mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-30 06:33:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
31,224 Commits 170 Branches 263 Tags
Commit Graph

13376 Commits

Author SHA1 Message Date
Patrick Wildt
5da4b7d8da Silence gcc 12.2.0 warning 
Unfortunately this compiler complains about a variable potentially being
used un-initialized.  Silence the warning by initializing it to a sane
default.

Signed-off-by: Patrick Wildt <pwildt@google.com>
 2024-05-15 19:07:11 +00:00
Gilles Peskine
bdce65700e
Merge pull request #9067 from gilles-peskine-arm/ssl-opt-server2-detection 
Fix skipped tests in configurations without RSA
 2024-05-15 12:06:31 +00:00
Gilles Peskine
ca73fc6627
Merge pull request #9026 from nileshkale123/fix/redefination_warning_for_gnu_source 
Fixed redefination warning messages for _GNU_SOURCE
 2024-05-06 12:40:49 +00:00
Manuel Pégourié-Gonnard
61734ec61d
Merge pull request #9073 from valeriosetti/issue9068 
Undefined reference to mbedtls_md_error_from_psa() function
 2024-05-03 07:52:37 +00:00
Gilles Peskine
9791ee9296
Merge pull request #8538 from Ryan-Everett-arm/8537-fix-error-handling-for-secure-element-keys-in-psa_start_key_creation 
Fix error handling for secure element keys in `psa_start_key_creation`
 2024-05-02 16:06:07 +00:00
Gilles Peskine
fa8fc2705a
Merge pull request #9069 from Ryan-Everett-arm/fix-get-and-lock-key-slot-threading-bug 
Wipe the returned slot pointer upon failure in `psa_get_and_lock_key_slot`
 2024-05-02 15:48:21 +00:00
Andre Goddard Rosa
d0a1691b99 Remove unnecessary cast 
Signed-off-by: Andre Goddard Rosa <andre.goddard@gmail.com>
Signed-off-by: Andre Goddard Rosa <agoddardrosa@roku.com>
 2024-05-01 12:44:02 -05:00
Andre Goddard Rosa
30666d478b Add invalid padding_len check in get_pkcs_padding 
When trying to decrypt data with an invalid key, we found that `mbedtls`
returned `0x6200` (`-25088`), which means "_CIPHER - Input data contains
invalid padding and is rejected_" from `mbedtls_cipher_finish`, but it also
set the output len as `18446744073709551516`.

In case we detect an error with padding, we leave the output len zero'ed
and return `MBEDTLS_ERR_CIPHER_INVALID_PADDING`. I believe that the current
test cases are sufficient, as they fail if I return the alternative code
`MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA`, so they do already expect a padding
failure, but now we don't change the output len in the error case.

Here's a reference for the way `openssl` checks the padding length:
  - 1848c561ec/crypto/evp/evp_enc.c (L1023)
  - b554eef43b

Signed-off-by: Andre Goddard Rosa <andre.goddard@gmail.com>
Signed-off-by: Andre Goddard Rosa <agoddardrosa@roku.com>
 2024-05-01 12:02:14 -05:00
Gilles Peskine
489688c0f7
Merge pull request #9065 from paul-elliott-arm/fix_ubsan_mp_aead_gcm 
Add early exit if zero length AEAD additional data passed in.
 2024-04-30 09:48:20 +00:00
Valerio Setti
28cc31c9d5 md: fix guards for mbedtls_md_error_from_psa() 
This should be CRYPTO_CLIENT and not CRYPTO_C as this function
can be used even when CRYPTO_C is not defined.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-30 10:49:00 +02:00
nilesh.kale
d338d0156f Fixed issue of redefinition warning messages for _GNU_SOURCE 
Signed-off-by: nilesh.kale <nilesh.kale@espressif.com>
 2024-04-30 08:24:47 +05:30
Ryan Everett
925b2d76f4 Clarify psa_get_and_lock_key_slot return behaviour 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-04-29 18:29:48 +01:00
Ryan Everett
04e2b04f7f Explicitly document return behaviour 
A bug existed previously where this guarantee was not met,
causing some issues in multi-threaded code.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-04-29 18:26:19 +01:00
Ryan Everett
dd90507dc6 Fix potential non-NULL slot return on failure 
If psa_get_and_lock_key_slot fails, the slot must be wiped.
This fixes a bug where a pointer to some valid key slot can
be incorrectly returned

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-04-29 18:24:58 +01:00
Gilles Peskine
dde67bbb5a Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled 
It isn't detected on the CI because we only test this with an ancient Clang
that doesn't warn. Old GCC, modern GCC and modern Clang do
warn (-Wunused-but-set-variable).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-29 12:38:16 +02:00
Manuel Pégourié-Gonnard
024d3daa7d
Merge pull request #8986 from valeriosetti/issue8871 
Improve test key generation in test_suite_pk
 2024-04-29 09:25:37 +00:00
Paul Elliott
a3daff47d8 Add early exit if zero length AEAD AD passed in. 
With multipart AEAD, if we attempt to add zero length additional data,
then with the buffer sharing fixes this can now lead to undefined
behaviour when using gcm. Fix this by returning early, as there is
nothing to do if the input length is zero.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-04-26 18:47:40 +01:00
Gilles Peskine
bee96566da
Merge pull request #8999 from tom-cosgrove-arm/fix-compilation-when-memcpy-is-function-like-macro 
Fix compilation when memcpy() is a function-like macro
 2024-04-09 11:34:46 +00:00
Manuel Pégourié-Gonnard
a4b773d3bb
Merge pull request #6955 from inorick/nofa_no_session_tickets 
Guard ticket specific TLS 1.3 function with macro
 2024-04-08 08:56:17 +00:00
Ronald Cron
233fcaadbf tls13: Do not initiate at all resumption if tickets not supported 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-04 15:52:40 +02:00
Bence Szépkúti
a376f84eb1
Merge pull request #8937 from valeriosetti/issue8712 
Clarify the documentation of mbedtls_pk_setup_opaque
 2024-04-04 13:40:57 +00:00
Troy-Butler
da73abc8d7 Fix NULL handling in mbedtls_ssl_config.free() function 
Signed-off-by: Troy-Butler <squintik@outlook.com>
 2024-04-02 13:37:31 -04:00
Ronald Cron
cf47a15e96 ssl_msg.c: Rename _check_new_session_ticket to _is_new_session_ticket 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-02 17:46:52 +02:00
Tom Cosgrove
a2c45dc713 Fix compilation of ssl_tls13_generic.c when memcpy() is a function-like macro 
Fixes #8994

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2024-04-02 14:51:47 +01:00
Valerio Setti
390f276822 pk: fix unused variable in copy_from_psa() 
key_bits is unused when neither MBEDTLS_RSA_C or MBEDTLS_PK_HAVE_ECC_KEYS
are defined.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-02 11:31:33 +02:00
Paul Elliott
30978ec650
Merge pull request #8874 from stevenwdv/development 
Fix compilation on macOS without apple-clang
 2024-03-29 13:59:36 +00:00
Minos Galanakis
9860056006 Revert "Autogenerated files for 3.6.0" 
This reverts commit e8a6833b2878f1c08b8f96fe35e2812367e32ef3.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-27 17:36:15 +00:00
Ronald Cron
7df18bc210 tls13: cli: Ignore tickets if not supported 
If a TLS 1.3 client receives a ticket and
the feature is not enabled, ignore it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Norbert Fabritius
d36913a58f Constify parameter of ssl_tls13_session_load 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Norbert Fabritius
8ceeff95e9 Enable ssl_tls13_get_ciphersuite_hash_alg only if macro is active 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Norbert Fabritius
d60aef0f1b Unconditionally define session variable 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Ronald Cron
1f045f3a0c tls13: srv: Fix guards of _is_psk_(ephemeral_)available 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 08:22:53 +01:00
Norbert Fabritius
96eed725e1 Guard ticket specific TLS 1.3 function with macro 
Guard ssl_tls13_write_new_session_ticket_coordinate with
MBEDTLS_SSL_SESSION_TICKETS macro.

Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Troy-Butler
9ac3e23f5d Fix NULL argument handling in mbedtls_xxx_free() functions 
Signed-off-by: Troy-Butler <squintik@outlook.com>
 2024-03-22 14:46:04 -04:00
Minos Galanakis
e8a6833b28 Autogenerated files for 3.6.0 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 16:00:55 +00:00
Valerio Setti
afa6d51442 pk: simplify mbedtls_pk_sign_ext() 
In case of opaque keys skip the check of the supported primary/enrollment
algorithms. Just try to perfom the signature and if the wrapped key
does not support RSA PSS the operation will fail automatically.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-22 14:36:38 +01:00
Minos Galanakis
4492dbd286 Version Bump for 3.6.0 
./scripts/bump_version.sh --version 3.6.0 --so-crypto 16 --so-x509 7  --so-tls 21

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 11:46:25 +00:00
Minos Galanakis
d9d6435bc5 Merge branch 'development-restricted' into mbedtls-3.6.0rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-21 15:44:11 +00:00
Valerio Setti
144c27b0f3 pkwrite: add new internal symbol for the max supported public key DER length 
This is also used in pk_psa_sign() to properly size buffers holding
the public key.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 17:10:35 +01:00
Valerio Setti
d45836a1c3 pk_wrap: fix algorithm selection in rsa_opaque_decrypt() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 15:42:55 +01:00
Minos Galanakis
b70f0fd9a9 Merge branch 'development' into 'development-restricted' 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-19 22:24:40 +00:00
Valerio Setti
4f3262de2d pk_wrap: fix algorithm selection in rsa_opaque_sign_wrap() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Ronald Cron
a5c5c58107 tls13: srv: Fix potential stack buffer overread 
Fix potential stack buffer overread when
checking PSK binders.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-19 14:46:21 +01:00
Steven WdV
9f0858db30 Check C/C++ compilers separately for AppleClang ranlib 
Signed-off-by: Steven WdV <swdv@cs.ru.nl>
 2024-03-19 11:39:44 +01:00
Valerio Setti
07500fd874 pk: check PK context type in mbedtls_pk_verify_ext() before trying RSA PSS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-18 16:22:33 +01:00
Paul Elliott
78064ac9e0
Merge pull request #8901 from paul-elliott-arm/make_psa_global_data_safe 
Make PSA global_data thread safe
 2024-03-15 19:50:01 +00:00
Paul Elliott
b24e36d07b Add explanatory comment for init flags 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 16:25:48 +00:00
Paul Elliott
d35dce6e23 Add comments about RNG mutex requirements 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 16:06:20 +00:00
Paul Elliott
0db6a9033a Start subsystem IDs at 1 instead of 0 
Catch potential invalid calls to init.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 16:06:20 +00:00
Paul Elliott
78279962d6 Fix minor style issues 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 13:34:01 +00:00