mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-28 00:35:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
31,118 Commits 170 Branches 263 Tags
Commit Graph

13357 Commits

Author SHA1 Message Date
Elena Uziunaite
2fbe012f03 Replace MBEDTLS_MD_CAN_SHA3_256 with PSA_WANT_ALG_SHA3_256 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-04 19:41:02 +01:00
Gilles Peskine
4efd1645e8
Merge pull request #8983 from Troy-Butler/handle-null-args 
Fix NULL argument handling in mbedtls_xxx_free() functions
 2024-07-04 14:50:55 +00:00
Gilles Peskine
e2902346f5
Merge pull request #9139 from bluerise/silence 
Silence gcc 12.2.0 warning
 2024-07-04 14:49:47 +00:00
Gilles Peskine
c971d80faa
Merge pull request #9315 from gilles-peskine-arm/psa_cipher_decrypt-ccm_star-iv_length_enforcement 
psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes
 2024-07-04 14:39:25 +00:00
Ronald Cron
cd906958df
Merge pull request #9214 from eleuzi01/replace-mbedtls-md-can-sha3-512 
Replace MBEDTLS_MD_CAN_SHA3_512 with PSA_WANT_ALG_SHA3_512
 2024-07-04 13:31:47 +00:00
Elena Uziunaite
e8cd45ca65 Replace MBEDTLS_MD_CAN_SHA3_512 with PSA_WANT_ALG_SHA3_512 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-04 11:39:46 +01:00
Ronald Cron
2cf41a273e
Merge pull request #9171 from eleuzi01/replace-mbedtls-md-can-sha384 
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
 2024-07-04 08:56:52 +00:00
Ronald Cron
45aa4d50de
Merge pull request #9125 from eleuzi01/replace-mbedtls-md-can-ripemd160 
Replace MBEDTLS_MD_CAN_RIPEMD160 with PSA_WANT_ALG_RIPEMD160
 2024-07-04 08:38:40 +00:00
Gilles Peskine
4a17523e48
Merge pull request #9170 from eleuzi01/replace-mbedtls-md-can-sha224 
Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224
 2024-07-03 14:42:08 +00:00
Gilles Peskine
94f07689d6
Merge pull request #9082 from andre-rosa/check-overflow-when-reading-padding-len-on-aes-128-cbc-decryption 
Add invalid `padding_len` check in `get_pkcs_padding`
 2024-07-03 14:41:06 +00:00
Elena Uziunaite
b476d4bf21 Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-03 10:20:41 +01:00
Elena Uziunaite
fcc9afaf9d Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-02 11:08:04 +01:00
Ronald Cron
fa7e15d76b Fix typo 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-07-01 14:59:35 +02:00
Ronald Cron
3d817add46 Adjust build systems 
Adjust build systems such as we can built
Mbed TLS in the default and full configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-07-01 14:59:35 +02:00
Gilles Peskine
7b6ddfcd25 psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes 
Credit to Cryptofuzz. Fixes #9314.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-26 13:16:33 +02:00
Ronald Cron
f0481f562a
Merge pull request #9258 from tom-daubney-arm/drop_padlock_support 
Drop support for VIA Padlock
 2024-06-26 07:36:04 +00:00
Thomas Daubney
f57a352a9d Remove superfluous brackets 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-06-25 15:23:57 +01:00
Thomas Daubney
4e5d183d78 Correct pluralisation errors in comments 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-06-25 15:21:48 +01:00
Thomas Daubney
1d08e2f2bc Change guard implementation 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-06-25 09:18:20 +01:00
Thomas Daubney
6a758fc7a1 Add guarding to aes_maybe_realign 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-06-20 16:43:20 +01:00
Elena Uziunaite
1b6fb219e9 Replace MBEDTLS_MD_CAN_RIPEMD160 with PSA_WANT_ALG_RIPEMD160 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-06-20 16:35:29 +01:00
Ronald Cron
de0d7e6cd0
Merge pull request #9247 from ronald-cron-arm/move-psa-headers 
Move PSA headers to a new tf-psa-crypto directory
 2024-06-18 18:48:24 +00:00
Thomas Daubney
62af02c063 Drop support for VIA Padlock 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-06-14 10:37:13 +01:00
Tom Cosgrove
f41272099b
Merge pull request #9242 from sezrab/fix-function-parameter 
Fix incorrect array length in function prototype
 2024-06-13 07:55:50 +00:00
Ronald Cron
c7e9e367bb Adjust build systems 
Adjust build systems such as we can build
Mbed TLS in the default and full configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-06-13 09:02:24 +02:00
Tom Cosgrove
a0cfe01bb7
Merge pull request #9241 from lhuang04/official_development_psk_null2 
Set psk to NULL in ssl_psk_remove
 2024-06-12 12:00:34 +00:00
Sam Berry
3504c88916 Fix incorrect array length in function prototype 
Issue #9179 (MBEDTLS_SSL_CID_OUT_LEN_MAX changed to
MBEDTLS_SSL_CID_IN_LEN_MAX in library\ssl.h and library\ssl_tls.c)

Signed-off-by: Sam Berry <sam.berry@arm.com>
 2024-06-11 14:46:31 +01:00
lhuang04
54adeab866 set psk to null in ssl_psk_remove 
Summary:
set the psk to null after it is released.

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2024-06-10 12:17:11 -07:00
Gilles Peskine
69770aaa7b Use unsigned long rather than size_t for format string readability 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-05 20:54:42 +02:00
Gilles Peskine
a9d4ef0998 Fix uint32_t printed as unsigned int 
This is ok in practice since we don't support 16-bit platforms, but it makes
`arm-none-eabi-gcc-10 -mthumb -Wformat` complain.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-03 22:16:23 +02:00
Gilles Peskine
8c60b16188
Merge pull request #8643 from gilles-peskine-arm/tls12_server-pk_opaque-dead_code 
Guard configuration-specific code in ssl_tls12_server.c
 2024-05-30 17:24:33 +00:00
Patrick Wildt
5da4b7d8da Silence gcc 12.2.0 warning 
Unfortunately this compiler complains about a variable potentially being
used un-initialized.  Silence the warning by initializing it to a sane
default.

Signed-off-by: Patrick Wildt <pwildt@google.com>
 2024-05-15 19:07:11 +00:00
Gilles Peskine
bdce65700e
Merge pull request #9067 from gilles-peskine-arm/ssl-opt-server2-detection 
Fix skipped tests in configurations without RSA
 2024-05-15 12:06:31 +00:00
Gilles Peskine
ca73fc6627
Merge pull request #9026 from nileshkale123/fix/redefination_warning_for_gnu_source 
Fixed redefination warning messages for _GNU_SOURCE
 2024-05-06 12:40:49 +00:00
Manuel Pégourié-Gonnard
61734ec61d
Merge pull request #9073 from valeriosetti/issue9068 
Undefined reference to mbedtls_md_error_from_psa() function
 2024-05-03 07:52:37 +00:00
Gilles Peskine
9791ee9296
Merge pull request #8538 from Ryan-Everett-arm/8537-fix-error-handling-for-secure-element-keys-in-psa_start_key_creation 
Fix error handling for secure element keys in `psa_start_key_creation`
 2024-05-02 16:06:07 +00:00
Gilles Peskine
fa8fc2705a
Merge pull request #9069 from Ryan-Everett-arm/fix-get-and-lock-key-slot-threading-bug 
Wipe the returned slot pointer upon failure in `psa_get_and_lock_key_slot`
 2024-05-02 15:48:21 +00:00
Andre Goddard Rosa
d0a1691b99 Remove unnecessary cast 
Signed-off-by: Andre Goddard Rosa <andre.goddard@gmail.com>
Signed-off-by: Andre Goddard Rosa <agoddardrosa@roku.com>
 2024-05-01 12:44:02 -05:00
Andre Goddard Rosa
30666d478b Add invalid padding_len check in get_pkcs_padding 
When trying to decrypt data with an invalid key, we found that `mbedtls`
returned `0x6200` (`-25088`), which means "_CIPHER - Input data contains
invalid padding and is rejected_" from `mbedtls_cipher_finish`, but it also
set the output len as `18446744073709551516`.

In case we detect an error with padding, we leave the output len zero'ed
and return `MBEDTLS_ERR_CIPHER_INVALID_PADDING`. I believe that the current
test cases are sufficient, as they fail if I return the alternative code
`MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA`, so they do already expect a padding
failure, but now we don't change the output len in the error case.

Here's a reference for the way `openssl` checks the padding length:
  - 1848c561ec/crypto/evp/evp_enc.c (L1023)
  - b554eef43b

Signed-off-by: Andre Goddard Rosa <andre.goddard@gmail.com>
Signed-off-by: Andre Goddard Rosa <agoddardrosa@roku.com>
 2024-05-01 12:02:14 -05:00
Gilles Peskine
489688c0f7
Merge pull request #9065 from paul-elliott-arm/fix_ubsan_mp_aead_gcm 
Add early exit if zero length AEAD additional data passed in.
 2024-04-30 09:48:20 +00:00
Valerio Setti
28cc31c9d5 md: fix guards for mbedtls_md_error_from_psa() 
This should be CRYPTO_CLIENT and not CRYPTO_C as this function
can be used even when CRYPTO_C is not defined.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-30 10:49:00 +02:00
nilesh.kale
d338d0156f Fixed issue of redefinition warning messages for _GNU_SOURCE 
Signed-off-by: nilesh.kale <nilesh.kale@espressif.com>
 2024-04-30 08:24:47 +05:30
Ryan Everett
925b2d76f4 Clarify psa_get_and_lock_key_slot return behaviour 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-04-29 18:29:48 +01:00
Ryan Everett
04e2b04f7f Explicitly document return behaviour 
A bug existed previously where this guarantee was not met,
causing some issues in multi-threaded code.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-04-29 18:26:19 +01:00
Ryan Everett
dd90507dc6 Fix potential non-NULL slot return on failure 
If psa_get_and_lock_key_slot fails, the slot must be wiped.
This fixes a bug where a pointer to some valid key slot can
be incorrectly returned

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-04-29 18:24:58 +01:00
Gilles Peskine
dde67bbb5a Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled 
It isn't detected on the CI because we only test this with an ancient Clang
that doesn't warn. Old GCC, modern GCC and modern Clang do
warn (-Wunused-but-set-variable).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-29 12:38:16 +02:00
Manuel Pégourié-Gonnard
024d3daa7d
Merge pull request #8986 from valeriosetti/issue8871 
Improve test key generation in test_suite_pk
 2024-04-29 09:25:37 +00:00
Paul Elliott
a3daff47d8 Add early exit if zero length AEAD AD passed in. 
With multipart AEAD, if we attempt to add zero length additional data,
then with the buffer sharing fixes this can now lead to undefined
behaviour when using gcm. Fix this by returning early, as there is
nothing to do if the input length is zero.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-04-26 18:47:40 +01:00
Gilles Peskine
bee96566da
Merge pull request #8999 from tom-cosgrove-arm/fix-compilation-when-memcpy-is-function-like-macro 
Fix compilation when memcpy() is a function-like macro
 2024-04-09 11:34:46 +00:00
Manuel Pégourié-Gonnard
a4b773d3bb
Merge pull request #6955 from inorick/nofa_no_session_tickets 
Guard ticket specific TLS 1.3 function with macro
 2024-04-08 08:56:17 +00:00