mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2024-12-28 06:19:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
32,579 Commits 170 Branches 263 Tags 184 MiB
dfa0107a71
Commit Graph

1602 Commits

Author SHA1 Message Date
Gilles Peskine
98dd0c1f1c Changelog entry for the RSA memory leak 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-08-21 22:03:16 +02:00
Elena Uziunaite
f72a510590 Edit ChangeLog entry 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-21 11:12:34 +01:00
Elena Uziunaite
16f0e18e41 Update ChangeLog 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-19 12:12:34 +01:00
Waleed Elmelegy
cb0ed88df1 Add change log entry for adding psa_key_agreement() API 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-08-16 14:37:46 +01:00
Manuel Pégourié-Gonnard
8067879c1f
Merge pull request #9313 from sezrab/psa_util_in_builds_without_psa-development 
psa_util.c included in builds without PSA, which can break the build
 2024-08-14 07:16:21 +00:00
Sam Berry
26769f190b Changelog entry 
Signed-off-by: Sam Berry <sam.berry@arm.com>
 2024-08-13 14:40:22 +01:00
Gilles Peskine
0858fdca38
Merge pull request #9189 from misch7/fix-v3.6-issues-9186-and-9188 
Fix build of v3.6 (issues #9186 and #9188)
 2024-08-12 09:34:17 +00:00
Bence Szépkúti
88f3dd9f78
Merge pull request #9402 from tom-daubney-arm/remove_function_level_alt_interface 
Remove function level alt interface
 2024-08-09 17:59:51 +00:00
Gilles Peskine
75fd2401e5 Changelog entry for MBEDTLS_PSA_KEY_STORE_DYNAMIC 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-08-09 15:41:11 +02:00
Michael Schuster
7e39028628 Fix build of v3.6 with unset MBEDTLS_DHM_C but MBEDTLS_USE_PSA_CRYPTO set (fixes #9188) 
Avoid compiler warning about size comparison (like in commit 7910cdd):

Clang builds fail, warning about comparing uint8_t to a size that may be >255.

Signed-off-by: Michael Schuster <michael@schuster.ms>
 2024-08-09 10:27:44 +01:00
Michael Schuster
4394067071 Fix server mode only build of v3.6 with MBEDTLS_SSL_CLI_C unset (fixes #9186) 
Signed-off-by: Michael Schuster <michael@schuster.ms>
 2024-08-09 10:27:44 +01:00
Minos Galanakis
123a625386 Resolved merge conflicts caused by file moved in #8226 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-08-08 14:11:53 +01:00
Gilles Peskine
1e65e64565 Fix overlap between volatile keys and built-in keys 
Fix interference between PSA volatile keys and built-in keys
when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and
MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. This overlap used to make it
possible that a volatile key would receive the identifier of a built-in key,
and is now caught by a static assertion.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-08-07 12:39:05 +02:00
Gilles Peskine
b0b1b32914 Prevent mbedtls_psa_register_se_key with volatile keys 
mbedtls_psa_register_se_key() is not usable with volatile keys, since there
is no way to return the implementation-chosen key identifier which would be
needed to use the key. Document this limitation. Reject an attempt to create
such an unusable key. Fixes #9253.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-08-07 12:39:05 +02:00
Thomas Daubney
2f1bebd551 Add newline to ChangeLog entry 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-08-06 15:20:07 +01:00
Thomas Daubney
5db9027d3f Add ChangeLog entry 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-08-06 15:20:06 +01:00
Gilles Peskine
3077f2f9c6 Remove experimental, superseded function psa_generate_key_ext 
Remove the experimental functions psa_generate_key_ext() and
psa_key_derivation_output_key_ext(), which require a flexible array member
and therefore break C++ code that includes Mbed TLS headers. They have been
replaced by psa_generate_key_custom() and
psa_key_derivation_output_key_custom().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-08-05 15:52:37 +02:00
Gilles Peskine
b0cc2ad6bd Changelog entry for the move from key_ext to key_custom functions 
Document psa_generate_key_ext() and psa_key_derivation_output_key_ext() as
deprecated in favor of psa_generate_key_custom() and
psa_key_derivation_output_key_custom(), and no longer declared in C++ builds.

Resolves #9020.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-08-05 15:49:22 +02:00
Gilles Peskine
726e57f6f0
Merge pull request #1249 from gilles-peskine-arm/psa-drbg-no-hmac-document 
Document that MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not force HMAC
 2024-07-31 16:47:27 +02:00
Manuel Pégourié-Gonnard
b59bf585ac
Merge pull request #1247 from gilles-peskine-arm/ecdsa-conversion-overflow 
Fix stack buffer overflow in ECDSA signature format conversions
 2024-07-31 12:39:32 +02:00
Gilles Peskine
c971d80faa
Merge pull request #9315 from gilles-peskine-arm/psa_cipher_decrypt-ccm_star-iv_length_enforcement 
psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes
 2024-07-04 14:39:25 +00:00
Gilles Peskine
868d2524b8 Document that MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not force HMAC 
MBEDTLS_PSA_HMAC_DRBG_MD_TYPE was documented and announced as causing the
PSA DRBG to be HMAC_DRBG. However, that was never actually implemented:
CTR_DRBG is prioritized if enabled.

Since there is a simple workaround of disabling MBEDTLS_CTR_DRBG_C if you
want to use HMAC_DRBG, we have decided to accept the actual behavior and fix
the documentation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-07-02 16:31:28 +02:00
Gilles Peskine
a9e7ac9811 Improve description of who is affected 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-27 10:59:55 +02:00
Gilles Peskine
6bba0a8355 Fix stack buffer overflow in ECDSA signature format conversions 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-27 08:55:56 +02:00
Gilles Peskine
7b6ddfcd25 psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes 
Credit to Cryptofuzz. Fixes #9314.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-26 13:16:33 +02:00
Ronald Cron
f0481f562a
Merge pull request #9258 from tom-daubney-arm/drop_padlock_support 
Drop support for VIA Padlock
 2024-06-26 07:36:04 +00:00
Thomas Daubney
e92adafd2d Remove mention of driver from ChangeLog 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-06-25 16:48:04 +01:00
Thomas Daubney
197536d13a Improve ChangeLog wording 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-06-25 15:19:40 +01:00
Paul Elliott
d9392f0fdd
Merge pull request #9250 from eleuzi01/bug-9029 
Fix compiler warnings in test_suite_pk.function
 2024-06-24 10:41:55 +00:00
Manuel Pégourié-Gonnard
82658eb90c
Merge pull request #9138 from valeriosetti/issue9126 
Do not perform adjustments on legacy crypto from PSA, when MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C
 2024-06-24 07:30:32 +00:00
Valerio Setti
19efa3d016 changelog: add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-06-20 11:06:25 +02:00
Elena Uziunaite
4cfee21779 Changelog Fix 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-06-18 10:25:11 +01:00
Elena Uziunaite
4d9fb8bbdf Add ChangeLog 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-06-17 17:13:51 +01:00
Thomas Daubney
24f81cba97 Improve ChangeLog entry 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-06-17 11:51:52 +01:00
Thomas Daubney
bc935157a7 Fix ChangeLog formatting 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-06-14 13:02:17 +01:00
Thomas Daubney
a8efd81294 Add ChangeLog entry 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-06-14 11:00:51 +01:00
Tom Cosgrove
98ffc8e7c3
Merge pull request #9178 from valeriosetti/fix-psa-cmac 
adjust_legacy_crypto: enable CIPHER_C when PSA CMAC is builtin
 2024-06-03 15:35:32 +00:00
Valerio Setti
7e2ce99400 changelog: add changelog for PSA CMAC fix 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-05-31 14:52:54 +02:00
Gilles Peskine
d2f191adb0 Document that there is now an error for dangerous inclusions 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-05-29 09:44:20 +02:00
Gilles Peskine
fef877f51f Belated changelog entry for not including check_config.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-05-29 09:44:20 +02:00
Gilles Peskine
bdce65700e
Merge pull request #9067 from gilles-peskine-arm/ssl-opt-server2-detection 
Fix skipped tests in configurations without RSA
 2024-05-15 12:06:31 +00:00
Gilles Peskine
ca73fc6627
Merge pull request #9026 from nileshkale123/fix/redefination_warning_for_gnu_source 
Fixed redefination warning messages for _GNU_SOURCE
 2024-05-06 12:40:49 +00:00
Gilles Peskine
9791ee9296
Merge pull request #8538 from Ryan-Everett-arm/8537-fix-error-handling-for-secure-element-keys-in-psa_start_key_creation 
Fix error handling for secure element keys in `psa_start_key_creation`
 2024-05-02 16:06:07 +00:00
Gilles Peskine
fa8fc2705a
Merge pull request #9069 from Ryan-Everett-arm/fix-get-and-lock-key-slot-threading-bug 
Wipe the returned slot pointer upon failure in `psa_get_and_lock_key_slot`
 2024-05-02 15:48:21 +00:00
Ryan Everett
c51e948370 Add changelog 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-04-30 14:04:17 +01:00
Janos Follath
93f20f45d1 Fix Changelog formatting 
Add EOL and remove trailing whitespaces.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-04-30 10:32:17 +01:00
nilesh.kale
d338d0156f Fixed issue of redefinition warning messages for _GNU_SOURCE 
Signed-off-by: nilesh.kale <nilesh.kale@espressif.com>
 2024-04-30 08:24:47 +05:30
Gilles Peskine
dde67bbb5a Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled 
It isn't detected on the CI because we only test this with an ancient Clang
that doesn't warn. Old GCC, modern GCC and modern Clang do
warn (-Wunused-but-set-variable).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-29 12:38:16 +02:00
Paul Elliott
0f37a157a2 Add Changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-04-26 18:56:00 +01:00
Valerio Setti
ec3b90f348 changelog: fix text 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-19 11:09:56 +02:00
Valerio Setti
ce86865258 add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-19 09:38:23 +02:00
Gilles Peskine
bee96566da
Merge pull request #8999 from tom-cosgrove-arm/fix-compilation-when-memcpy-is-function-like-macro 
Fix compilation when memcpy() is a function-like macro
 2024-04-09 11:34:46 +00:00
Manuel Pégourié-Gonnard
a4b773d3bb
Merge pull request #6955 from inorick/nofa_no_session_tickets 
Guard ticket specific TLS 1.3 function with macro
 2024-04-08 08:56:17 +00:00
Ronald Cron
527a2eb8c4 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 08:45:09 +02:00
Tom Cosgrove
a2c45dc713 Fix compilation of ssl_tls13_generic.c when memcpy() is a function-like macro 
Fixes #8994

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2024-04-02 14:51:47 +01:00
Minos Galanakis
2c1daef183 Assemble Changelog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 11:46:25 +00:00
Minos Galanakis
d9d6435bc5 Merge branch 'development-restricted' into mbedtls-3.6.0rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-21 15:44:11 +00:00
Valerio Setti
ea01efa589 add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 17:19:08 +01:00
Minos Galanakis
b70f0fd9a9 Merge branch 'development' into 'development-restricted' 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-19 22:24:40 +00:00
Ronald Cron
a5c5c58107 tls13: srv: Fix potential stack buffer overread 
Fix potential stack buffer overread when
checking PSK binders.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-19 14:46:21 +01:00
Gilles Peskine
b2b9068264
Merge pull request #8942 from valeriosetti/fix-null-dereference 
[Bugfix] Fix null dereference in `mbedtls_pk_verify_ext()`
 2024-03-19 10:47:29 +00:00
Manuel Pégourié-Gonnard
af14b89824
Merge pull request #8932 from ronald-cron-arm/enable-tls13-by-default 
Enable TLS 1.3 by default
 2024-03-19 09:51:49 +00:00
Valerio Setti
8ad5be0e5d add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-18 17:22:52 +01:00
Paul Elliott
f5f48549e2 Add issues fixed to changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-18 13:52:25 +00:00
Ronald Cron
27eb68d295 Enable TLS 1.3 by default 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-18 13:06:59 +01:00
Manuel Pégourié-Gonnard
47f8d0e840
Merge pull request #8934 from paul-elliott-arm/add_threading_changelog 
Add changelog entry for threading MVP
 2024-03-18 10:25:14 +00:00
Paul Elliott
7d8fd3fafe Add changelog entry for threading MVP 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-17 16:18:23 +00:00
Manuel Pégourié-Gonnard
c9db499299
Merge pull request #8930 from ronald-cron-arm/tls13-doc-update 
TLS 1.3: Documentation update for 3.6 release
 2024-03-15 16:41:52 +00:00
Ronald Cron
a457633034
Merge pull request #8911 from waleed-elmelegy-arm/check-alpn-when-receiving-early-data 
Check ALPN when receiving early data
 2024-03-15 15:29:28 +00:00
Ronald Cron
582865fbfb Improve the change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 15:49:05 +01:00
Bence Szépkúti
567591eec7
Merge pull request #8923 from bensze01/drop-old-compilers 
Drop Support for MSVC 2013, 2015 and Arm Compiler 5
 2024-03-15 12:56:21 +00:00
Waleed Elmelegy
131b2ffd89 Fix bug in ALPN negotiating 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-15 12:12:15 +00:00
Bence Szépkúti
a32546c96e Update changelog 
Expand MSVC to Visual Studio and announce the moving of the solution
files.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-03-15 12:14:39 +01:00
Ronald Cron
e40e42cf21 Add change log for early data feature 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:41:52 +01:00
David Horstmann
abbf2c4835
Merge pull request #1191 from davidhorstmann-arm/psa-shared-memory-changelog 
Add ChangeLog for PSA buffer sharing fix
 2024-03-14 16:18:23 +00:00
Gilles Peskine
91f7e07c63
Merge pull request #1196 from davidhorstmann-arm/buffer-sharing-merge 
Update development-restricted after buffer-sharing work
 2024-03-14 13:28:35 +01:00
BensonLiou
7b8b696790 Add change log 
Signed-off-by: BensonLiou <momo1208@gmail.com>
 2024-03-14 18:11:09 +08:00
Janos Follath
9edd7fd002 Add CVE IDs to Changelog 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-03-14 09:38:03 +00:00
David Horstmann
0634168296 Reference issue #3266 
This is the issue that tracks incomplete support for buffer overlap, so
we should refer to it when we discuss partial support whenever
MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-13 14:12:10 +00:00
David Horstmann
eff3d1ebb5 Use the exact phrase 'shared memory' 
This allows people searching for this phrase to find this ChangeLog
entry.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-13 14:12:10 +00:00
David Horstmann
4407aba552 Mention the CVE number that is fixed 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-13 13:34:31 +00:00
David Horstmann
7fc35a5ea1 Reword ChangeLog entry. Specifically: 
* Fix a grammatical typo
* Mention shared memory
* Mention overlap support in the security section
* Improve wording

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-13 13:30:55 +00:00
Bence Szépkúti
ae0d97ab8b Update compilers list in docs and changelog 
Drop support for MSVC 2013, 2015 and Arm Compiler 5

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-03-13 11:23:16 +01:00
Dave Rodgman
60c2f47f98
Merge pull request #8888 from minosgalanakis/features/add_ssl_session_accessor_8529 
[MBEDTLS_PRIVATE] Add accessor for session and ciphersuite_id
 2024-03-13 10:02:15 +00:00
David Horstmann
7102d0f747 Add bugfix section about buffer sharing 
Mention that arbitrary overlap is now supported, except whenever
MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-12 16:56:49 +00:00
David Horstmann
1d3276da65 Reword ChangeLog entry for shared memory work 
Specifically:
* Clarify that passing shared buffers is now secure by default (not
  newly supported)
* Remove spurious hyphen
* Clarify that we do not guarantee copying, but rather guarantee
  protection, allowing us to implement this differently in future if
  required.
* Mention both protection of inputs from modification and outputs from
  exposure of intermediate results.
* Invert the config option, from an enable-option to a disable-option.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-12 16:47:46 +00:00
David Horstmann
93fa4e1b87 Merge branch 'development' into buffer-sharing-merge 2024-03-12 15:05:06 +00:00
Gilles Peskine
bf69f2e682 New function mbedtls_pk_copy_public_from_psa 
Document and implement mbedtls_pk_copy_public_from_psa() to export the
public key of a PSA key into PK.

Unit-test it alongside mbedtls_pk_copy_from_psa().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:45 +01:00
Manuel Pégourié-Gonnard
d7e7f48323
Merge pull request #8774 from valeriosetti/issue8709 
Implement mbedtls_pk_copy_from_psa
 2024-03-12 13:45:27 +00:00
Valerio Setti
d286491ed7 changelog: fix text 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-12 05:11:09 +01:00
Gilles Peskine
88c2755a30 mbedtls_pk_decrypt/encrypt actually check the padding mode 
The sign/verify functions happily use the wrong algorithm, but the
encrypt/decrypt functions error out if the padding mode specifies V21.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-11 18:49:54 +01:00
David Horstmann
5fb5cce066 Add ChangeLog for PSA buffer sharing fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-11 17:28:09 +00:00
Dave Rodgman
9cc01ccbf8
Merge pull request #8831 from yanesca/switch_to_new_exp 
Use mpi_core_exp_mod in bignum
 2024-03-11 13:40:46 +00:00
Ronald Cron
44193fa573 Fix and improve the change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-11 13:40:24 +01:00
Valerio Setti
64d5fc0070 changelog: fix text and typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
4f1650d4af changelog: enhance description 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
2f08f4cdb8 add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Minos Galanakis
f9a6893b55 Changelog: Added entry for ssl_session accessors. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-11 10:09:44 +00:00
Manuel Pégourié-Gonnard
af3e574f5f
Merge pull request #8862 from valeriosetti/issue8825 
Improve support of mbedtls_psa_get_random in client-only builds
 2024-03-10 20:06:27 +00:00
Ronald Cron
53dff7b0af Do not forget about TLS 1.2 disabled at runtime aspect 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-07 16:01:51 +01:00