yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
29194 commits 1 branch 0 tags 94 MiB
Commit graph

1380 commits

Author SHA1 Message Date
Dave Rodgman
4693fd9e9e
Merge pull request #7173 from daverodgman/zeroize-platform 
Use platform-provided secure zeroization
 2023-03-06 09:16:12 +00:00
Pol Henarejos
f61d6c0a2b
Merge branch 'development' into sha3 2023-03-04 00:03:06 +01:00
Dave Rodgman
1f39a62ce6
Merge pull request #7151 from gilles-peskine-arm/psa-headers-alt 
Allow alternative names for overridable PSA headers
 2023-03-03 12:37:51 +00:00
Jerry Yu
8049346989 Add change log entry for mbedtls_ms_time 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-03-03 11:19:07 +08:00
Gilles Peskine
cc29bfd92a Bug fixes from the split of ssl_handle_hs_message_post_handshake 
The split of ssl_handle_hs_message_post_handshake() into
ssl_tls12_handle_hs_message_post_handshake() and
ssl_tls13_handle_hs_message_post_handshake() fixed some user-visible bugs.
Add a changelog entry for those bugs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-01 19:49:58 +01:00
Dave Rodgman
dd4427cc5b
Merge pull request #7169 from AndrzejKurek/mpi-window-size 
Reduce the default MBEDTLS_ECP_WINDOW_SIZE value from 6 to 2
 2023-02-27 17:12:38 +00:00
Paul Elliott
ac2251dad1
Merge pull request #7076 from mprse/parse_RFC822_name 
Add parsing of x509 RFC822 name + test
 2023-02-27 14:16:13 +00:00
Dave Rodgman
bf0597f804 Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-24 17:45:41 +00:00
Dave Rodgman
fd8929cfd1 Improve changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-24 15:57:30 +00:00
Ashley Duncan
88240e769f Added changelog entry. 
Signed-off-by: Ashley Duncan <ashley.duncan@evnex.com>
 2023-02-24 15:57:30 +00:00
Andrzej Kurek
86f30ff626 Reduce the default MBEDTLS_ECP_WINDOW_SIZE value to 2 
As tested in https://github.com/Mbed-TLS/mbedtls/issues/6790,
after introducing side-channel counter-measures to bignum,
the performance of RSA decryption in correlation to the
MBEDTLS_ECP_WINDOW_SIZE has changed.
The default value of 2 has been chosen as it provides best
or close-to-best results for tests on Cortex-M4 and Intel i7.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-24 07:51:21 -05:00
Paul Elliott
a3b625b0a1
Merge pull request #7098 from gilles-peskine-arm/retval-non-empty 
Pacify Clang 15 about empty \retval
 2023-02-24 09:10:53 +00:00
Gilles Peskine
b1176f2583 Allow alternative names for overridden PSA headers 
Integrators of Mbed TLS may override the header files
"psa/crypto_platform.h" and "psa/crypto_struct.h" by overwriting the files
or by placing alternative versions earlier in the include file search path.
These two methods are sometimes inconvenient, so allow a third method which
doesn't require overwriting files or having a precise order for the include
path: integrators can now specify alternative names for the headers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-22 22:07:28 +01:00
Gilles Peskine
ffb92b0789
Merge pull request #7105 from davidhorstmann-arm/fix-oid-printing-bug 
Fix bugs in OID to string conversion
 2023-02-21 23:16:44 +01:00
Gilles Peskine
250a5ac4cb
Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle 
Implement PSA interruptible sign/verify hash
 2023-02-21 15:13:34 +01:00
Ronald Cron
d89360b87b Fix and improve documentation, comments and logs 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-21 14:57:25 +01:00
Przemek Stekiel
d7820b7026 Add change log entry: SAN rfc822Name 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-20 15:09:50 +01:00
Ronald Cron
675d97d42e Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-20 11:42:19 +01:00
Manuel Pégourié-Gonnard
718eb4f190
Merge pull request #7025 from AndrzejKurek/uri_san 
Add the uniformResourceIdentifier subtype for the subjectAltName
 2023-02-20 11:29:59 +01:00
Paul Elliott
e04e15b766 Add Changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
David Horstmann
21b8387929 Add ChangeLog for OID-to-string fixes 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-15 13:07:49 +00:00
Gilles Peskine
4386cf188d Changelog entry for pacifying clang -Wdocumentation about \retval 
Fixes #6960

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-14 19:26:56 +01:00
Paul Elliott
1748de160a Fix IAR Warnings 
IAR was warning that conditional execution could bypass initialisation of
variables, although those same variables were not used uninitialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-13 15:35:35 +00:00
Andrzej Kurek
3e8f65a7e2 Add a changelog entry for URI SAN parsing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-13 10:21:20 -05:00
Gilles Peskine
928593f732
Merge pull request #7041 from gilles-peskine-arm/pk_ext-pss_options-public 
Make the fields of mbedtls_pk_rsassa_pss_options public
 2023-02-10 15:08:06 +01:00
Gilles Peskine
b8531c4b0b
Merge pull request #6882 from AndrzejKurek/x509_san_parsing_testing-dev 
X.509: Fix bug in SAN parsing and enhance negative testing
 2023-02-10 15:05:32 +01:00
Manuel Pégourié-Gonnard
cf1c16af6e
Merge pull request #6925 from gilles-peskine-arm/coding-style-doc 
Switch to the new coding style: documentation
 2023-02-10 10:05:27 +01:00
Pol Henarejos
4e747337ee
Merge branch 'development' into sha3 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-02-07 19:55:31 +01:00
Hanno Becker
dc0e8b92f8 Add a ChangeLog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-07 05:10:29 -05:00
Gilles Peskine
4c77601832
Merge pull request #6975 from davidhorstmann-arm/c-build-helper-improvements 
Minor improvements to `c_build_helper.py`
 2023-02-07 10:25:59 +01:00
Dave Rodgman
94c9c96c94
Merge pull request #6998 from aditya-deshpande-arm/fix-example-programs-usage 
Fix incorrect dispatch to USAGE in example programs, which causes uninitialized memory to be used
 2023-02-06 09:53:50 +00:00
Gilles Peskine
0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3 
Parsing v3 extensions from a CSR - v.2
 2023-02-03 16:41:11 +01:00
Gilles Peskine
34c43a871f Make the fields of mbedtls_pk_rsassa_pss_options public 
This makes it possible to verify RSA PSS signatures with the pk module,
which was inadvertently broken since Mbed TLS 3.0. Fixes #7040.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-02 23:06:37 +01:00
Aditya Deshpande
3b18a29c13 Amend changelog entry 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-02-02 09:06:00 +00:00
David Horstmann
a43e332fe4 Fix near-tautological repetition in ChangeLog 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-01 13:39:57 +00:00
Gilles Peskine
a193986aab
Merge pull request #6942 from ucko/2023a-bignum 
mbedtls_mpi_sub_abs: Skip memcpy when redundant (#6701).
 2023-02-01 11:36:25 +01:00
Aaron M. Ucko
a2b674f9a7 Simplify ChangeLog entry for mbedtls_mpi_sub_abs fix. 
Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>
 2023-01-31 15:31:18 -05:00
Aditya Deshpande
d05aa0fc60 Add changelog entry 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-01-30 17:22:07 +00:00
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843 
Improve X.509 cert writing serial number management
 2023-01-30 13:08:57 +01:00
David Horstmann
6fcc77cf5e Add ChangeLog for c_build_helper improvements 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-01-27 19:53:49 +00:00
Przemek Stekiel
3022370896 Add changelog entry for V3 extensions in CSR 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-27 16:06:08 +01:00
Manuel Pégourié-Gonnard
169d9e6eb4
Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215 
Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS
 2023-01-27 10:05:00 +01:00
Valerio Setti
af4815c6a4 x509: replace/fix name of new function for setting serial 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-26 17:43:09 +01:00
Dave Rodgman
fd09b31011 Add Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-01-20 11:41:43 +00:00
Gilles Peskine
bb3814c7a8 Reject key agreement chained with PSA_ALG_TLS12_ECJPAKE_TO_PMS 
The key derivation algorithm PSA_ALG_TLS12_ECJPAKE_TO_PMS cannot be
used on a shared secret from a key agreement since its input must be
an ECC public key. Reject this properly.

This is tested by test_suite_psa_crypto_op_fail.generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-19 12:11:23 +01:00
Gilles Peskine
ecaa7ca507 Add missing supported algorithm to psa/crypto_config.h 
The following shell command lists features that seem to be supported, but
are missing from include/psa/crypto_config.h:
```
for x in $(grep -ho -Ew '(PSA_WANT|MBEDTLS_PSA_BUILTIN)_\w+_\w+' library/psa_crypto*.c | sed 's/^MBEDTLS_PSA_BUILTIN/PSA_WANT/' | sort -u); do grep -qw $x include/psa/crypto_config.h || echo $x; done
```
This looks for PSA_WANT_<kind>_<thing> macros that gate a part of the
library, as well as their MBEDTLS_PSA_BUILTIN_<kind>_<thing> counterparts.
This is not necessarily a complete list of identifiers that must appear
in the config file, since a few features are not gated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-19 12:11:18 +01:00
Aaron M. Ucko
af67d2c1cf mbedtls_mpi_sub_abs: Skip memcpy when redundant (#6701). 
In some contexts, the output pointer may equal the first input
pointer, in which case copying is not only superfluous but results in
"Source and destination overlap in memcpy" errors from Valgrind (as I
observed in the context of ecp_double_jac) and a diagnostic message
from TrustInSoft Analyzer (as Pascal Cuoq reported in the context of
other ECP functions called by cert-app with a suitable certificate).

Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>
 2023-01-17 11:52:22 -05:00
Gilles Peskine
12f4122068 Announce coding style change in the changelog 
It doesn't affect users, but it affects some other external consumers of the
library.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-13 12:04:14 +01:00
Valerio Setti
791bbe629d programs: improved cert_write serial management 
Now it can accept serial both as decimal and hex number (only one format
at a time, of course, not simultaneously).

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:45 +01:00
Valerio Setti
ea19d2db73 changelog: fixed typos 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Valerio Setti
903b6aa87d Changelog: list changes in x509write_crt module 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Dave Rodgman
05bdb13be3 Update README and add changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-01-11 18:56:11 +00:00
Ronald Cron
83c5ad4873
Merge pull request #6787 from yuhaoth/pr/workaround-gnutls_anti_replay_fail 
TLS 1.3: EarlyData: Workaround anti replay fail from GnuTLS
 2023-01-11 09:05:36 +01:00
Gilles Peskine
f9c8d76db6
Merge pull request #6893 from tom-daubney-arm/modify_generate_errors_script 
Make generate_errors.pl handle directory names containing spaces when opening files
 2023-01-10 22:09:58 +01:00
Dave Rodgman
bbbd803c2e Add Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-01-10 10:08:12 +00:00
Thomas Daubney
1efe4a874d Add ChangeLog entry 
Add ChangeLog entry documenting bugfix.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-01-10 09:35:39 +00:00
Jerry Yu
3e60cada5d Improve comment and changlog 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-01-10 14:58:08 +08:00
Jerry Yu
99e902f479 Add changlog entry. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-01-07 20:20:35 +08:00
Manuel Pégourié-Gonnard
7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702 
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
 2023-01-03 09:36:58 +01:00
Valerio Setti
62e1ebbbc7 changelog: fix text error 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-28 13:28:42 +01:00
Valerio Setti
fe6c19b69c added changelog file for PR #6784 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-22 15:05:27 +01:00
Manuel Pégourié-Gonnard
2510dd41bf
Merge pull request #6282 from gstrauss/sw_derive_y 
mbedtls_ecp_point_read_binary from compressed fmt
 2022-12-22 10:20:31 +01:00
Dave Rodgman
2038da9266
Merge pull request #6826 from daverodgman/fix_gettimeofday 
Fix gettimeofday overflow
 2022-12-20 16:01:53 +00:00
Dave Rodgman
327b69c8a2 Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-20 13:16:34 +00:00
Gilles Peskine
d1dd41f3fc
Merge pull request #6723 from mpg/restartable-vs-use-psa 
Document ECP_RESTARTABLE and make it compatible with USE_PSA
 2022-12-15 19:47:44 +01:00
Dave Rodgman
01f6e61781
Merge pull request #986 from Mbed-TLS/merge-back-3.3.0-3 
Merge back 3.3.0 3
 2022-12-14 19:18:05 +00:00
Manuel Pégourié-Gonnard
ebf322ddf6
Merge pull request #6629 from concatime/cmake-config-dir 
Install CMake files in MbedTLS dir
 2022-12-14 10:30:52 +01:00
Manuel Pégourié-Gonnard
a9ac61203b
Merge pull request #6666 from daverodgman/fast_unaligned 
Fast unaligned memory access macros
 2022-12-12 12:18:17 +01:00
Dave Rodgman
852191e0b5 Improve Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-09 14:24:33 +00:00
Manuel Pégourié-Gonnard
67bad73e87 Add a ChangeLog entry for the ECDSA deterministic change 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-12-09 10:09:34 +01:00
Dave Rodgman
69591e9207 Assemble changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-08 14:59:54 +00:00
Dave Rodgman
a5b2c52885 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-3.3.0rc0-pr 2022-12-08 14:10:59 +00:00
Dave Rodgman
b74aa5a224 Add Changelog for Arm compile fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-08 13:43:08 +00:00
Dave Rodgman
98be95563d
Merge pull request #6689 from gilles-peskine-arm/changelog-20221129-pre-3.3 
Changelog improvements for 3.3
 2022-12-06 13:37:24 +00:00
Gilles Peskine
77d3057c6d More grammar fixes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-06 11:25:09 +01:00
Dave Rodgman
acbb6dc364 Merge remote-tracking branch 'origin/development' into merge-dev 2022-12-05 10:59:23 +00:00
Issam E. Maghni
760f3a0a48 Install CMake files in MbedTLS dir 
Right now, CMake files are installed in <prefix>/cmake. That being said,
it gets easily bloated, and the standard is to use a directory with the
same name as the project.

I discovered this issue with this "bug":
https://github.com/termux/termux-packages/issues/12416
The issue's author claimed that MbedTLS's files were not installed in
the lib directory. But the patch applied by termux team broke CMake's
search of MbedTLS config files. So I wanted to upstream the real fix
here instead.

Here are some examples of projects using directories:
 - https://github.com/xiph/flac/blob/1.4.2/CMakeLists.txt#L239
 - https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.15.2/CMakeLists.txt#L675
 - https://github.com/catchorg/Catch2/blob/v3.2.0/CMakeLists.txt#L62
 - https://github.com/capnproto/capnproto/blob/v0.10.2/c++/CMakeLists.txt#L162

Signed-off-by: Issam E. Maghni <issam.e.maghni@mailbox.org>
 2022-12-04 03:00:38 +00:00
Gilles Peskine
cf0074b2c8 More wording improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine
afb15206b5 Wording clarification 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine
f3cc9d925f Improve "codegen 1.1" entry 
"version 1.1 of #5137" is not meaningful to users, only as an internal
project milestone. Explain what this means from a user's point of view.

Announce the requirement for jsonschema in the proper section, which is
"Requirement changes". Mention jinja2 and basic.requirements.txt which
had not previously been explicitly mentioned in the changelog.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine
723bee67b2 Wrap lines to 79 columns max 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine
5ba1697e8a Put behavior change in the correct category 
"Changes" is for miscellaneous stuff that doesn't affect backward
compatibility.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine
6593c7e1cb Clarify PSS sigalg entry 
If my understanding is correct (to be confirmed in review), this is a new
feature which was not particularly desired on its own but was the simplest
way to fix an interoperability issue in TLS 1.2 caused accidentally by
the work on TLS 1.3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine
29a56a1251 Clarify ASN.1 entry named data free functions 
Mention the name of the new functions in the "Features" entry. Clarify what
they're for (there's no structure called mbedtls_x509_named_data, it's
mbedtls_asn1_named_data, but that name isn't so important here since we've
mentioned the names of the functions).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine
6d069afe6b Clarify that these two entries are about CMake 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine
20c1f03dd5 Improve wording, punctuation, etc. 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:47 +01:00
Dave Rodgman
bc5f03dabc Disable PKCS7 by default; improve docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-01 18:32:23 +00:00
Paul Elliott
266f79c136
Merge pull request #6426 from aditya-deshpande-arm/driver-wrapper-key-agreement 
Add driver dispatch layer for raw key agreement, along with test call for transparent drivers.
 2022-12-01 11:40:52 +00:00
Dave Rodgman
7f62f36f82 Add changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-01 09:44:31 +00:00
Aditya Deshpande
5484e96117 Add changelog entry 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-30 15:56:42 +00:00
Gilles Peskine
787c79dc1a Remove changelog entry for an internal change 
We removed internal code left over after removing a feature in Mbed TLS 3.0.
The removal of the internal code is not user-visible.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-29 22:27:03 +01:00
Gilles Peskine
d622c7de56 Changelog entry files must have a .txt extension 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-29 22:18:05 +01:00
Manuel Pégourié-Gonnard
37d41c79b8 Add ChangeLog entry for DTLS Connection ID 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-29 10:20:15 +01:00
Andrzej Kurek
a6ab9d8b12 Add a changelog entry explaining usage of PSA in TLS 1.2 EC J-PAKE 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-11-28 03:55:27 -05:00
Gilles Peskine
898db6b8e5 Move ssl_debug_helpers_generated to the correct library 
This is a private interface only, so it's an ABI change but not an API change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-26 14:15:32 +01:00
Dave Rodgman
bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0 
Fix NULL+0 undefined behavior in PSA crypto ECB
 2022-11-25 17:07:46 +00:00
Bence Szépkúti
6e85673e8d
Merge pull request #3431 from naynajain/development-pkcs7 
PKCS7 Parser - RFC 2315
 2022-11-25 15:55:46 +01:00
Dave Rodgman
f1419dbbe8
Merge pull request #6381 from tom-cosgrove-arm/pr2164 
mbedtls: fix possible false success in mbedtls_cipher_check_tag()
 2022-11-25 10:55:10 +00:00
Bence Szépkúti
12269e27b1 Add changelog for PKCS7 parser 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-11-25 05:51:40 +01:00
Manuel Pégourié-Gonnard
fecc6b2fe4 Minor tune-up to ChangeLog & documentation 
- fix a recurring typo
- use clearer names

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-24 09:40:12 +01:00
Gilles Peskine
42649d9270 Fix NULL+0 undefined behavior in ECB encryption and decryption 
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-23 14:16:52 +01:00
Manuel Pégourié-Gonnard
3518fb11d0 Improve ChangeLog entry for driver-only hashes 
- avoid long unstructured paragraph with long messy sentences
- de-emphasize "no longer depends on MD" and emphasize "can work in
some driver-only builds" instead - that's what users are interested in
(building without MD is just the current way to accomplish that, but
that will change in the future)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-23 13:23:28 +01:00
Manuel Pégourié-Gonnard
660b396e41
Merge pull request #975 from yanesca/issue-946 
Fix RSA side channel
 2022-11-23 10:30:35 +01:00
Janos Follath
33480a372b Changelog: expand conference acronym for clarity 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:11 +00:00
Janos Follath
74369b2497 Add paper title to Changelog 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath
b3608afe29 Add ChangeLog entry 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Manuel Pégourié-Gonnard
18a3856a03 Document another limitation of driver-only hashes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-22 11:59:55 +01:00
Gilles Peskine
339406daf9
Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub 
Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
 2022-11-21 19:51:58 +01:00
Dave Rodgman
9e1836cc16
Merge pull request #6593 from Mbed-TLS/fix_tls12_sent_sigalgs 
Fix TLS1.2 signature algorithms list entry getting overwritten by length.
 2022-11-21 10:09:57 +00:00
Paul Elliott
96a0fd951f Fix signature algorithms list entry getting overwritten by length. 
Fix bug whereby the supported signature algorithm list sent by the
server in the certificate request would not leave enough space for the
length to be written, and thus the first element would get overwritten,
leaving two random bytes in the last entry.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-11-17 14:58:14 +00:00
Ronald Cron
5dc7999946 Simplify the change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-17 14:51:52 +01:00
Tom Cosgrove
0f0b548519 Limit ChangeLog entry to 80 characters 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-16 14:23:51 +00:00
Ronald Cron
9a1396bfcc Add ChangeLog 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-16 11:04:48 +01:00
Gilles Peskine
af601f9751 Fix undefined behavior with the most negative mbedtls_mpi_sint 
When x is the most negative value of a two's complement type,
`(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x`
has well-defined behavior and does what was intended.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-15 23:02:14 +01:00
Gilles Peskine
db14a9d180 Fix NULL+0 in addition 0 + 0 
Fix undefined behavior (typically harmless in practice) of
mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() when
both operands are 0 and the left operand is represented with 0 limbs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-15 23:00:21 +01:00
Gilles Peskine
806c9588ef Changelog entry for the negative zero from add/sub 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-15 20:36:18 +01:00
Gilles Peskine
32605b24be
Merge pull request #6559 from ihsinme/patch-1 
dh_genprime: Fix issue where the error code returned by mbedtls_mpi_write_file() is incorrectly reported on failure
 2022-11-15 12:38:41 +01:00
Aditya Deshpande
bd2bfa92bd Add Changelog entry 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-10 15:30:12 +00:00
Gilles Peskine
4a480ac5a1
Merge pull request #6265 from Kabbah/x509-info-hwmodulename-hex 
`x509_info_subject_alt_name`: Render HardwareModuleName as hex
 2022-11-08 17:11:07 +01:00
Gilles Peskine
42d75f2daf
Merge pull request #6013 from gstrauss/asn1-type-free 
Shared code to free x509 structs like mbedtls_x509_named_data
 2022-11-08 12:20:20 +01:00
Glenn Strauss
82ba274c01 Deprecate mbedtls_asn1_free_named_data() 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-11-07 15:42:44 -05:00
Gilles Peskine
bf249accc7
Merge pull request #6498 from yuhaoth/pr/fix-session-resumption-fail-when-hostname-is-not-localhost 
BUG: Fix session resumption fail when hostname is not localhost
 2022-11-07 17:33:38 +01:00
Gilles Peskine
34c09469f3
Merge pull request #5396 from SiliconLabs/codegen_1.1 
Driver dispatch Codegen 1.1
 2022-11-07 15:27:41 +01:00
Asfandyar Orakzai
9b656d3c80 removed stray whitespaces from change logs 
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
 2022-11-03 11:39:36 +01:00
Asfandyar Orakzai
65cd8a4a23 fixed formating issues in psa_crypto_code_gen_1_1.txt 
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
 2022-11-03 11:16:40 +01:00
Asfandyar Orakzai
4f63ac4358 fixed changelog formating 
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
 2022-11-03 10:18:05 +01:00
Asfandyar Orakzai
ee2b637d03 Fixed change log issue 
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
 2022-11-02 21:50:27 +01:00
Dave Rodgman
5875f5f96b Add Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 16:28:03 +00:00
Dave Rodgman
e8734d8a55
Apply suggestions from code review 
Two spelling fixes (changelog & a comment)

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-31 14:30:24 +00:00
Dave Rodgman
55fd0b9fc1
Merge pull request #6121 from daverodgman/pr277 
cert_write - add a way to set extended key usages - rebase
 2022-10-31 13:27:49 +00:00
Dave Rodgman
1a22bef116
Merge pull request #6190 from daverodgman/invalid-ecdsa-pubkey 
Improve ECDSA verify validation
 2022-10-31 09:37:26 +00:00
Jerry Yu
12f5c6b2bc Add changelog entry 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-30 17:57:06 +08:00
Glenn Strauss
a4b4041219 Shared code to free x509 structs 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-10-28 12:51:35 -04:00
Dave Rodgman
b3166f4b2f Update Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-28 11:39:04 +01:00
Dave Rodgman
d7dfc0922e Update Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-28 11:38:05 +01:00
Dave Rodgman
169ae4f528 Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-28 11:24:29 +01:00
Ronald Cron
04e2133f45
Merge pull request #6482 from ronald-cron-arm/tls13-misc 
TLS 1.3: Update documentation for the coming release and misc
 2022-10-28 11:09:03 +02:00
Dave Rodgman
ce48c92c6c Credit Cryptofuzz in the changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-27 20:37:23 +01:00
Dave Rodgman
5d13e5e568 Improve changelog for ECDSA verify fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-27 20:34:21 +01:00
Ronald Cron
85b9e09525 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-26 15:18:37 +02:00
Ronald Cron
c9176a03a7
Merge pull request #6410 from gilles-peskine-arm/psa-pkparse-pkwrite-3.2 
PSA with RSA requires PK_WRITE and PK_PARSE
 2022-10-26 14:57:36 +02:00
Ronald Cron
4f7feca0dc
Merge pull request #6391 from davidhorstmann-arm/fix-x509-get-name-cleanup 
The Open CI ran successfully thus I think we can ignore the internal CI.
 2022-10-26 14:27:54 +02:00
Gilles Peskine
8874cd570e
Merge pull request #4826 from RcColes/development 
Add LMS implementation
 2022-10-14 18:33:01 +02:00
Manuel Pégourié-Gonnard
b3c30907d6
Merge pull request #6383 from mprse/aead_driver_test 
Enable testing of AEAD drivers with libtestdriver1
 2022-10-14 11:11:01 +02:00
Raef Coles
2ad6e611f0
Update LMS/LMOTS documentation 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:20 +01:00
Raef Coles
8ff6df538c
Add LMS implementation 
Also an LM-OTS implementation as one is required for LMS.

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:15 +01:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2 
Include platform.h unconditionally
 2022-10-13 10:19:22 +02:00
Pol Henarejos
c9754c3ec1
Merge branch 'Mbed-TLS:development' into sha3 2022-10-13 08:28:13 +02:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types 
Test TLS 1.2 builds with each encryption type
 2022-10-12 12:45:50 +02:00
Przemek Stekiel
ea37bb2403 Add changelog entry 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-12 11:17:41 +02:00
Gilles Peskine
fcee740b83 Automatically enable PK_PARSE for RSA in PSA 
PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost
anything with them (import, get attributes, export public from private, any
cryptographic operations). Force it on, for symmetry with what we're doing
for MBEDTLS_PK_WRITE_C. Fixes #6409.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-11 21:15:24 +02:00
Gilles Peskine
fd94304f9d PSA RSA needs pk_write 
The PSA crypto code needs mbedtls_pk_write_key_der() and
mbedtls_pk_write_pubkey() when using RSA without drivers. We were already
forcing MBEDTLS_PK_WRITE_C when MBEDTLS_USE_PSA_CRYPTO is enabled. Do so
also when MBEDTLS_PSA_CRYPTO_C is enabled as well as MBEDTLS_RSA_C, even
without MBEDTLS_USE_PSA_CRYPTO. Fixes #6408.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-11 21:09:12 +02:00
Przemek Stekiel
1f02c6c25e Reword change log entry 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-10 13:30:52 +02:00
David Horstmann
05bb2c5d0e Add ChangeLog entry for memory leak fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-05 12:09:18 +01:00
Przemek Stekiel
e32cd44490 Add changelog entry: tls 1.2 builds with single encryption type 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-05 09:46:35 +02:00
Glenn Strauss
2ff77119df mbedtls_ecp_point_read_binary from compressed fmt 
mbedtls_ecp_point_read_binary from MBEDTLS_ECP_PF_COMPRESSED format

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-10-03 05:43:27 -04:00
Tom Cosgrove
51a0163828 Add ChangeLog entry 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-30 18:10:58 +01:00
Victor Barpp Gomes
00a02b1468 Add Changelog entry 
Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>
 2022-09-29 13:52:55 -03:00
Manuel Pégourié-Gonnard
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2 
Permissions 2b: TLS 1.3 sigalg selection
 2022-09-28 09:50:04 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2 
Ad-hoc KDF for EC J-PAKE in TLS 1.2
 2022-09-28 09:47:32 +02:00
Ronald Cron
cba39a386f Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-27 19:10:39 +02:00
Andrzej Kurek
f13925c022 Add a changelog entry for ECJPAKE to PMS KDF 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-27 05:16:10 -04:00
Gilles Peskine
8c2d236117
Merge pull request #6188 from N3xed/fix/windows-different-drives-build-error 
Copy files instead of hard-linking on Windows
 2022-09-23 17:03:50 +02:00
Manuel Pégourié-Gonnard
c998e43eb4 Add ChangeLog entry about driver-only hashes. 
(The first entry will need editing if support for ENTROPY_C is sorted out
before the next release.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:03:52 +02:00
Gilles Peskine
d6355caa8f Include platform.h unconditionally: fixes undefined mbedtls_setbuf 
Now that mbedtls/platform.h is included unconditionally, there are no more
configurations where mbedtls_setbuf was accidentally left out of the manual
definitions when MBEDTLS_PLATFORM_C is disabled. Fixes #6118, #6196.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-09-15 20:34:50 +02:00
Neil Armstrong
19bb9913c2 Update changelog entry for new PSA PAKE feature 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
bb28c56796 Add changelog entry for new PSA PAKE feature 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Dave Rodgman
5a28142410
Merge pull request #6189 from Kxuan/fix-ctr_drbg-uninit 
ctr_drbg: fix free uninitialized aes context
 2022-08-24 14:58:44 +01:00
Dave Rodgman
d106308c83 Changelog for ECDSA verify fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-19 11:16:37 +01:00
Dave Rodgman
273efeb0eb Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-12 11:02:03 +01:00
kXuan
9ac6b28e27
ctr_drbg: remove mbedtls_aes_init call from mbedtls_ctr_drbg_seed 
Since 11e9310 add mbedtls_aes_init call in mbedtls_ctr_drbg_init, it
should not init aes_ctx again in mbedtls_ctr_drbg_seed.

Signed-off-by: kXuan <kxuanobj@gmail.com>
 2022-08-11 16:38:45 +08:00
Dominik Gschwind
c6d16362f3
Copy files instead of hard-linking on Windows 
Fixes an issue on Windows where when source and build directory are on different drives hard-linking
to files or directory fails as it doesn't work across filesystem boundaries. Note that symlinking is also
not possible because it requires administrator privileges on Windows.

The solution copies the files using the built-in cmake `configure_file(src dest COPYONLY)` command.
As this command only operates on files, if a directory is specified the files will be globbed recursively
and through symlinks.

Signed-off-by: Dominik Gschwind <dominik.gschwind99@gmail.com>
 2022-08-10 16:27:14 +02:00
Dave Rodgman
f421d45869
Merge pull request #6139 from AdityaHPatwardhan/fix/build_error_due_to_missing_prototype 
Fix build error due to  missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled
 2022-08-09 11:27:42 +01:00
Dave Rodgman
384f1e61f7
Merge pull request #5950 from savent404/development 
cmake: IAR support option( MBEDTLS_FATAL_WARNINGS)
 2022-08-09 10:52:31 +01:00
Dave Rodgman
953ce3962f
Merge pull request #5971 from yuhaoth/pr/add-rsa-pss-rsae-for-tls12 
Add rsa pss rsae for tls12
 2022-08-09 10:21:45 +01:00
Gilles Peskine
b3edc1576c
Merge pull request #2602 from edsiper/crt-symlink 
x509_crt: handle properly broken links when looking for certificates
 2022-08-03 13:05:29 +02:00
Gilles Peskine
7e1ee0f04b
Merge pull request #6114 from mman/development 
Use double quotes to include private header file psa_crypto_cipher.h
 2022-08-03 13:04:57 +02:00
Martin Man
4741e0b56c Use double quotes to include private header file psa_crypto_cipher.h 
Signed-off-by: Martin Man <mman@martinman.net>
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
 2022-08-02 12:44:35 +02:00
Aditya Patwardhan
3096f331ee Fix missing prototype warning when MBEDTLS_DEPRECATED_REMOVED is 
enabled

Added the changelog.d entry

Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
 2022-08-02 11:15:18 +05:30
savent
5d8adab983 cmake: IAR support option( MBEDTLS_FATAL_WARNINGS) 
IAR toolchain makes some warning, forcing 'warning as error' is not for sure.

Signed-off-by: savent <savent_gate@outlook.com>
 2022-08-02 03:23:02 +00:00
Dave Rodgman
919ff15ecf
Merge pull request #4686 from Kazuyuki-Kimura/patch_#2020 
Fixed a bug that the little-endian Microblaze does not work when MBEDTLS_HAVE_ASM is defined
 2022-07-29 17:08:11 +01:00
Jerry Yu
eec4f03c60 fix typo and changelog entry issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-28 23:08:00 +08:00
Jerry Yu
72a858517b add changelog entry 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-28 23:08:00 +08:00
Dave Rodgman
257319a33e
Merge pull request #6133 from tom-cosgrove-arm/extend-query_compile_time_config-to-psa_want 
Extend query_compile_time_config to PSA_WANT_xxx macros
 2022-07-28 13:01:09 +01:00
Thomas Daubney
69576274cc Add ChangeLog entry 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-07-26 16:13:23 +01:00
Tom Cosgrove
ff3c6c1a1a Add parsing of psa/crypto_config.h for PSA_WANT_xxx to query_compile_time_config 
Fixes #6131

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-07-25 12:19:35 +01:00
Dave Rodgman
a948f0588c
Merge pull request #1986 from jacmet/bn_mul-fix-x86-pic-compilation-for-gcc-4 
bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5
 2022-07-21 17:34:48 +01:00
Dave Rodgman
ecc1031dbf
Merge pull request #6086 from paul-elliott-arm/fix_cmake_no_gen_files 
Fix linking of generated files in cmake
 2022-07-20 16:13:42 +01:00
Dave Rodgman
7085aa42ee
Merge pull request #5896 from wernerlewis/aes_shallow_copy 
Refactor AES context to be shallow-copyable
 2022-07-20 15:16:37 +01:00
Dave Rodgman
c95cb6d6e5 Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-20 14:37:08 +01:00
Paul Elliott
582f72bf3b Fix linking of generated files in cmake 
If generation of files is turned off, and a file is missing, when
building in tree with cmake, you can end up with the generated file
being turned into a symlink to itself. This will also break any future
attempt at building with make. Fix this by testing if the file exists
prior to attempting to link it.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-19 17:23:30 +01:00
Tom Cosgrove
d99f24c792 Add a ChangeLog entry 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-07-19 08:55:48 +01:00
Paul Elliott
2238eed2d9 Update Changelog for 3.2.0 release 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-11 13:55:59 +01:00
Paul Elliott
2089fd0ea9 Rename Changelog entries that don't have .txt extension 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-11 13:52:54 +01:00
Paul Elliott
237c87ba0e Add missing Changelog entries 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-11 13:52:28 +01:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Paul Elliott
6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash 
Fix DTLS 1.2 session resumption
 2022-07-06 15:03:36 +01:00
Andrzej Kurek
1ce9ca0630 Changelog rewording 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 06:50:30 -04:00
Paul Elliott
826762e315
Merge pull request #5765 from leorosen/fix-some-resource-leaks 
Fix resource leaks
 2022-07-05 23:12:02 +01:00
Andrzej Kurek
3a29e9cf57 Improve changelog wording 
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-05 10:49:10 -04:00
Andrzej Kurek
2e1a232261 Fix changelog wording 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Andrzej Kurek
9abad0c5ef Improve the changelog message to contain more details 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:18:29 -04:00
Paul Elliott
b7aba1a584 Improve Changelog 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-04 06:49:26 -04:00
Leonid Rozenboim
56e01f37a8 Created customary ChangeLog.d entry. 
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-07-04 06:49:26 -04:00
Manuel Pégourié-Gonnard
465341f438 Add ChangeLog entries for general Use PSA improvements 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:44:37 +02:00
Paul Elliott
41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf 
Turn off stdio buffering with setbuf()
 2022-07-04 10:12:22 +01:00
Paul Elliott
bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints 
Add accessors to config DN hints for cert request
 2022-07-01 17:23:14 +01:00
Paul Elliott
dfb5da2a99 Fix changelog requirements section. 
Setbuf() is currently not guarded by MBEDTLS_FS_IO, nor can it easily be
so. Raised a seperate issue to cover this, and removed the mention of
MBEDTLS_FS_IO from the Changelog.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-01 16:32:14 +01:00
Ronald Cron
7922bfbd47
Merge pull request #6005 from ronald-cron-arm/tls13-changelogs-doc-update 
TLS 1.3: Add missing change logs and update doc for 3.2 release

Validated by the internal CI, ready to be merged.
 2022-07-01 17:27:33 +02:00
Ronald Cron
3cb707dc6d Fix and improve logs and documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-01 14:36:52 +02:00
Manuel Pégourié-Gonnard
8b8a1610f7
Merge pull request #936 from paul-elliott-arm/fix_tls_record_size_check 
Fix the wrong variable being used for TLS record size checks
 2022-07-01 12:29:48 +02:00
Manuel Pégourié-Gonnard
790ab52ee0
Merge pull request #5962 from gilles-peskine-arm/storage-format-doc-202206 
Documentation about storage format compatibility
 2022-07-01 12:21:17 +02:00
Ronald Cron
08346434d2 Add TLS 1.3 change logs 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-01 11:37:07 +02:00
Gilles Peskine
cf4d9f98c7 Changelog entry for mbedtls_setbuf() 
* Security: we're improving a countermeasure.
* Requirement change: the library will no longer compile on a platform
  without setbuf().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 17:11:30 +02:00
Ronald Cron
cb67e1a890
Merge pull request #5917 from gilles-peskine-arm/asn1write-0-fix 
Improve ASN.1 write tests
 2022-06-30 15:42:16 +02:00
Tom Cosgrove
d7adb3c7d9 Add comments about MBEDTLS_PSA_CRYPTO_C also being required by MBEDTLS_SSL_PROTO_TLS1_3 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-06-30 09:48:40 +01:00
Paul Elliott
f6a56cf5ff
Merge pull request #939 from ronald-cron-arm/tls13-add-missing-overread-check 
TLS 1.3: Add missing overread check
 2022-06-29 17:01:14 +01:00
Tom Cosgrove
afb2fe1acf Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3 
Also have check_config.h enforce this. And MBEDTLS_SSL_EXPORT_KEYS has been removed,
so no longer mention it.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-06-29 16:36:12 +01:00
Werner Lewis
dd76ef359d Refactor AES context to be shallow-copyable 
Replace RK pointer in AES context with a buffer offset, to allow
shallow copying. Fixes #2147.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-29 16:17:50 +01:00
Dave Rodgman
1dc6848679
Merge pull request #5976 from gilles-peskine-arm/selftest-calloc-pointer-comparison-fix-development 
Remove largely useless bit of test log to silence GCC 12
 2022-06-29 15:25:04 +01:00
Dave Rodgman
5b50f38f92
Merge pull request #934 from gilles-peskine-arm/mpi-0-mod-2 
Fix null pointer dereference in mpi_mod_int(0, 2)
 2022-06-29 15:02:59 +01:00
Gilles Peskine
d86abf2392
Merge pull request #5861 from wernerlewis/csr_subject_comma 
Fix output of commas and other special characters in X509 DN values
 2022-06-28 21:00:49 +02:00
Gilles Peskine
7d14c19730
Merge pull request #5905 from gilles-peskine-arm/changelog-improvements-20220609-development 
Changelog improvements before the 3.2 release
 2022-06-28 21:00:10 +02:00
Glenn Strauss
999ef70b27 Add accessors to config DN hints for cert request 
mbedtls_ssl_conf_dn_hints()
mbedtls_ssl_set_hs_dn_hints()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-06-28 12:43:59 -04:00
Gilles Peskine
bf918b9cfe Use headlinese for added functions, per request 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 23:34:32 +02:00
Dave Rodgman
f5b7082f6e
Merge pull request #5811 from polhenarejos/bug_x448 
Fix order value for curve x448
 2022-06-27 13:47:24 +01:00
Gilles Peskine
251ca25d94 Clarify potential ambiguity in changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 14:47:15 +02:00
Werner Lewis
fd8cfe4f8e Replace parsing with outputting 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 11:23:43 +01:00
Werner Lewis
b33dacdb50 Fix parsing of special chars in X509 DN values 
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes #769.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 11:19:50 +01:00
Ronald Cron
e0d7367a9e Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:28:49 +02:00
Ronald Cron
9738a8d0fd
Merge pull request #943 from ronald-cron-arm/tls13-fix-key-usage-checks 
TLS 1.3: Fix certificate key usage checks
 2022-06-27 08:32:17 +02:00
Gilles Peskine
0ff241a1ea Remove largely useless bit of test log to silence GCC 12 
GCC 12 emits a warning because it thinks `buffer1` is used after having been
freed. The code is correct C because we're only using the value of
`(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for
anything useful: it doesn't really matter if an alloc-free-alloc sequence
returns the same address twice. So don't print that bit of information, and
this way we don't need to save the old address.

Fixes #5974.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-25 14:29:23 +02:00
Paul Elliott
668b31f210 Fix the wrong variable being used for TLS record size checks 
Fix an issue whereby a variable was used to check the size of incoming
TLS records against the configured maximum prior to it being set to the
right value.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-06-24 20:09:37 +01:00
Manuel Pégourié-Gonnard
93a7f7d7f8
Merge pull request #5954 from wernerlewis/x509_next_merged 
Add mbedtls_x509_dn_get_next function
 2022-06-24 09:59:22 +02:00
Andrzej Kurek
5708b45154 Add a changelog entry for the session resumption + CID bug 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-23 08:00:14 -04:00
Manuel Pégourié-Gonnard
19a567ba43 Fix impact evaluation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard
32a38dfec5 Add ChangeLog for potential overread with USE_PSA 
The issue was fixed while adding support for static ECDH with Opaque
keys: https://github.com/Mbed-TLS/mbedtls/pull/5624

This is just adding the ChangeLog entry for that fix.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:12:29 +02:00
Gilles Peskine
e0469b5908
Merge pull request #931 from AndrzejKurek/clihlo_cookie_pxy_fix 
Add a client hello cookie_len overflow test
 2022-06-20 19:35:54 +02:00
Gilles Peskine
98473c4523 Officially deprecate MBEDTLS_PSA_CRYPTO_SE_C 
This was intended as experimental, and we've been saying for a long time
that it's superseded by the "unified driver interface", but we hadn't
documented that inside the Mbed TLS source code. So announce it as
deprecated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-20 18:46:22 +02:00
Gilles Peskine
36aeb7f163
Merge pull request #5834 from mprse/HKDF_1 
HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms
 2022-06-20 15:27:46 +02:00
Ronald Cron
c3e9abedff Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-20 13:53:50 +02:00
Werner Lewis
b3acb053fb Add mbedtls_x509_dn_get_next function 
Allow iteration through relative DNs when X509 name contains multi-
value RDNs.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-17 16:40:55 +01:00
Gilles Peskine
321a08944b Fix bug whereby 0 was written as 0200 rather than 020100 
0200 is not just non-DER, it's completely invalid, since there has to be a
sign bit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-10 20:13:33 +02:00
Andrzej Kurek
96d5439da5 Fix incorrect changelog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-10 04:26:08 -04:00
Gilles Peskine
ae25bb043c Fix null pointer dereference in mpi_mod_int(0, 2) 
Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or
mbedtls_mpi_write_string() in base 2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-09 19:32:46 +02:00
Gilles Peskine
76c1c6b9c1 Changelog: minor copyediting 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-09 18:51:18 +02:00
Gilles Peskine
e1efbf7f36 Changelog: when adding a new function, state its name 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-09 18:50:50 +02:00
Gilles Peskine
c23a6d4feb Changelog: make some long entries about TLS 1.3 more to the point 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-09 18:50:06 +02:00
Gilles Peskine
26a51cfe54 Changelog: list deprecations in the dedicated section 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-09 18:49:07 +02:00
Gilles Peskine
8df3623bee Changelog: clarify some cmake-related entries as being about cmake 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-09 18:48:21 +02:00
Gilles Peskine
fed024dd52 Changelog: mention bug id in bugfix entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-09 18:44:51 +02:00
Gilles Peskine
d99083f7a4 Changelog: remove bugfix entry that's actually a robustness improvement 
If the key agreement or the public key export in
ssl_write_client_key_exchange() fails, the handshake enters a failed state.
The only valid thing you can do in a failed handshake is to abort it, which
calls mbedtls_ssl_handshake_free(), which destroys ecdh_psa_privey. While
it's good hygiene to destroy the key in the function that creates it, it
would have been cleaned up a little later in the normal course of things
anyway, so there wasn't an actual bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-09 18:38:35 +02:00
Gilles Peskine
3ea721e234 Changelog: Remove redundant entry about USE_PSA_CRYPTO in reduced configs 
The entry for “Fix several bugs…” already covers this. This is borderline an
internal detail anyway.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-09 18:36:47 +02:00
Gilles Peskine
10301d4322 Changelog: Consolidate and clarify Armv8 SHA2 acceleration support 
Consolidate the entries for SHA512 and SHA256 since they are being released
together.

List the algorithms generically as SHA-2 since this also applies to SHA224
and SHA384.

Clearly state that the instructions are only supported when building for
Aarch64 (64-bit ARMv8+) and not for Aarch32 (32-bit ARMv8+).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-09 18:32:22 +02:00
Dave Rodgman
11930699f1
Merge pull request #5827 from wernerlewis/time_utc 
Use ASN1 UTC tags for dates before 2000
 2022-06-08 13:54:19 +01:00
Paul Elliott
5f2bc754d6
Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests 
Pr/add-tls13-moving-state-tests
 2022-06-08 13:39:52 +01:00
Ronald Cron
5313f034b4 Add change log 
Add change log for the bug fixed in
"fix move state to handshake over fail" commit

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-08 09:26:03 +02:00
Dave Rodgman
4b55a89327
Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor 
Add accessor for x509 certificate extension types
 2022-06-06 21:51:38 +01:00
Andrzej Kurek
e6487ab490 Add a changelog entry for the cookie parsing bounds bug 
Co-authored-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-06 15:31:08 -04:00
Dave Rodgman
5e03d9e601
Merge pull request #5837 from robert-shade/robert-shade/add_subdirectory_support 
Allow building as a subdir
 2022-06-06 14:11:06 +01:00
Przemek Stekiel
452a415476 Changelog: HKDF-Expand and HKDF-Extract as separate algorithms in the PSA API 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:15 +02:00
Werner Lewis
acd01e58a3 Use ASN1 UTC tags for dates before 2000 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-01 16:24:28 +01:00
Thomas Daubney
3d3cfc5553 Add Changelog entry 
Add Changelog entry for changes made in this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-01 10:23:50 +01:00
Gilles Peskine
f940693960
Merge pull request #5725 from tom-daubney-arm/x25519_program 
Rewrite x25519 example program
 2022-05-31 11:27:22 +02:00
Gilles Peskine
09858ae664
Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa 
Deprecate mbedtls_cipher_setup_psa()
 2022-05-31 10:56:52 +02:00
Dave Rodgman
3527880849 Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-30 17:55:13 +01:00
Dave Rodgman
a636d1f192
Merge pull request #5714 from daverodgman/k-stachowiak_static-runtime-option-msvc 
Enable static linking of the common runtime in MSVC
 2022-05-25 14:47:58 +01:00
Dave Rodgman
32c995afa3
Merge pull request #5724 from Biswa96/cmake-mingw 
cmake: Fix runtime library install location in mingw
 2022-05-25 13:34:43 +01:00
Robert Shade
591e729b54 Allow building as a subdir 
Fixes #5688

Signed-off-by: Robert Shade <robert.shade@gmail.com>
 2022-05-21 12:55:12 -04:00
Thomas Daubney
eff0f3f5be Add changelog entry 
Add changelog entry for bug fix in sample program.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-05-20 18:46:02 +01:00
Gilles Peskine
3e56130fb9 psa_raw_key_agreement: return BUFFER_TOO_SMALL when warranted 
psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH,
the only algorithm that is currently implemented. Make it return the correct
error code.

The reason for the wrong error code is that ecdh.c returns
MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It
might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL,
but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the
impact of the fix, handle this in the PSA layer.

Fixes #5735.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:37:54 +02:00
Dave Rodgman
3383e432bc Add changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-10 13:46:09 +01:00
Pol Henarejos
0cd1f1c77f
Add SHA-3 module. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-09 01:04:15 +02:00
Przemek Stekiel
fd750d1d9a Add change log entry: deprecate mbedtls_cipher_setup_psa 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-06 12:45:34 +02:00
Pol Henarejos
f72803d6f9
Removing tabs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 20:12:13 +02:00
Pol Henarejos
030e802198
Added Changelog entry. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 19:28:15 +02:00
Werner Lewis
b374a98e7d Add ChangeLog entry 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-05-04 16:25:53 +01:00
Gilles Peskine
038108388a
Merge pull request #5654 from gilles-peskine-arm/psa-crypto-config-file 
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
 2022-04-28 18:17:50 +02:00
Gilles Peskine
4acd3c7ab1
Merge pull request #5776 from mprse/mixed_psk_log 
Add change log entry for mixed-psk
 2022-04-28 18:14:41 +02:00
Gilles Peskine
f21617915f
Merge pull request #2082 from hanno-arm/iotssl-2490 
Fix documentation of allowed_pks field in mbedtls_x509_crt_profile
 2022-04-28 18:13:55 +02:00
Hanno Becker
002a7b20ec Adapt ChangeLog 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-04-25 11:17:40 +02:00
Przemek Stekiel
b51561b017 Add change log entry for mixed-psk 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-25 08:52:26 +02:00
Biswapriyo Nath
d7e0ee42b8 cmake: Fix runtime library install location in mingw 
This install DLLs in bin directory instead of lib.

Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
 2022-04-22 20:59:50 +05:30
Biswapriyo Nath
0f2e87bdf5 cmake: Use GnuInstallDirs to customize install directories 
Replace custom LIB_INSTALL_DIR with standard CMAKE_INSTALL_LIBDIR variable.
For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set.

Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
 2022-04-22 20:59:28 +05:30
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk 
Run ssl-opt.sh in more reduced configurations
 2022-04-21 12:03:53 +02:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers 
Unify internal/external TLS protocol version enums
 2022-04-19 17:05:26 +01:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail 
PSA: systematically test operation failure
 2022-04-15 10:52:47 +02:00
Glenn Strauss
d09b343ffc Deprecate mbedtls_ssl_conf_(min/max)_version() 
Deprecate mbedtls_ssl_conf_max_version()
Replaced with mbedtls_ssl_conf_max_tls_version()

Deprecate mbedtls_ssl_conf_min_version()
Replaced with mbedtls_ssl_conf_min_tls_version()

(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
dff84620a0 Unify internal/external TLS protocol version enums 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 13:45:20 -04:00
Gilles Peskine
5dc8a0ac5a Wording improvement 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-14 12:46:06 +02:00
Gilles Peskine
70b8a69b20 Add changelog entry for #3998 fix 
The fix was in https://github.com/ARMmbed/mbedtls/pull/4989.
We forgot to add a changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-13 16:14:01 +02:00
Gilles Peskine
43b0943736
Merge pull request #1946 from hanno-arm/alert_reentrant 
Make mbedtls_ssl_send_alert_message() reentrant
 2022-04-12 11:05:20 +02:00
Manuel Pégourié-Gonnard
eaf3086831
Merge pull request #1133 from RonEld/1805 
Fix Shared Library compilation issue with Cmake
 2022-04-11 09:31:59 +02:00
Krzysztof Stachowiak
8790fa2088 Add ChangeLog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 15:17:47 +01:00
Dave Rodgman
f945e0a475 Update ChangeLog.d/alert_reentrant.txt 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:59:30 +01:00
Hanno Becker
8813c03cb0 Add ChangeLog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:16:55 +01:00
Gilles Peskine
f4c6eb0a49 Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE 
When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, support an alternative file to
include instead of "psa/crypto_config.h", and an additional file to include
after it. This follows the model of the existing MBEDTLS_{,USER_}CONFIG_FILE.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-07 21:40:22 +02:00
Glenn Strauss
236e17ec26 Introduce mbedtls_ssl_hs_cb_t typedef 
Inline func for mbedtls_ssl_conf_cert_cb()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-07 14:18:30 -04:00
Gilles Peskine
a91b68564c
Merge pull request #5429 from yuhaoth/pr/fix-parallel-build-fail-of-cmake_out_source 
fix parallel build fail of cmake out source
 2022-04-07 16:21:43 +02:00
Manuel Pégourié-Gonnard
33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors 
Accessors to own CID within mbedtls_ssl_context
 2022-04-01 11:36:00 +02:00
Paul Elliott
0113cf1022 Add accessor for own cid to ssl context 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-31 19:21:41 +01:00
Manuel Pégourié-Gonnard
3304f253d7
Merge pull request #5653 from paul-elliott-arm/handshake_over 
Add mbedtls_ssl_is_handshake_over()
 2022-03-30 12:16:40 +02:00
Paul Elliott
571f1187b6
Merge pull request #5642 from mprse/ecp_export 
Add ECP keypair export function
 2022-03-29 17:19:04 +01:00
Dave Rodgman
1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal 
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
 2022-03-29 15:34:12 +01:00
Ronald Cron
63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512 
Add rsae sha384 sha512
 2022-03-29 14:01:51 +02:00
Przemek Stekiel
2076cbe511 Add function name to changelog 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-28 07:22:11 +02:00
Tom Cosgrove
87fbfb5d82 SECLIB-667: Accelerate SHA-512 with A64 crypto extensions 
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.

The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-03-23 21:40:53 +00:00
Paul Elliott
93ba3e3918 Add mbedtls_ssl_is_handshake_over() function 
Add function to query if SSL handshake is over or not, in order to
determine when to stop calling mbedtls_ssl_handshake_step among other
things. Document function, and add warnings that the previous method of
ascertaining if handshake was over is now deprecated, and may break in
future releases.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-22 22:47:49 +00:00
Jerry Yu
8beb9e173d Change prototype of pk_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Paul Elliott
a5bebc297b Add changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-21 15:27:25 +00:00
Przemek Stekiel
815af94905 Add ChangeLog file 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-18 15:10:31 +01:00
Ron Eldor
183264cb95 Fix shared library link error with cmake on Windows 
Set the library path as the current binary dir

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-03-17 12:07:50 +00:00
Gilles Peskine
08622b6dc7 Declare PSA_WANT_ALG_CCM_STAR_NO_TAG and use it in tests 
CCM*-no-tag is currently available whenever CCM is, so declare
PSA_WANT_ALG_CCM_STAR_NO_TAG whenever PSA_WANT_ALG_CCM is declared and vice
versa.

Fix dependencies of test cases that use PSA_ALG_CCM_STAR_NO_TAG: some were
using PSA_WANT_ALG_CCM and some had altogether wrong dependencies.

This commit does not touch library code. There is still no provision for
providing CCM support without CCM*-no-tag or vice versa.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-03-16 13:54:25 +01:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless 
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
 2022-03-15 16:43:19 +00:00
Dave Rodgman
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal 
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
 2022-03-14 12:57:37 +00:00
Manuel Pégourié-Gonnard
c11bffe989
Merge pull request #5139 from mprse/key_der_ecc 
PSA: implement key derivation for ECC keys
 2022-03-14 09:17:13 +01:00
Przemek Stekiel
b38f797a24 Add change log entry for psa ECC key derivation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-11 14:12:34 +01:00
Jerry Yu
7599f3109a Update changelog entry 
Remove internal details. Add the condition of the bug.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-11 16:30:20 +08:00
Gilles Peskine
81d903f5aa
Merge pull request #5510 from SiliconLabs/feature/PSEC-3269-MD-X.509-hashing 
feat: MD: X.509 hashing
 2022-03-10 20:16:43 +01:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data 
server certificate selection callback
 2022-03-10 11:51:42 +01:00
Dave Rodgman
73e91e13a6
Merge pull request #2229 from RonEld/fix_test_md_api_violation 
Fix test md api violation
 2022-03-10 09:21:47 +00:00
Paul Elliott
17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn 
Port ALPN support for tls13 client from tls13-prototype
 2022-03-08 17:53:38 +00:00
Jerry Yu
6dd2e34848 Add changelog entry 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-08 14:56:31 +08:00
Gilles Peskine
15364ffb03
Merge pull request #5579 from SiliconLabs/erase_secret_before_free 
Erase secrets in allocated memory before freeing said memory
 2022-03-07 17:04:04 +01:00
Tom Cosgrove
70245bee01 Add ChangeLog entry for fix to mbedtls_md_process() test 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-03-04 16:48:49 +00:00
Andrzej Kurek
3475b26375 Add a changelog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Gilles Peskine
d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters 
Add function to get message digest info from context
 2022-03-02 16:44:26 +01:00
Gilles Peskine
5459a15863
Merge pull request #5365 from Tachi107/msvc-utf-8 
build(msvc): always assume source files are in UTF-8
 2022-03-02 16:42:33 +01:00
Glenn Strauss
6989407261 Add accessor to retrieve SNI during handshake 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Glenn Strauss
36872dbd0b Provide means to reset handshake cert list 
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null.  Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:48 -05:00
Glenn Strauss
2ed95279c0 Add server certificate selection callback 
https://github.com/ARMmbed/mbedtls/issues/5430

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 17:31:49 -05:00
Steven Cooreman
4b94f10b93 Add changelog entry for zeroizing key buffers before freeing 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2022-02-25 16:53:11 +01:00
Andrzej Kurek
a0237f86d3 Add missing key destruction calls in ssl_write_client_key_exchange 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-25 04:36:40 -05:00
Andrea Pappacoda
9202909d07
build(msvc): always assume source files are in UTF-8 
Fixes https://github.com/ARMmbed/mbedtls/issues/4205

Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>
 2022-02-23 23:13:09 +01:00
Gilles Peskine
9cb08822a1 Minor clarification 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:02 +01:00
Gilles Peskine
80dae04f24 Make user_data fields private 
Add accessor functions.

Add unit tests for the accessor functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
c63a1e0e15 Fix mbedtls_ssl_get_version() for TLSv1.3 
Test it in ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
e1a0c25f71 New function to access the TLS version from a context as an enum 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
915896f03c Add accessor function from mbedtls_ssl_context to the configuration 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
69477b5706 Add a field for application data to TLS structures 
In structure types that are passed to user callbacks, add a field that the
library won't ever care about. The application can use this field to either
identify an instance of the structure with a handle, or store a pointer to
extra data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Tom Cosgrove
f3ebd90a1c SECLIB-667: Accelerate SHA-256 with A64 crypto extensions 
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.

The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-02-21 08:37:26 +00:00
Manuel Pégourié-Gonnard
4fa604cc3b
Merge pull request #5511 from SiliconLabs/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0 
feat: Update test_suite_psa_its to NOT use UID=0
 2022-02-17 11:49:33 +01:00
Manuel Pégourié-Gonnard
3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto 
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
 2022-02-16 17:33:47 +01:00
Manuel Pégourié-Gonnard
e14b644f4d
Merge pull request #5456 from mpg/cleanup-ecdh-psa 
Cleanup PSA-based ECDHE in TLS 1.2
 2022-02-15 09:09:07 +01:00
lhuang04
86cacac91a Port ALPN support for tls13 client from tls13-prototype 
Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124).

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2022-02-14 08:03:32 -08:00
Ronald Cron
fb84e98fb4 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-11 16:10:44 +01:00
Gilles Peskine
bebeae9428
Merge pull request #5504 from gstrauss/mbedtls_pem_get_der 
Add accessor to get der from mbedtls_pem_context
 2022-02-10 23:56:57 +01:00
Glenn Strauss
a950938ff0 Add mbedtls_ssl_ticket_rotate for ticket rotation. 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 14:33:15 -05:00
Glenn Strauss
72bd4e4d6a Add accessor to get buf from mbedtls_pem_context 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-08 14:53:46 -05:00
pespacek
d62e906b1c TEST: added psa_its_set expected failure test 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-08 15:19:26 +01:00
pespacek
7599a7744e X.509: use PSA for hashing under USE_PSA_CRYPTO 
When MBEDTLS_USE_PSA_CRYPTO is enabled, use psa_hash_xxx rather than
mbedtls_md_xxx.

Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-08 11:27:42 +01:00
Manuel Pégourié-Gonnard
141be6cc7f Fix missing check on server-chosen curve 
We had this check in the non-PSA case, but it was missing in the PSA
case.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs 
Resolve problems with reduced configs using USE_PSA_CRYPTO
 2022-02-02 10:20:26 +01:00
Paul Elliott
a9f32fbb21
Merge pull request #5382 from lhuang04/tls13_f_export_keys 
Swap the client and server random for TLS 1.3 f_export_keys
 2022-01-28 12:09:19 +00:00
lhuang04
a3890a3427 Swap the client and server random for TLS 1.3 
Summary:

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2022-01-27 06:00:43 -08:00
Andrzej Kurek
76c185b0a3 Add a changelog entry regarding bugfixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-24 10:09:38 -05:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite 
Add accessors for ciphersuite info
 2022-01-24 11:13:31 +01:00
Dave Rodgman
b032685543
Merge pull request #5309 from gilles-peskine-arm/pkparse-pkcs8-unencrypted-no-alloc 
mbedtls_pk_parse_key: don't allocate if not needed
 2022-01-24 10:03:48 +00:00
Gilles Peskine
fe271b9c92
Merge pull request #5253 from AndrzejKurek/chacha-iv-len-16-fixes 
Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
 2022-01-21 21:46:08 +01:00
Andrzej Kurek
ad40bb7f3f Add a changelog entry for forced MBEDTLS_PK_WRITE_C 
Describe why and when it is enabled automatically.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:34:48 -05:00
Andrzej Kurek
f2d4e275a8 Add a changelog entry for the ChaCha20 default behavior change 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Manuel Pégourié-Gonnard
73839e02a7
Merge pull request #5353 from gstrauss/mbedtls_ssl_config_defaults-repeat 
Reset dhm_P and dhm_G if config call repeated; avoid memory leak
 2022-01-14 10:41:06 +01:00
Glenn Strauss
8f52690956 Add accessors for ciphersuite info 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-01-13 00:05:48 -05:00
Bence Szépkúti
08f34656cb Return the same error in multipart and single shot AEAD 
psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning
PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing
PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or
psa_aead_decrypt().

The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT
in the case that the supplied algorithm is not an AEAD one.

Also move these shared checks to a helper function, to reduce code
duplication and ensure that the functions remain in sync.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-01-07 19:36:07 +01:00
Max Fillinger
8737ec2407 Add ChangeLog entry for md_info getter 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2021-12-28 16:53:40 +01:00
Glenn Strauss
cee11296aa Reset dhm_P and dhm_G if config call repeated 
Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated
to avoid leaking memory.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2021-12-20 20:24:56 -05:00
Archana
4a9e02632a
Review comments addressed 
* Updated the default argument to create less noise with argument
  passing.
* Reworded ChangeLog to match MbedTLS documentation/ announcement
  requirements

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-19 13:37:37 +05:30
Archana
21b20c72d3
Add Changelog and update documentation 
Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-19 10:35:15 +05:30
Ronald Cron
831cf48abf Assemble change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-15 09:02:38 +01:00
Ronald Cron
acf0df81f2 Add change log for #4842 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-15 09:02:02 +01:00
Ronald Cron
be252a0da9 Add change log for #4859 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-15 08:43:53 +01:00
Ronald Cron
7e1cb129e8 Add change log for #4514 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-15 08:41:32 +01:00
Ronald Cron
2a4344d1fa Add change log for #4883 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-14 18:11:45 +01:00
Dave Rodgman
a53779dba4 Add missing changelog for ARIA (#4959) 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-14 18:11:45 +01:00
Manuel Pégourié-Gonnard
28e3bcf6e1 Fix misleading ChangeLog entry formatting. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-12-14 18:11:45 +01:00
Manuel Pégourié-Gonnard
4e511ede90 Double-free goes under security, not bugfix. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-12-14 18:11:45 +01:00
Ronald Cron
8188d19b0e Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr 2021-12-14 10:58:18 +01:00
Gilles Peskine
32d2a58cc2
Merge pull request #5325 from gilles-peskine-arm/zeroize-tag-3.1 
Zeroize expected MAC/tag intermediate variables
 2021-12-13 19:09:30 +01:00
Gilles Peskine
a5c18512b9
Merge pull request #5155 from paul-elliott-arm/pcks12_fix 
Fixes for pkcs12 with NULL and/or zero length password
 2021-12-13 14:52:36 +01:00
Gilles Peskine
36d33f37b6 Generalize MAC zeroization changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 12:43:11 +01:00
Dave Rodgman
050ad4bb50
Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac 
Check HMAC return values
 2021-12-13 10:51:27 +00:00
Gilles Peskine
ecf6bebb9c Catch failures of md_hmac operations 
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.

Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-11 15:00:57 +01:00
Gilles Peskine
d5ba50e239 Zeroize local MAC variables 
Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption,
this is just good hygiene but probably not needed for security since the
data protected by the MAC that could leak is about to be transmitted anyway.
In DTLS decryption, this could be a security issue since an adversary could
learn the MAC of data that they were trying to inject. At least with
encrypt-then-MAC, the adversary could then easily inject a datagram with
a corrected packet. TLS would still be safe since the receiver would close
the connection after the bad MAC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-11 14:59:45 +01:00
Gilles Peskine
c11192fcb2
Merge pull request #5290 from minosgalanakis/development 
Document platform architecture portability constraints
 2021-12-10 21:13:11 +01:00
Gilles Peskine
0ca219575a mbedtls_pk_parse_key: don't allocate if not needed 
mbedtls_pk_parse_key() makes a temporary copy of the key when it calls
pk_parse_key_pkcs8_encrypted_der(), because that function requires a
writable buffer. pk_parse_key_pkcs8_encrypted_der() always rejects an
empty password, so skip calling it in that case, which allows us to
skip the allocation as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 17:36:37 +01:00
Minos Galanakis
c10086e33e changelog: Addressed review comments #6 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2021-12-10 15:52:54 +00:00
Ronald Cron
6aeda5305c Add change log for TLS 1.3 MVP 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:48:12 +01:00
Gilles Peskine
d5b2a59826
Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm 
PSA Multipart AEAD CCM Internal implementation and tests.
 2021-12-09 14:49:42 +01:00
Manuel Pégourié-Gonnard
49c20954e4
Merge pull request #865 from davidhorstmann-arm/3.0-fix-session-copy-bug-chglog 
Add changelog entry for session copy bugfix
 2021-12-09 09:21:28 +01:00
David Horstmann
e217edf49c Add changelog entry for session copy bugfix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-12-08 13:32:59 +00:00
Manuel Pégourié-Gonnard
5d9f42200f
Merge pull request #861 from ronald-cron-arm/fix-aead-nonce 
psa: aead: Fix invalid output buffer usage in generate_nonce()
 2021-12-08 13:30:21 +01:00
Manuel Pégourié-Gonnard
39c2aba920
Merge pull request #849 from ronald-cron-arm/fix-cipher-iv 
Avoid using encryption output buffer to pass generated IV to PSA driver
 2021-12-08 13:30:06 +01:00
Ronald Cron
0118627013 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-07 09:28:36 +01:00
Ronald Cron
6fd156aa6b Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-07 09:21:38 +01:00
Gilles Peskine
aa1e9857a5 Add changelog entry for build error fixes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-06 20:58:47 +01:00
Gilles Peskine
1bbf6d645b
Merge pull request #5149 from mfil/feature/additional_cipher_info_getters 
Additional cipher_info getters
 2021-12-03 17:21:51 +01:00
Paul Elliott
117282f25e Delete unneccesary changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-01 17:18:12 +00:00
Gilles Peskine
161d661d90
Merge pull request #5222 from paul-elliott-arm/fix_test_suite_ssl 
Fix test_suite_ssl compilation errors with GCC11
 2021-11-25 22:02:43 +01:00
Paul Elliott
62dc392ef8 Stop CMake out of source tests running on 16.04 
Running the out of source CMake test on Ubuntu 16.04 using more than one
processor (as the CI does) can create a race condition whereby the build
fails to see a generated file, despite that file actually having been
generated. This problem appears to go away with 18.04 or newer, so make
the out of source tests not supported on Ubuntu 16.04

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-25 18:03:50 +00:00
Paul Elliott
472fd176a6 Fix Changelog 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-24 17:45:43 +00:00