mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-10 13:14:30 +00:00

Author	SHA1	Message	Date
Gilles Peskine	b69757ab61	Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled It isn't detected on the CI because we only test this with an ancient Clang that doesn't warn. Old GCC, modern GCC and modern Clang do warn (-Wunused-but-set-variable). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-05-14 12:06:20 +02:00
Gilles Peskine	c4f4ff9210	Merge pull request #9085 from nileshkale123/fix/redefinition_warning_for_gnu_source_backport_3.6 Backport 3.6: Fixed issue of redefinition warning messages for _GNU_SOURCE	2024-05-06 12:40:45 +00:00
Manuel Pégourié-Gonnard	67a92b7442	Merge pull request #9090 from valeriosetti/issue9068-backport [Backport 3.6] Undefined reference to mbedtls_md_error_from_psa() function	2024-05-03 07:52:41 +00:00
Valerio Setti	b82fbf5634	md: fix guards for mbedtls_md_error_from_psa() This should be CRYPTO_CLIENT and not CRYPTO_C as this function can be used even when CRYPTO_C is not defined. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-05-02 18:18:45 +02:00
Gilles Peskine	51e96ad34c	Merge pull request #9074 from Ryan-Everett-arm/8357-fix-3.6 Backport 3.6: Fix error handling for secure element keys in `psa_start_key_creation`	2024-05-02 16:06:09 +00:00
nilesh.kale	2a0a62859c	Fixed issue of redefinition warning messages for _GNU_SOURCE Signed-off-by: nilesh.kale <nilesh.kale@espressif.com>	2024-05-02 14:27:44 +05:30
Ryan Everett	1a3573e226	Clarify psa_get_and_lock_key_slot return behaviour Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-04-30 14:09:43 +01:00
Ryan Everett	231f15ba11	Explicitly document return behaviour A bug existed previously where this guarantee was not met, causing some issues in multi-threaded code. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-04-30 14:09:43 +01:00
Ryan Everett	d4ea40de44	Fix potential non-NULL slot return on failure If psa_get_and_lock_key_slot fails, the slot must be wiped. This fixes a bug where a pointer to some valid key slot can be incorrectly returned Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-04-30 14:09:43 +01:00
Ryan Everett	b5a20d3bc5	Fix error handling for secure element keys in `psa_start_key_creation` Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-04-30 11:17:04 +01:00
Gilles Peskine	3dbb502098	Merge pull request #9066 from paul-elliott-arm/fix_ubsan_mp_aead_gcm_3.6 [Backport 3.6] Add early exit if zero length AEAD additional data passed in.	2024-04-30 09:48:24 +00:00
Paul Elliott	304766ffa8	Add early exit if zero length AEAD AD passed in. With multipart AEAD, if we attempt to add zero length additional data, then with the buffer sharing fixes this can now lead to undefined behaviour when using gcm. Fix this by returning early, as there is nothing to do if the input length is zero. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-04-26 19:20:45 +01:00
Valerio Setti	4a350cac4f	pk: fix unused variable in copy_from_psa() key_bits is unused when neither MBEDTLS_RSA_C or MBEDTLS_PK_HAVE_ECC_KEYS are defined. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-04-17 05:28:36 +02:00
Gilles Peskine	974006b00d	Merge pull request #9000 from tom-cosgrove-arm/fix-compilation-when-memcpy-is-function-like-macro-3.6 Backport 3.6: Fix compilation when memcpy() is a function-like macro	2024-04-09 11:34:51 +00:00
Ronald Cron	8d63084bd1	tls13: Do not initiate at all resumption if tickets not supported Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-04-05 14:16:32 +02:00
Ronald Cron	698c8e902e	ssl_msg.c: Rename _check_new_session_ticket to _is_new_session_ticket Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-04-05 14:16:32 +02:00
Ronald Cron	6071f611f6	tls13: cli: Ignore tickets if not supported If a TLS 1.3 client receives a ticket and the feature is not enabled, ignore it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-04-05 14:16:32 +02:00
Norbert Fabritius	93b2c32ece	Constify parameter of ssl_tls13_session_load Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>	2024-04-05 14:16:31 +02:00
Norbert Fabritius	ba1de9fa4e	Enable ssl_tls13_get_ciphersuite_hash_alg only if macro is active Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>	2024-04-05 14:16:31 +02:00
Norbert Fabritius	b6ff6101d9	Unconditionally define session variable Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>	2024-04-05 14:16:31 +02:00
Ronald Cron	5e297b984d	tls13: srv: Fix guards of _is_psk_(ephemeral_)available Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-04-05 14:16:31 +02:00
Norbert Fabritius	da0d169fae	Guard ticket specific TLS 1.3 function with macro Guard ssl_tls13_write_new_session_ticket_coordinate with MBEDTLS_SSL_SESSION_TICKETS macro. Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>	2024-04-05 14:16:31 +02:00
Bence Szépkúti	ec17c1c1ab	Merge pull request #9005 from valeriosetti/issue8712-backport [Backport 3.6] Clarify the documentation of mbedtls_pk_setup_opaque	2024-04-04 13:41:15 +00:00
Valerio Setti	a53f54350e	pk: simplify mbedtls_pk_sign_ext() In case of opaque keys skip the check of the supported primary/enrollment algorithms. Just try to perfom the signature and if the wrapped key does not support RSA PSS the operation will fail automatically. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-04-04 09:42:01 +02:00
Tom Cosgrove	b32d7ae0fe	Fix compilation of ssl_tls13_generic.c when memcpy() is a function-like macro Fixes #8994 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2024-04-02 14:52:29 +01:00
Paul Elliott	30978ec650	Merge pull request #8874 from stevenwdv/development Fix compilation on macOS without apple-clang	2024-03-29 13:59:36 +00:00
Minos Galanakis	9860056006	Revert "Autogenerated files for 3.6.0" This reverts commit e8a6833b2878f1c08b8f96fe35e2812367e32ef3. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-27 17:36:15 +00:00
Minos Galanakis	e8a6833b28	Autogenerated files for 3.6.0 Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-22 16:00:55 +00:00
Minos Galanakis	4492dbd286	Version Bump for 3.6.0 ./scripts/bump_version.sh --version 3.6.0 --so-crypto 16 --so-x509 7 --so-tls 21 Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-22 11:46:25 +00:00
Minos Galanakis	d9d6435bc5	Merge branch 'development-restricted' into mbedtls-3.6.0rc0-pr Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-21 15:44:11 +00:00
Valerio Setti	144c27b0f3	pkwrite: add new internal symbol for the max supported public key DER length This is also used in pk_psa_sign() to properly size buffers holding the public key. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-20 17:10:35 +01:00
Valerio Setti	d45836a1c3	pk_wrap: fix algorithm selection in rsa_opaque_decrypt() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-20 15:42:55 +01:00
Minos Galanakis	b70f0fd9a9	Merge branch 'development' into 'development-restricted' Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-19 22:24:40 +00:00
Valerio Setti	4f3262de2d	pk_wrap: fix algorithm selection in rsa_opaque_sign_wrap() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-19 15:55:32 +01:00
Ronald Cron	a5c5c58107	tls13: srv: Fix potential stack buffer overread Fix potential stack buffer overread when checking PSK binders. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-19 14:46:21 +01:00
Steven WdV	9f0858db30	Check C/C++ compilers separately for AppleClang ranlib Signed-off-by: Steven WdV <swdv@cs.ru.nl>	2024-03-19 11:39:44 +01:00
Valerio Setti	07500fd874	pk: check PK context type in mbedtls_pk_verify_ext() before trying RSA PSS Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-18 16:22:33 +01:00
Paul Elliott	78064ac9e0	Merge pull request #8901 from paul-elliott-arm/make_psa_global_data_safe Make PSA global_data thread safe	2024-03-15 19:50:01 +00:00
Paul Elliott	b24e36d07b	Add explanatory comment for init flags Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-15 16:25:48 +00:00
Paul Elliott	d35dce6e23	Add comments about RNG mutex requirements Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-15 16:06:20 +00:00
Paul Elliott	0db6a9033a	Start subsystem IDs at 1 instead of 0 Catch potential invalid calls to init. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-15 16:06:20 +00:00
Paul Elliott	78279962d6	Fix minor style issues Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-15 13:34:01 +00:00
Waleed Elmelegy	4dfb0e7c90	Add ALPN checking when accepting early data Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-03-15 12:12:15 +00:00
Waleed Elmelegy	131b2ffd89	Fix bug in ALPN negotiating Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-03-15 12:12:15 +00:00
Ronald Cron	6bee910dbd	Merge pull request #8858 from waleed-elmelegy-arm/add_alpn_to_session Add ALPN information in session tickets	2024-03-15 09:50:24 +00:00
Gilles Peskine	7b333f1e88	Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime	2024-03-14 15:59:25 +00:00
Gilles Peskine	1c5ebf4352	Merge pull request #8697 from BensonLiou/random_bye_on_hrr Do not generate new random number while receiving HRR	2024-03-14 15:59:21 +00:00
David Horstmann	4a48becdba	Invert and rename config option Replace MBEDTLS_PSA_COPY_CALLER_BUFFERS with inverse: !MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. This ensures that buffer protection is enabled by default without any change to the Mbed TLS config file. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-14 14:47:48 +00:00
Gilles Peskine	93b305dc8e	tls13: Use a flag not a counter for CCS and HRR handling Reconcile with 5fbd27055d15c8ac234a229389ff4e31977487a0 on another branch Signed-off-by: Gilles Peskine <gilles.peskine@arm.com>	2024-03-14 15:05:09 +01:00
Gilles Peskine	91f7e07c63	Merge pull request #1196 from davidhorstmann-arm/buffer-sharing-merge Update development-restricted after buffer-sharing work	2024-03-14 13:28:35 +01:00

1 2 3 4 5 ...

13316 Commits