mbedtls

Author	SHA1	Message	Date
Asfandyar Orakzai	65cd8a4a23	fixed formating issues in psa_crypto_code_gen_1_1.txt Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>	2022-11-03 11:16:40 +01:00
Asfandyar Orakzai	4f63ac4358	fixed changelog formating Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>	2022-11-03 10:18:05 +01:00
Asfandyar Orakzai	ee2b637d03	Fixed change log issue Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>	2022-11-02 21:50:27 +01:00
Dave Rodgman	5875f5f96b	Add Changelog Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-01 16:28:03 +00:00
Dave Rodgman	e8734d8a55	Apply suggestions from code review Two spelling fixes (changelog & a comment) Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-10-31 14:30:24 +00:00
Dave Rodgman	55fd0b9fc1	Merge pull request #6121 from daverodgman/pr277 cert_write - add a way to set extended key usages - rebase	2022-10-31 13:27:49 +00:00
Dave Rodgman	1a22bef116	Merge pull request #6190 from daverodgman/invalid-ecdsa-pubkey Improve ECDSA verify validation	2022-10-31 09:37:26 +00:00
Jerry Yu	12f5c6b2bc	Add changelog entry Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-30 17:57:06 +08:00
Glenn Strauss	a4b4041219	Shared code to free x509 structs Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-10-28 12:51:35 -04:00
Dave Rodgman	b3166f4b2f	Update Changelog Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-10-28 11:39:04 +01:00
Dave Rodgman	d7dfc0922e	Update Changelog Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-10-28 11:38:05 +01:00
Dave Rodgman	169ae4f528	Add Changelog entry Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-10-28 11:24:29 +01:00
Ronald Cron	04e2133f45	Merge pull request #6482 from ronald-cron-arm/tls13-misc TLS 1.3: Update documentation for the coming release and misc	2022-10-28 11:09:03 +02:00
Dave Rodgman	ce48c92c6c	Credit Cryptofuzz in the changelog Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-10-27 20:37:23 +01:00
Dave Rodgman	5d13e5e568	Improve changelog for ECDSA verify fix Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-10-27 20:34:21 +01:00
Ronald Cron	85b9e09525	Add change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-26 15:18:37 +02:00
Ronald Cron	c9176a03a7	Merge pull request #6410 from gilles-peskine-arm/psa-pkparse-pkwrite-3.2 PSA with RSA requires PK_WRITE and PK_PARSE	2022-10-26 14:57:36 +02:00
Ronald Cron	4f7feca0dc	Merge pull request #6391 from davidhorstmann-arm/fix-x509-get-name-cleanup The Open CI ran successfully thus I think we can ignore the internal CI.	2022-10-26 14:27:54 +02:00
Gilles Peskine	8874cd570e	Merge pull request #4826 from RcColes/development Add LMS implementation	2022-10-14 18:33:01 +02:00
Manuel Pégourié-Gonnard	b3c30907d6	Merge pull request #6383 from mprse/aead_driver_test Enable testing of AEAD drivers with libtestdriver1	2022-10-14 11:11:01 +02:00
Raef Coles	2ad6e611f0	Update LMS/LMOTS documentation Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:20 +01:00
Raef Coles	8ff6df538c	Add LMS implementation Also an LM-OTS implementation as one is required for LMS. Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:15 +01:00
Gilles Peskine	0fe6631486	Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2 Include platform.h unconditionally	2022-10-13 10:19:22 +02:00
Gilles Peskine	8fd3254cfc	Merge pull request #6374 from mprse/enc_types Test TLS 1.2 builds with each encryption type	2022-10-12 12:45:50 +02:00
Przemek Stekiel	ea37bb2403	Add changelog entry Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-12 11:17:41 +02:00
Gilles Peskine	fcee740b83	Automatically enable PK_PARSE for RSA in PSA PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost anything with them (import, get attributes, export public from private, any cryptographic operations). Force it on, for symmetry with what we're doing for MBEDTLS_PK_WRITE_C. Fixes #6409. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-11 21:15:24 +02:00
Gilles Peskine	fd94304f9d	PSA RSA needs pk_write The PSA crypto code needs mbedtls_pk_write_key_der() and mbedtls_pk_write_pubkey() when using RSA without drivers. We were already forcing MBEDTLS_PK_WRITE_C when MBEDTLS_USE_PSA_CRYPTO is enabled. Do so also when MBEDTLS_PSA_CRYPTO_C is enabled as well as MBEDTLS_RSA_C, even without MBEDTLS_USE_PSA_CRYPTO. Fixes #6408. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-11 21:09:12 +02:00
Przemek Stekiel	1f02c6c25e	Reword change log entry Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-10 13:30:52 +02:00
David Horstmann	05bb2c5d0e	Add ChangeLog entry for memory leak fix Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-05 12:09:18 +01:00
Przemek Stekiel	e32cd44490	Add changelog entry: tls 1.2 builds with single encryption type Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-05 09:46:35 +02:00
Glenn Strauss	2ff77119df	mbedtls_ecp_point_read_binary from compressed fmt mbedtls_ecp_point_read_binary from MBEDTLS_ECP_PF_COMPRESSED format Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-10-03 05:43:27 -04:00
Tom Cosgrove	51a0163828	Add ChangeLog entry Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-30 18:10:58 +01:00
Victor Barpp Gomes	00a02b1468	Add Changelog entry Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>	2022-09-29 13:52:55 -03:00
Manuel Pégourié-Gonnard	e3358e14b2	Merge pull request #6051 from mprse/permissions_2b_v2 Permissions 2b: TLS 1.3 sigalg selection	2022-09-28 09:50:04 +02:00
Manuel Pégourié-Gonnard	f3f9e450b6	Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2 Ad-hoc KDF for EC J-PAKE in TLS 1.2	2022-09-28 09:47:32 +02:00
Ronald Cron	cba39a386f	Add change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-27 19:10:39 +02:00
Andrzej Kurek	f13925c022	Add a changelog entry for ECJPAKE to PMS KDF Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-27 05:16:10 -04:00
Gilles Peskine	8c2d236117	Merge pull request #6188 from N3xed/fix/windows-different-drives-build-error Copy files instead of hard-linking on Windows	2022-09-23 17:03:50 +02:00
Manuel Pégourié-Gonnard	c998e43eb4	Add ChangeLog entry about driver-only hashes. (The first entry will need editing if support for ENTROPY_C is sorted out before the next release.) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-09-16 12:03:52 +02:00
Gilles Peskine	d6355caa8f	Include platform.h unconditionally: fixes undefined mbedtls_setbuf Now that mbedtls/platform.h is included unconditionally, there are no more configurations where mbedtls_setbuf was accidentally left out of the manual definitions when MBEDTLS_PLATFORM_C is disabled. Fixes #6118, #6196. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-09-15 20:34:50 +02:00
Neil Armstrong	19bb9913c2	Update changelog entry for new PSA PAKE feature Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	bb28c56796	Add changelog entry for new PSA PAKE feature Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Dave Rodgman	5a28142410	Merge pull request #6189 from Kxuan/fix-ctr_drbg-uninit ctr_drbg: fix free uninitialized aes context	2022-08-24 14:58:44 +01:00
Dave Rodgman	d106308c83	Changelog for ECDSA verify fix Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-19 11:16:37 +01:00
Dave Rodgman	273efeb0eb	Add Changelog entry Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-12 11:02:03 +01:00
kXuan	9ac6b28e27	ctr_drbg: remove mbedtls_aes_init call from mbedtls_ctr_drbg_seed Since `11e9310` add mbedtls_aes_init call in mbedtls_ctr_drbg_init, it should not init aes_ctx again in mbedtls_ctr_drbg_seed. Signed-off-by: kXuan <kxuanobj@gmail.com>	2022-08-11 16:38:45 +08:00
Dominik Gschwind	c6d16362f3	Copy files instead of hard-linking on Windows Fixes an issue on Windows where when source and build directory are on different drives hard-linking to files or directory fails as it doesn't work across filesystem boundaries. Note that symlinking is also not possible because it requires administrator privileges on Windows. The solution copies the files using the built-in cmake `configure_file(src dest COPYONLY)` command. As this command only operates on files, if a directory is specified the files will be globbed recursively and through symlinks. Signed-off-by: Dominik Gschwind <dominik.gschwind99@gmail.com>	2022-08-10 16:27:14 +02:00
Dave Rodgman	f421d45869	Merge pull request #6139 from AdityaHPatwardhan/fix/build_error_due_to_missing_prototype Fix build error due to missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled	2022-08-09 11:27:42 +01:00
Dave Rodgman	384f1e61f7	Merge pull request #5950 from savent404/development cmake: IAR support option( MBEDTLS_FATAL_WARNINGS)	2022-08-09 10:52:31 +01:00
Dave Rodgman	953ce3962f	Merge pull request #5971 from yuhaoth/pr/add-rsa-pss-rsae-for-tls12 Add rsa pss rsae for tls12	2022-08-09 10:21:45 +01:00
Gilles Peskine	b3edc1576c	Merge pull request #2602 from edsiper/crt-symlink x509_crt: handle properly broken links when looking for certificates	2022-08-03 13:05:29 +02:00
Gilles Peskine	7e1ee0f04b	Merge pull request #6114 from mman/development Use double quotes to include private header file psa_crypto_cipher.h	2022-08-03 13:04:57 +02:00
Martin Man	4741e0b56c	Use double quotes to include private header file psa_crypto_cipher.h Signed-off-by: Martin Man <mman@martinman.net> Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>	2022-08-02 12:44:35 +02:00
Aditya Patwardhan	3096f331ee	Fix missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled Added the changelog.d entry Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>	2022-08-02 11:15:18 +05:30
savent	5d8adab983	cmake: IAR support option( MBEDTLS_FATAL_WARNINGS) IAR toolchain makes some warning, forcing 'warning as error' is not for sure. Signed-off-by: savent <savent_gate@outlook.com>	2022-08-02 03:23:02 +00:00
Dave Rodgman	919ff15ecf	Merge pull request #4686 from Kazuyuki-Kimura/patch_#2020 Fixed a bug that the little-endian Microblaze does not work when MBEDTLS_HAVE_ASM is defined	2022-07-29 17:08:11 +01:00
Jerry Yu	eec4f03c60	fix typo and changelog entry issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Jerry Yu	72a858517b	add changelog entry Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Dave Rodgman	257319a33e	Merge pull request #6133 from tom-cosgrove-arm/extend-query_compile_time_config-to-psa_want Extend query_compile_time_config to PSA_WANT_xxx macros	2022-07-28 13:01:09 +01:00
Thomas Daubney	69576274cc	Add ChangeLog entry Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-07-26 16:13:23 +01:00
Tom Cosgrove	ff3c6c1a1a	Add parsing of psa/crypto_config.h for PSA_WANT_xxx to query_compile_time_config Fixes #6131 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-07-25 12:19:35 +01:00
Dave Rodgman	a948f0588c	Merge pull request #1986 from jacmet/bn_mul-fix-x86-pic-compilation-for-gcc-4 bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5	2022-07-21 17:34:48 +01:00
Dave Rodgman	ecc1031dbf	Merge pull request #6086 from paul-elliott-arm/fix_cmake_no_gen_files Fix linking of generated files in cmake	2022-07-20 16:13:42 +01:00
Dave Rodgman	7085aa42ee	Merge pull request #5896 from wernerlewis/aes_shallow_copy Refactor AES context to be shallow-copyable	2022-07-20 15:16:37 +01:00
Dave Rodgman	c95cb6d6e5	Add Changelog entry Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-20 14:37:08 +01:00
Paul Elliott	582f72bf3b	Fix linking of generated files in cmake If generation of files is turned off, and a file is missing, when building in tree with cmake, you can end up with the generated file being turned into a symlink to itself. This will also break any future attempt at building with make. Fix this by testing if the file exists prior to attempting to link it. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-19 17:23:30 +01:00
Tom Cosgrove	d99f24c792	Add a ChangeLog entry Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-07-19 08:55:48 +01:00
Paul Elliott	2238eed2d9	Update Changelog for 3.2.0 release Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 13:55:59 +01:00
Paul Elliott	2089fd0ea9	Rename Changelog entries that don't have .txt extension Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 13:52:54 +01:00
Paul Elliott	237c87ba0e	Add missing Changelog entries Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 13:52:28 +01:00
Ronald Cron	ce7d76e2ee	Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr	2022-07-11 10:22:37 +02:00
Paul Elliott	6e80e09bd1	Merge pull request #5915 from AndrzejKurek/cid-resumption-clash Fix DTLS 1.2 session resumption	2022-07-06 15:03:36 +01:00
Andrzej Kurek	1ce9ca0630	Changelog rewording Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-06 06:50:30 -04:00
Paul Elliott	826762e315	Merge pull request #5765 from leorosen/fix-some-resource-leaks Fix resource leaks	2022-07-05 23:12:02 +01:00
Andrzej Kurek	3a29e9cf57	Improve changelog wording Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-05 10:49:10 -04:00
Andrzej Kurek	2e1a232261	Fix changelog wording Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:21:59 -04:00
Andrzej Kurek	9abad0c5ef	Improve the changelog message to contain more details Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:18:29 -04:00
Paul Elliott	b7aba1a584	Improve Changelog Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-04 06:49:26 -04:00
Leonid Rozenboim	56e01f37a8	Created customary ChangeLog.d entry. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-07-04 06:49:26 -04:00
Manuel Pégourié-Gonnard	465341f438	Add ChangeLog entries for general Use PSA improvements Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:44:37 +02:00
Paul Elliott	41aa808a56	Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf Turn off stdio buffering with setbuf()	2022-07-04 10:12:22 +01:00
Paul Elliott	bae7a1a5a6	Merge pull request #5620 from gstrauss/dn_hints Add accessors to config DN hints for cert request	2022-07-01 17:23:14 +01:00
Paul Elliott	dfb5da2a99	Fix changelog requirements section. Setbuf() is currently not guarded by MBEDTLS_FS_IO, nor can it easily be so. Raised a seperate issue to cover this, and removed the mention of MBEDTLS_FS_IO from the Changelog. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-01 16:32:14 +01:00
Ronald Cron	7922bfbd47	Merge pull request #6005 from ronald-cron-arm/tls13-changelogs-doc-update TLS 1.3: Add missing change logs and update doc for 3.2 release Validated by the internal CI, ready to be merged.	2022-07-01 17:27:33 +02:00
Ronald Cron	3cb707dc6d	Fix and improve logs and documentation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-01 14:36:52 +02:00
Manuel Pégourié-Gonnard	8b8a1610f7	Merge pull request #936 from paul-elliott-arm/fix_tls_record_size_check Fix the wrong variable being used for TLS record size checks	2022-07-01 12:29:48 +02:00
Manuel Pégourié-Gonnard	790ab52ee0	Merge pull request #5962 from gilles-peskine-arm/storage-format-doc-202206 Documentation about storage format compatibility	2022-07-01 12:21:17 +02:00
Ronald Cron	08346434d2	Add TLS 1.3 change logs Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-01 11:37:07 +02:00
Gilles Peskine	cf4d9f98c7	Changelog entry for mbedtls_setbuf() * Security: we're improving a countermeasure. * Requirement change: the library will no longer compile on a platform without setbuf(). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 17:11:30 +02:00
Ronald Cron	cb67e1a890	Merge pull request #5917 from gilles-peskine-arm/asn1write-0-fix Improve ASN.1 write tests	2022-06-30 15:42:16 +02:00
Tom Cosgrove	d7adb3c7d9	Add comments about MBEDTLS_PSA_CRYPTO_C also being required by MBEDTLS_SSL_PROTO_TLS1_3 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-06-30 09:48:40 +01:00
Paul Elliott	f6a56cf5ff	Merge pull request #939 from ronald-cron-arm/tls13-add-missing-overread-check TLS 1.3: Add missing overread check	2022-06-29 17:01:14 +01:00
Tom Cosgrove	afb2fe1acf	Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3 Also have check_config.h enforce this. And MBEDTLS_SSL_EXPORT_KEYS has been removed, so no longer mention it. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-06-29 16:36:12 +01:00
Werner Lewis	dd76ef359d	Refactor AES context to be shallow-copyable Replace RK pointer in AES context with a buffer offset, to allow shallow copying. Fixes #2147. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-29 16:17:50 +01:00
Dave Rodgman	1dc6848679	Merge pull request #5976 from gilles-peskine-arm/selftest-calloc-pointer-comparison-fix-development Remove largely useless bit of test log to silence GCC 12	2022-06-29 15:25:04 +01:00
Dave Rodgman	5b50f38f92	Merge pull request #934 from gilles-peskine-arm/mpi-0-mod-2 Fix null pointer dereference in mpi_mod_int(0, 2)	2022-06-29 15:02:59 +01:00
Gilles Peskine	d86abf2392	Merge pull request #5861 from wernerlewis/csr_subject_comma Fix output of commas and other special characters in X509 DN values	2022-06-28 21:00:49 +02:00
Gilles Peskine	7d14c19730	Merge pull request #5905 from gilles-peskine-arm/changelog-improvements-20220609-development Changelog improvements before the 3.2 release	2022-06-28 21:00:10 +02:00
Glenn Strauss	999ef70b27	Add accessors to config DN hints for cert request mbedtls_ssl_conf_dn_hints() mbedtls_ssl_set_hs_dn_hints() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-28 12:43:59 -04:00
Gilles Peskine	bf918b9cfe	Use headlinese for added functions, per request Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-27 23:34:32 +02:00
Dave Rodgman	f5b7082f6e	Merge pull request #5811 from polhenarejos/bug_x448 Fix order value for curve x448	2022-06-27 13:47:24 +01:00
Gilles Peskine	251ca25d94	Clarify potential ambiguity in changelog entry Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-27 14:47:15 +02:00
Werner Lewis	fd8cfe4f8e	Replace parsing with outputting Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-27 11:23:43 +01:00
Werner Lewis	b33dacdb50	Fix parsing of special chars in X509 DN values Use escape mechanism defined in RFC 1779 when parsing commas and other special characters in X509 DN values. Resolves failures when generating a certificate with a CSR containing a comma in subject value. Fixes #769. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-27 11:19:50 +01:00
Ronald Cron	e0d7367a9e	Add change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:49 +02:00
Ronald Cron	9738a8d0fd	Merge pull request #943 from ronald-cron-arm/tls13-fix-key-usage-checks TLS 1.3: Fix certificate key usage checks	2022-06-27 08:32:17 +02:00
Gilles Peskine	0ff241a1ea	Remove largely useless bit of test log to silence GCC 12 GCC 12 emits a warning because it thinks `buffer1` is used after having been freed. The code is correct C because we're only using the value of `(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for anything useful: it doesn't really matter if an alloc-free-alloc sequence returns the same address twice. So don't print that bit of information, and this way we don't need to save the old address. Fixes #5974. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-25 14:29:23 +02:00
Paul Elliott	668b31f210	Fix the wrong variable being used for TLS record size checks Fix an issue whereby a variable was used to check the size of incoming TLS records against the configured maximum prior to it being set to the right value. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-06-24 20:09:37 +01:00
Manuel Pégourié-Gonnard	93a7f7d7f8	Merge pull request #5954 from wernerlewis/x509_next_merged Add mbedtls_x509_dn_get_next function	2022-06-24 09:59:22 +02:00
Andrzej Kurek	5708b45154	Add a changelog entry for the session resumption + CID bug Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-23 08:00:14 -04:00
Manuel Pégourié-Gonnard	19a567ba43	Fix impact evaluation Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard	32a38dfec5	Add ChangeLog for potential overread with USE_PSA The issue was fixed while adding support for static ECDH with Opaque keys: https://github.com/Mbed-TLS/mbedtls/pull/5624 This is just adding the ChangeLog entry for that fix. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:29 +02:00
Gilles Peskine	e0469b5908	Merge pull request #931 from AndrzejKurek/clihlo_cookie_pxy_fix Add a client hello cookie_len overflow test	2022-06-20 19:35:54 +02:00
Gilles Peskine	98473c4523	Officially deprecate MBEDTLS_PSA_CRYPTO_SE_C This was intended as experimental, and we've been saying for a long time that it's superseded by the "unified driver interface", but we hadn't documented that inside the Mbed TLS source code. So announce it as deprecated. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-20 18:46:22 +02:00
Gilles Peskine	36aeb7f163	Merge pull request #5834 from mprse/HKDF_1 HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms	2022-06-20 15:27:46 +02:00
Ronald Cron	c3e9abedff	Add change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-20 13:53:50 +02:00
Werner Lewis	b3acb053fb	Add mbedtls_x509_dn_get_next function Allow iteration through relative DNs when X509 name contains multi- value RDNs. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-17 16:40:55 +01:00
Gilles Peskine	321a08944b	Fix bug whereby 0 was written as 0200 rather than 020100 0200 is not just non-DER, it's completely invalid, since there has to be a sign bit. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-10 20:13:33 +02:00
Andrzej Kurek	96d5439da5	Fix incorrect changelog entry Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-10 04:26:08 -04:00
Gilles Peskine	ae25bb043c	Fix null pointer dereference in mpi_mod_int(0, 2) Fix a null pointer dereference when performing some operations on zero represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or mbedtls_mpi_write_string() in base 2. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 19:32:46 +02:00
Gilles Peskine	76c1c6b9c1	Changelog: minor copyediting Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 18:51:18 +02:00
Gilles Peskine	e1efbf7f36	Changelog: when adding a new function, state its name Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 18:50:50 +02:00
Gilles Peskine	c23a6d4feb	Changelog: make some long entries about TLS 1.3 more to the point Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 18:50:06 +02:00
Gilles Peskine	26a51cfe54	Changelog: list deprecations in the dedicated section Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 18:49:07 +02:00
Gilles Peskine	8df3623bee	Changelog: clarify some cmake-related entries as being about cmake Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 18:48:21 +02:00
Gilles Peskine	fed024dd52	Changelog: mention bug id in bugfix entry Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 18:44:51 +02:00
Gilles Peskine	d99083f7a4	Changelog: remove bugfix entry that's actually a robustness improvement If the key agreement or the public key export in ssl_write_client_key_exchange() fails, the handshake enters a failed state. The only valid thing you can do in a failed handshake is to abort it, which calls mbedtls_ssl_handshake_free(), which destroys ecdh_psa_privey. While it's good hygiene to destroy the key in the function that creates it, it would have been cleaned up a little later in the normal course of things anyway, so there wasn't an actual bug. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 18:38:35 +02:00
Gilles Peskine	3ea721e234	Changelog: Remove redundant entry about USE_PSA_CRYPTO in reduced configs The entry for “Fix several bugs…” already covers this. This is borderline an internal detail anyway. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 18:36:47 +02:00
Gilles Peskine	10301d4322	Changelog: Consolidate and clarify Armv8 SHA2 acceleration support Consolidate the entries for SHA512 and SHA256 since they are being released together. List the algorithms generically as SHA-2 since this also applies to SHA224 and SHA384. Clearly state that the instructions are only supported when building for Aarch64 (64-bit ARMv8+) and not for Aarch32 (32-bit ARMv8+). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 18:32:22 +02:00
Dave Rodgman	11930699f1	Merge pull request #5827 from wernerlewis/time_utc Use ASN1 UTC tags for dates before 2000	2022-06-08 13:54:19 +01:00
Paul Elliott	5f2bc754d6	Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests Pr/add-tls13-moving-state-tests	2022-06-08 13:39:52 +01:00
Ronald Cron	5313f034b4	Add change log Add change log for the bug fixed in "fix move state to handshake over fail" commit Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-08 09:26:03 +02:00
Dave Rodgman	4b55a89327	Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor Add accessor for x509 certificate extension types	2022-06-06 21:51:38 +01:00
Andrzej Kurek	e6487ab490	Add a changelog entry for the cookie parsing bounds bug Co-authored-by: Gilles Peskine <Gilles.Peskine@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-06 15:31:08 -04:00
Dave Rodgman	5e03d9e601	Merge pull request #5837 from robert-shade/robert-shade/add_subdirectory_support Allow building as a subdir	2022-06-06 14:11:06 +01:00
Przemek Stekiel	452a415476	Changelog: HKDF-Expand and HKDF-Extract as separate algorithms in the PSA API Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-03 16:18:15 +02:00
Werner Lewis	acd01e58a3	Use ASN1 UTC tags for dates before 2000 Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-01 16:24:28 +01:00
Thomas Daubney	3d3cfc5553	Add Changelog entry Add Changelog entry for changes made in this PR. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-06-01 10:23:50 +01:00
Gilles Peskine	f940693960	Merge pull request #5725 from tom-daubney-arm/x25519_program Rewrite x25519 example program	2022-05-31 11:27:22 +02:00
Gilles Peskine	09858ae664	Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa Deprecate mbedtls_cipher_setup_psa()	2022-05-31 10:56:52 +02:00
Dave Rodgman	3527880849	Add Changelog entry Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-30 17:55:13 +01:00
Dave Rodgman	a636d1f192	Merge pull request #5714 from daverodgman/k-stachowiak_static-runtime-option-msvc Enable static linking of the common runtime in MSVC	2022-05-25 14:47:58 +01:00
Dave Rodgman	32c995afa3	Merge pull request #5724 from Biswa96/cmake-mingw cmake: Fix runtime library install location in mingw	2022-05-25 13:34:43 +01:00
Robert Shade	591e729b54	Allow building as a subdir Fixes #5688 Signed-off-by: Robert Shade <robert.shade@gmail.com>	2022-05-21 12:55:12 -04:00
Thomas Daubney	eff0f3f5be	Add changelog entry Add changelog entry for bug fix in sample program. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-05-20 18:46:02 +01:00
Gilles Peskine	3e56130fb9	psa_raw_key_agreement: return BUFFER_TOO_SMALL when warranted psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH, the only algorithm that is currently implemented. Make it return the correct error code. The reason for the wrong error code is that ecdh.c returns MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL, but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the impact of the fix, handle this in the PSA layer. Fixes #5735. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-05-16 19:37:54 +02:00
Dave Rodgman	3383e432bc	Add changelog entry Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-10 13:46:09 +01:00
Przemek Stekiel	fd750d1d9a	Add change log entry: deprecate mbedtls_cipher_setup_psa Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-06 12:45:34 +02:00
Pol Henarejos	f72803d6f9	Removing tabs. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-05 20:12:13 +02:00
Pol Henarejos	030e802198	Added Changelog entry. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-05 19:28:15 +02:00

1 2 3 4 5 ...

1004 commits