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-04 12:28:41 +02:00
Gilles Peskine
010f035cdf Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE 
Fix test cases that were merged concurrently to
db6b4db7a0e982b15a95e048ac14f8d56fec44a6.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-04 12:27:14 +02:00
Minos Galanakis
591416f32b Auto-generated files for v3.5.0 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-04 00:55:02 +01:00
Minos Galanakis
974388f706 ChangeLog: Set release date 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 22:08:53 +01:00
Minos Galanakis
80a8156314 Prepare ChangeLog for 3.5.0 release 
```
./scripts/assemble_changelog.py
```

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 22:08:39 +01:00
Minos Galanakis
31ca313efa Bump version to 3.5.0 
```
./scripts/bump_version.sh --version 3.5.0
```

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 22:02:18 +01:00
Minos Galanakis
1a3ad265cc Merge branch 'development-restricted' into mbedtls-3.5.0rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 21:57:51 +01:00
Dave Rodgman
3406564b01
Merge pull request #8291 from minosgalanakis/bugfix/updated_check_generated_files 2023-10-03 21:18:57 +01:00
Dave Rodgman
3fb93a8223
Merge pull request #8295 from minosgalanakis/changelog/renamed_psa_crypto_driver_wrappers 
Changelog: Added entry for psa_crypto_driver_wrappers rename
 2023-10-03 14:05:56 +01:00
Dave Rodgman
130938a804
Merge pull request #1088 from gilles-peskine-arm/tls13_read_public_xxdhe_share-overflow 
Fix buffer overflow in TLS 1.3 and USE_PSA_CRYPTO ClientHello ECDH/FFDH parsers
 2023-10-03 12:28:38 +01:00
Minos Galanakis
3974b17631 check-generated-files: Added psa_crypto_driver_wrappers_no_static.c file 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 11:47:03 +01:00
Minos Galanakis
76b709dd44 Changelog: Added entry for psa_crypto_driver_wrappers rename 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 11:14:41 +01:00
Dave Rodgman
ff3e9e1eb0
Merge pull request #8292 from minosgalanakis/bugfix/changelog_extensions 
ChangeLog: Added .txt extension to log entries.
 2023-10-03 09:29:39 +01:00
Gilles Peskine
3713bee34c Remove leftover local debug line 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-02 18:43:18 +02:00
Minos Galanakis
08707ecbfe ChangeLog: Added .txt extension to log entries. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-02 16:55:00 +01:00
Gilles Peskine
7910cdd47f Avoid compiler warning about size comparison 
GCC warns about comparing uint8_t to a size that may be >255.

Strangely, casting the uint8_t to a size_t in the comparison expression
doesn't avoid the warning. So change the type of the variable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-02 16:11:05 +02:00
Gilles Peskine
530c423ad2 Improve some debug messages and error codes 
On a parsing error in TLS, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE, not a
crypto error code.

On error paths, emit a level-1 debug message. Report the offending sizes.

Downgrade an informational message's level to 3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-02 15:42:11 +02:00
Gilles Peskine
6dd5b9a60c In TLS 1.2, only servers are affected 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-02 15:38:51 +02:00
Gilles Peskine
b782415e1b Changelog entry for xxdh_psa_peerkey size validation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-02 15:08:37 +02:00
Gilles Peskine
c29df535ee Improve robustness of ECDH public key length validation 
In client-side code with MBEDTLS_USE_PSA_CRYPTO, use the buffer size to
validate what is written in handshake->xxdh_psa_peerkey. The previous code
was correct, but a little fragile to misconfiguration or maintenance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-02 15:02:39 +02:00
Gilles Peskine
c8df898204 Fix buffer overflow in TLS 1.2 ClientKeyExchange parsing 
Fix a buffer overflow in TLS 1.2 ClientKeyExchange parsing. When
MBEDTLS_USE_PSA_CRYPTO is enabled, the length of the public key in an ECDH
or ECDHE key exchange was not validated. This could result in an overflow of
handshake->xxdh_psa_peerkey, overwriting further data in the handshake
structure or further on the heap.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-02 15:02:33 +02:00
Gilles Peskine
12c5aaae57 Fix buffer overflow in TLS 1.3 ECDH public key parsing 
Fix a buffer overflow in TLS 1.3 ServerHello and ClientHello parsing. The
length of the public key in an ECDH- or FFDH-based key exchange was not
validated. This could result in an overflow of handshake->xxdh_psa_peerkey,
overwriting further data in the handshake structure or further on the heap.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-02 15:02:10 +02:00
Dave Rodgman
0673ed2e93
Merge pull request #8278 from gilles-peskine-arm/7298-changelog 
Changelog entry for 7298
 2023-09-29 15:56:30 +00:00
Gilles Peskine
673fec0c8c
Merge pull request #8277 from mpg/cl-ffdh-psa 
Fix ChangeLog entry for FFDH in PSA
 2023-09-29 13:17:53 +00:00
Gilles Peskine
16e9256fe8
Merge pull request #8272 from daverodgman/iar-warnings 
Fix IAR warnings
 2023-09-29 13:11:03 +00:00
Gilles Peskine
d39edead25 Changelog entry for #7298 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-29 13:07:01 +02:00
Gilles Peskine
f7baf7bfb3
Merge pull request #8271 from daverodgman/fix-numops 
Fix error handling in psa_driver_wrapper_xxx_hash_get_num_ops
 2023-09-29 10:46:50 +00:00
Manuel Pégourié-Gonnard
ef89fb80d7 Fix ChangeLog entry for FFDH in PSA 
It was jumping directly to "driver support" and omitting the first step
of "PSA support".

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-29 12:26:47 +02:00
Dave Rodgman
9ac0e72386 Undo not-needed change 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-29 10:39:31 +01:00
Dave Rodgman
ed9c22d533 Remove redundant code 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-29 10:33:49 +01:00
Dave Rodgman
3572bde9c9 Assume get_num_ops cannot fail 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-28 19:33:15 +01:00
Dave Rodgman
fe43d12f60 Always call get_num_ops 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-28 18:46:11 +01:00
Dave Rodgman
b51f3da354
Merge pull request #8264 from mpg/follow-up-8075 
Follow up to 8075
 2023-09-28 17:32:12 +00:00
Dave Rodgman
2bc38a6dfe Fix return type 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-28 18:15:58 +01:00
Dave Rodgman
9329252620 Fix IAR statement is unreachable warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-28 18:14:53 +01:00
Dave Rodgman
90330a4a2d Fix IAR control bypasses initialisation warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-28 18:13:46 +01:00
Dave Rodgman
321c7e9ed9 Fix error handling in psa_driver_wrapper_xxx_hash_get_num_ops 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-28 18:07:25 +01:00
Dave Rodgman
02a53d7bef Fix IAR pointless integer comparison 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-28 17:19:50 +01:00
Dave Rodgman
7e9af05409 Fix IAR control bypasses initialisation warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-28 17:08:49 +01:00
Dave Rodgman
73d8591f7f Fix IAR change of sign warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-28 17:00:50 +01:00
Gilles Peskine
42f8d5f0c9
Merge pull request #8261 from Mbed-TLS/fix-cmake-header-include 
Add CMake include path for generated header
 2023-09-28 15:16:15 +00:00
Manuel Pégourié-Gonnard
3b2357cdca Remove components that partially accelerate ECC keys 
These are build-only components so this was never supported for sure.

Let's stick to what's really tested for now, and expand later (with
proper testing!) if there's demand for more flexibility.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 16:56:12 +02:00
Manuel Pégourié-Gonnard
680b48e6b5 Update list of ECC key types in user-config-for-test.h 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 16:52:44 +02:00
Gilles Peskine
3243539f0e
Merge pull request #8242 from mpg/ecc-bn-wrapup 
Driver-only ECC: wrap-up
 2023-09-28 14:34:52 +00:00
David Horstmann
f868d6f4e8 Remove spurious comments 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-09-28 14:01:25 +01:00
Dave Rodgman
3a098e9090
Merge pull request #1084 from daverodgman/update-ct-changelog 
Update padding const-time fix changelog
 2023-09-28 11:34:07 +01:00
David Horstmann
6c979856c3 Remove generated files in all cmake_as_x tests 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-09-28 11:30:43 +01:00
David Horstmann
862abe2d0f Fix lowercase comment start 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-09-28 11:28:20 +01:00
Manuel Pégourié-Gonnard
8c40f3dfad Formatting fixes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 11:06:09 +02:00
Manuel Pégourié-Gonnard
140c08e325 Minor clarifications. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 11:02:37 +02:00