mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-09 21:40:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
17,750 Commits 170 Branches 263 Tags
Commit Graph

611 Commits

Author SHA1 Message Date
Gilles Peskine
8f28c24b4a Explain the problem in more concrete terms 
Don't try to make the reader guess what a “negative zero” might mean.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-09 20:20:26 +02:00
Gilles Peskine
fd4fab0b24 mbedtls_mpi_read_string("-0") no longer produces a "negative zero" 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-09 17:13:15 +02:00
TRodziewicz
40de3c99c0 Fix Changelog, add separate test functions for hash of all-zero bits 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-07 19:16:18 +02:00
Dave Rodgman
bd069163be Fix line lengths in changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-07 16:38:31 +01:00
Dave Rodgman
73e3e2cb1a Merge remote-tracking branch 'origin/development' into development_new 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

Conflicts:
        include/mbedtls/check_config.h: nearby edits
	library/entropy.c: nearby edits
	programs/random/gen_random_havege.c: modification vs. removal
	programs/ssl/ssl_test_lib.h: nearby edits
	programs/test/cpp_dummy_build.cpp: nearby edits
	visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
            regenerated with scripts/generate_visualc_files.pl
 2021-04-07 16:31:09 +01:00
Gilles Peskine
7bc6a3749c
Merge pull request #3183 from meuter/development 
RSA PSS signature generation with the option to specify the salt length
 2021-04-06 21:36:06 +02:00
TRodziewicz
5feb6702dd Fix the Changelog and extend tests to cover the hash of all-bits zero 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-06 19:56:42 +02:00
Gilles Peskine
889828d0b4
Merge pull request #4279 from ronald-cron-arm/fix-invalid-id-error-code 
Fix error code when creating/registering a key with invalid id
 2021-04-06 18:46:30 +02:00
Ronald Cron
602f986511 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-04-01 14:55:04 +02:00
Gilles Peskine
e8a2fc8461 Enforce dhm_min_bitlen exactly, not just the byte size 
In a TLS client, enforce the Diffie-Hellman minimum parameter size
set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
minimum size was rounded down to the nearest multiple of 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-01 14:20:03 +02:00
Ronald Cron
2af9641a7d
Merge pull request #4198 from maulik-arm/maulik-arm/fix-4162 
PSA Update return code for non-existing key in various key operations
 2021-04-01 13:27:31 +02:00
Maulik Patel
f41be14269 Add Change log entry for bug fix. 
Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
 2021-04-01 10:01:32 +01:00
Gilles Peskine
bf792e0a82
Merge pull request #3616 from militant-daos/bug_3175 
Fix premature fopen() call in mbedtls_entropy_write_seed_file
 2021-03-30 17:33:08 +02:00
Steven Cooreman
a71e369f2d Add changelog entry for #4217 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-29 15:46:55 +02:00
Manuel Pégourié-Gonnard
4dfb83c0d7
Merge pull request #4164 from chris-jones-arm/move-internal-headers 
Unify internal headers in library/
 2021-03-29 11:18:54 +02:00
Chris Jones
8d2bc90b4e Add changelog entry for alt implementors 
Files available for use by alt implementations have been moved and renamed
so alt implementators should be told about the changes specific to them.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
 2021-03-19 15:17:23 +00:00
Chris Jones
d02f4c2e44 Reword move_internal_headers changelog entry 
Reword the changelog entry to tailor it for users of the library as
opposed to developers of the library.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
 2021-03-19 15:15:18 +00:00
TRodziewicz
782a7eab14 ecjpake_zkp_read() now returns ...BAD_INPUT_DATA when r len == 0 and test follows that 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-03-17 11:36:31 +01:00
Mateusz Starzyk
1aec64642c Remove certs module from mbedtls. 
Certs will be used only by tests and programs.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 15:51:25 +01:00
Mateusz Starzyk
e204dbf272 Drop support for MBEDTLS_SSL_HW_RECORD_ACCEL. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:49:54 +01:00
Mateusz Starzyk
7e37338dda Drop single-DES ciphersuites. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:49:54 +01:00
Mateusz Starzyk
5224e29f0e Drop support for RC4 TLS ciphersuites. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:49:54 +01:00
Mateusz Starzyk
a3a9984a5d Drop support for TLS record-level compression. 
Remove option MBEDTLS_ZLIB_SUPPORT.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:49:51 +01:00
Mateusz Starzyk
2012ed7560 Drop support for compatibility with our own previous buggy implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT). 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:19:09 +01:00
Mateusz Starzyk
06b07fb839 Drop support for SSLv3. 
Remove options: MBEDTLS_SSL_MINOR_VERSION_0 and
MBEDTLS_SSL_PROTO_SSL3).

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:19:05 +01:00
Ryan LaPointe
59244e87e1 Actually use the READ_TIMEOUT_MS in the sample DTLS client and server 
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
 2021-03-15 16:43:08 -04:00
Mateusz Starzyk
9e9ca1a738 Drop support for parsing SSLv2 ClientHello. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-15 11:40:28 +01:00
Dave Rodgman
e483a77c85
Merge pull request #816 from ARMmbed/development 
Merge recent commits from development into 2.26.0-rc
 2021-03-12 16:55:26 +00:00
Chris Jones
ca38fabf0c Add move_internal_headers changelog 
Signed-off-by: Chris Jones <christopher.jones@arm.com>
 2021-03-12 09:57:26 +00:00
Paul Elliott
9907e2c334 Improve wording of ChangeLog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-03-10 17:14:10 +00:00
Paul Elliott
3949065aef Fix incorrect case in changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-03-10 17:00:32 +00:00
Paul Elliott
6f21e11265 Add Changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-03-10 17:00:32 +00:00
paul-elliott-arm
0135516d55
Merge pull request #4203 from paul-elliott-arm/memsan_fix_build 
Fix memsan build with Clang 11
 2021-03-09 16:31:31 +00:00
Dave Rodgman
74755e484c Update Changelog for 2.26.0 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-03-08 18:35:44 +00:00
Dave Rodgman
b4fe1053e4 Add missing changelog entry 
Add missing changelog entry for 3698: Mark basic constraints critical
as appropriate.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-03-08 18:34:24 +00:00
Dave Rodgman
2d83ac100d Add a missing changelog entry 
Add a missing changelog entry for #3996: Allow loading external wrapped
keys.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-03-08 18:34:16 +00:00
Dave Rodgman
5cce6a24d0 Merge branch 'development-restricted' into mbedtls-2.26.0-rc 2021-03-08 17:01:24 +00:00
Gilles Peskine
e252868be4
Merge pull request #4067 from stevew817/feature/allow_multilength_aead 
Add support for key policies (MAC & AEAD)
 2021-03-08 15:04:17 +01:00
Paul Elliott
fb91a48616 Fix memsan build with clang 11 
Memsan build was reporting a false positive use of uninitialised memory
in x509_crt.c on a struct filled by an _stat function call. According to
the man pages, the element reported has to be filled in by the call, so
to be safe, and keep memsan happy, zero the struct first.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-03-05 14:24:03 +00:00
TRodziewicz
9edff740e1 Fix EC J-PAKE failing when the payload is all-bits-zero 
Fix function mbedtls_ecp_mul_shortcuts() to skip multiplication when m
is 0 and simply assignt 0 to R. Additionally fix ecjpake_zkp_read() to
return MBEDTLS_ERR_ECP_INVALID_KEY when the above condintion is met.

Fix #1792

Signed-off-by: TRodziewicz <rodziewicz@gmail.com>
 2021-03-04 18:19:48 +01:00
Paul Elliott
a5dce14291 Fixup changelog formatting 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-03-04 14:24:57 +00:00
Mateusz Starzyk
7d48b28218 Remove 1.3 to 2.0 transition helpers files. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-03 11:00:34 +01:00
Steven Cooreman
7de9e2db1f Language / verbiage fixes 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-01 16:03:39 +01:00
Steven Cooreman
5d81481a1c Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.data
 2021-03-01 16:00:31 +01:00
Steven Cooreman
caad49316b rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-01 16:00:31 +01:00
Steven Cooreman
ee18b1f5a4 Style and language updates after review 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-01 16:00:31 +01:00
Steven Cooreman
b3ce8156ce Add support for minimum-tag-length AEAD and MAC policies 
Includes tests.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.function
 2021-03-01 16:00:31 +01:00
Gilles Peskine
ddf4374879 Fix stack buffer overflow in net functions with large file descriptor 
Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout() when given a file descriptor that is beyond
FD_SETSIZE. The bug was due to not checking that the file descriptor
is within the range of an fd_set object.

Fix #4169

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-25 15:56:48 +01:00
Paul Elliott
b4e4bfdd00 Add Changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-02-25 10:47:56 +00:00
Gilles Peskine
b15832160b Make entropy double-free work 
Although the library documentation does not guarantee that calling
mbedtls_entropy_free() twice works, it's a plausible assumption and it's
natural to write code that frees an object twice. While this is uncommon for
an entropy context, which is usually a global variable, it came up in our
own unit tests (random_twice tests in test_suite_random).

Announce this in the same changelog entry as for RSA because it's the same
bug in the two modules.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-23 11:27:03 +01:00