mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-29 12:32:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,835 Commits 170 Branches 263 Tags
Commit Graph

13320 Commits

Author SHA1 Message Date
Gilles Peskine
bdce65700e
Merge pull request #9067 from gilles-peskine-arm/ssl-opt-server2-detection 
Fix skipped tests in configurations without RSA
 2024-05-15 12:06:31 +00:00
Gilles Peskine
ca73fc6627
Merge pull request #9026 from nileshkale123/fix/redefination_warning_for_gnu_source 
Fixed redefination warning messages for _GNU_SOURCE
 2024-05-06 12:40:49 +00:00
Manuel Pégourié-Gonnard
61734ec61d
Merge pull request #9073 from valeriosetti/issue9068 
Undefined reference to mbedtls_md_error_from_psa() function
 2024-05-03 07:52:37 +00:00
Gilles Peskine
9791ee9296
Merge pull request #8538 from Ryan-Everett-arm/8537-fix-error-handling-for-secure-element-keys-in-psa_start_key_creation 
Fix error handling for secure element keys in `psa_start_key_creation`
 2024-05-02 16:06:07 +00:00
Gilles Peskine
fa8fc2705a
Merge pull request #9069 from Ryan-Everett-arm/fix-get-and-lock-key-slot-threading-bug 
Wipe the returned slot pointer upon failure in `psa_get_and_lock_key_slot`
 2024-05-02 15:48:21 +00:00
Gilles Peskine
489688c0f7
Merge pull request #9065 from paul-elliott-arm/fix_ubsan_mp_aead_gcm 
Add early exit if zero length AEAD additional data passed in.
 2024-04-30 09:48:20 +00:00
Valerio Setti
28cc31c9d5 md: fix guards for mbedtls_md_error_from_psa() 
This should be CRYPTO_CLIENT and not CRYPTO_C as this function
can be used even when CRYPTO_C is not defined.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-30 10:49:00 +02:00
nilesh.kale
d338d0156f Fixed issue of redefinition warning messages for _GNU_SOURCE 
Signed-off-by: nilesh.kale <nilesh.kale@espressif.com>
 2024-04-30 08:24:47 +05:30
Ryan Everett
925b2d76f4 Clarify psa_get_and_lock_key_slot return behaviour 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-04-29 18:29:48 +01:00
Ryan Everett
04e2b04f7f Explicitly document return behaviour 
A bug existed previously where this guarantee was not met,
causing some issues in multi-threaded code.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-04-29 18:26:19 +01:00
Ryan Everett
dd90507dc6 Fix potential non-NULL slot return on failure 
If psa_get_and_lock_key_slot fails, the slot must be wiped.
This fixes a bug where a pointer to some valid key slot can
be incorrectly returned

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-04-29 18:24:58 +01:00
Gilles Peskine
dde67bbb5a Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled 
It isn't detected on the CI because we only test this with an ancient Clang
that doesn't warn. Old GCC, modern GCC and modern Clang do
warn (-Wunused-but-set-variable).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-29 12:38:16 +02:00
Manuel Pégourié-Gonnard
024d3daa7d
Merge pull request #8986 from valeriosetti/issue8871 
Improve test key generation in test_suite_pk
 2024-04-29 09:25:37 +00:00
Paul Elliott
a3daff47d8 Add early exit if zero length AEAD AD passed in. 
With multipart AEAD, if we attempt to add zero length additional data,
then with the buffer sharing fixes this can now lead to undefined
behaviour when using gcm. Fix this by returning early, as there is
nothing to do if the input length is zero.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-04-26 18:47:40 +01:00
Gilles Peskine
bee96566da
Merge pull request #8999 from tom-cosgrove-arm/fix-compilation-when-memcpy-is-function-like-macro 
Fix compilation when memcpy() is a function-like macro
 2024-04-09 11:34:46 +00:00
Manuel Pégourié-Gonnard
a4b773d3bb
Merge pull request #6955 from inorick/nofa_no_session_tickets 
Guard ticket specific TLS 1.3 function with macro
 2024-04-08 08:56:17 +00:00
Ronald Cron
233fcaadbf tls13: Do not initiate at all resumption if tickets not supported 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-04 15:52:40 +02:00
Bence Szépkúti
a376f84eb1
Merge pull request #8937 from valeriosetti/issue8712 
Clarify the documentation of mbedtls_pk_setup_opaque
 2024-04-04 13:40:57 +00:00
Ronald Cron
cf47a15e96 ssl_msg.c: Rename _check_new_session_ticket to _is_new_session_ticket 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-02 17:46:52 +02:00
Tom Cosgrove
a2c45dc713 Fix compilation of ssl_tls13_generic.c when memcpy() is a function-like macro 
Fixes #8994

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2024-04-02 14:51:47 +01:00
Valerio Setti
390f276822 pk: fix unused variable in copy_from_psa() 
key_bits is unused when neither MBEDTLS_RSA_C or MBEDTLS_PK_HAVE_ECC_KEYS
are defined.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-02 11:31:33 +02:00
Paul Elliott
30978ec650
Merge pull request #8874 from stevenwdv/development 
Fix compilation on macOS without apple-clang
 2024-03-29 13:59:36 +00:00
Minos Galanakis
9860056006 Revert "Autogenerated files for 3.6.0" 
This reverts commit e8a6833b2878f1c08b8f96fe35e2812367e32ef3.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-27 17:36:15 +00:00
Ronald Cron
7df18bc210 tls13: cli: Ignore tickets if not supported 
If a TLS 1.3 client receives a ticket and
the feature is not enabled, ignore it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Norbert Fabritius
d36913a58f Constify parameter of ssl_tls13_session_load 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Norbert Fabritius
8ceeff95e9 Enable ssl_tls13_get_ciphersuite_hash_alg only if macro is active 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Norbert Fabritius
d60aef0f1b Unconditionally define session variable 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Ronald Cron
1f045f3a0c tls13: srv: Fix guards of _is_psk_(ephemeral_)available 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 08:22:53 +01:00
Norbert Fabritius
96eed725e1 Guard ticket specific TLS 1.3 function with macro 
Guard ssl_tls13_write_new_session_ticket_coordinate with
MBEDTLS_SSL_SESSION_TICKETS macro.

Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Minos Galanakis
e8a6833b28 Autogenerated files for 3.6.0 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 16:00:55 +00:00
Valerio Setti
afa6d51442 pk: simplify mbedtls_pk_sign_ext() 
In case of opaque keys skip the check of the supported primary/enrollment
algorithms. Just try to perfom the signature and if the wrapped key
does not support RSA PSS the operation will fail automatically.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-22 14:36:38 +01:00
Minos Galanakis
4492dbd286 Version Bump for 3.6.0 
./scripts/bump_version.sh --version 3.6.0 --so-crypto 16 --so-x509 7  --so-tls 21

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 11:46:25 +00:00
Minos Galanakis
d9d6435bc5 Merge branch 'development-restricted' into mbedtls-3.6.0rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-21 15:44:11 +00:00
Valerio Setti
144c27b0f3 pkwrite: add new internal symbol for the max supported public key DER length 
This is also used in pk_psa_sign() to properly size buffers holding
the public key.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 17:10:35 +01:00
Valerio Setti
d45836a1c3 pk_wrap: fix algorithm selection in rsa_opaque_decrypt() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 15:42:55 +01:00
Minos Galanakis
b70f0fd9a9 Merge branch 'development' into 'development-restricted' 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-19 22:24:40 +00:00
Valerio Setti
4f3262de2d pk_wrap: fix algorithm selection in rsa_opaque_sign_wrap() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Ronald Cron
a5c5c58107 tls13: srv: Fix potential stack buffer overread 
Fix potential stack buffer overread when
checking PSK binders.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-19 14:46:21 +01:00
Steven WdV
9f0858db30 Check C/C++ compilers separately for AppleClang ranlib 
Signed-off-by: Steven WdV <swdv@cs.ru.nl>
 2024-03-19 11:39:44 +01:00
Valerio Setti
07500fd874 pk: check PK context type in mbedtls_pk_verify_ext() before trying RSA PSS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-18 16:22:33 +01:00
Paul Elliott
78064ac9e0
Merge pull request #8901 from paul-elliott-arm/make_psa_global_data_safe 
Make PSA global_data thread safe
 2024-03-15 19:50:01 +00:00
Paul Elliott
b24e36d07b Add explanatory comment for init flags 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 16:25:48 +00:00
Paul Elliott
d35dce6e23 Add comments about RNG mutex requirements 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 16:06:20 +00:00
Paul Elliott
0db6a9033a Start subsystem IDs at 1 instead of 0 
Catch potential invalid calls to init.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 16:06:20 +00:00
Paul Elliott
78279962d6 Fix minor style issues 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 13:34:01 +00:00
Waleed Elmelegy
4dfb0e7c90 Add ALPN checking when accepting early data 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-15 12:12:15 +00:00
Waleed Elmelegy
131b2ffd89 Fix bug in ALPN negotiating 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-15 12:12:15 +00:00
Ronald Cron
6bee910dbd
Merge pull request #8858 from waleed-elmelegy-arm/add_alpn_to_session 
Add ALPN information in session tickets
 2024-03-15 09:50:24 +00:00
Gilles Peskine
7b333f1e88
Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime 
TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime
 2024-03-14 15:59:25 +00:00
Gilles Peskine
1c5ebf4352
Merge pull request #8697 from BensonLiou/random_bye_on_hrr 
Do not generate new random number while receiving HRR
 2024-03-14 15:59:21 +00:00