Dave Rodgman
bc5f03dabc
Disable PKCS7 by default; improve docs
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-01 18:32:23 +00:00
Paul Elliott
266f79c136
Merge pull request #6426 from aditya-deshpande-arm/driver-wrapper-key-agreement
...
Add driver dispatch layer for raw key agreement, along with test call for transparent drivers.
2022-12-01 11:40:52 +00:00
Dave Rodgman
7f62f36f82
Add changelog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-01 09:44:31 +00:00
Aditya Deshpande
5484e96117
Add changelog entry
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-11-30 15:56:42 +00:00
Gilles Peskine
787c79dc1a
Remove changelog entry for an internal change
...
We removed internal code left over after removing a feature in Mbed TLS 3.0.
The removal of the internal code is not user-visible.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-29 22:27:03 +01:00
Gilles Peskine
d622c7de56
Changelog entry files must have a .txt extension
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-29 22:18:05 +01:00
Manuel Pégourié-Gonnard
37d41c79b8
Add ChangeLog entry for DTLS Connection ID
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-29 10:20:15 +01:00
Andrzej Kurek
a6ab9d8b12
Add a changelog entry explaining usage of PSA in TLS 1.2 EC J-PAKE
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-11-28 03:55:27 -05:00
Gilles Peskine
898db6b8e5
Move ssl_debug_helpers_generated to the correct library
...
This is a private interface only, so it's an ABI change but not an API change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-26 14:15:32 +01:00
Dave Rodgman
bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0
...
Fix NULL+0 undefined behavior in PSA crypto ECB
2022-11-25 17:07:46 +00:00
Bence Szépkúti
6e85673e8d
Merge pull request #3431 from naynajain/development-pkcs7
...
PKCS7 Parser - RFC 2315
2022-11-25 15:55:46 +01:00
Dave Rodgman
f1419dbbe8
Merge pull request #6381 from tom-cosgrove-arm/pr2164
...
mbedtls: fix possible false success in mbedtls_cipher_check_tag()
2022-11-25 10:55:10 +00:00
Bence Szépkúti
12269e27b1
Add changelog for PKCS7 parser
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-11-25 05:51:40 +01:00
Manuel Pégourié-Gonnard
fecc6b2fe4
Minor tune-up to ChangeLog & documentation
...
- fix a recurring typo
- use clearer names
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-24 09:40:12 +01:00
Gilles Peskine
42649d9270
Fix NULL+0 undefined behavior in ECB encryption and decryption
...
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-23 14:16:52 +01:00
Manuel Pégourié-Gonnard
3518fb11d0
Improve ChangeLog entry for driver-only hashes
...
- avoid long unstructured paragraph with long messy sentences
- de-emphasize "no longer depends on MD" and emphasize "can work in
some driver-only builds" instead - that's what users are interested in
(building without MD is just the current way to accomplish that, but
that will change in the future)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-23 13:23:28 +01:00
Manuel Pégourié-Gonnard
660b396e41
Merge pull request #975 from yanesca/issue-946
...
Fix RSA side channel
2022-11-23 10:30:35 +01:00
Janos Follath
33480a372b
Changelog: expand conference acronym for clarity
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:11 +00:00
Janos Follath
74369b2497
Add paper title to Changelog
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
b3608afe29
Add ChangeLog entry
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Manuel Pégourié-Gonnard
18a3856a03
Document another limitation of driver-only hashes
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-22 11:59:55 +01:00
Gilles Peskine
339406daf9
Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub
...
Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
2022-11-21 19:51:58 +01:00
Dave Rodgman
9e1836cc16
Merge pull request #6593 from Mbed-TLS/fix_tls12_sent_sigalgs
...
Fix TLS1.2 signature algorithms list entry getting overwritten by length.
2022-11-21 10:09:57 +00:00
Paul Elliott
96a0fd951f
Fix signature algorithms list entry getting overwritten by length.
...
Fix bug whereby the supported signature algorithm list sent by the
server in the certificate request would not leave enough space for the
length to be written, and thus the first element would get overwritten,
leaving two random bytes in the last entry.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Ronald Cron
5dc7999946
Simplify the change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-17 14:51:52 +01:00
Tom Cosgrove
0f0b548519
Limit ChangeLog entry to 80 characters
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-16 14:23:51 +00:00
Ronald Cron
9a1396bfcc
Add ChangeLog
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-16 11:04:48 +01:00
Gilles Peskine
af601f9751
Fix undefined behavior with the most negative mbedtls_mpi_sint
...
When x is the most negative value of a two's complement type,
`(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x`
has well-defined behavior and does what was intended.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 23:02:14 +01:00
Gilles Peskine
db14a9d180
Fix NULL+0 in addition 0 + 0
...
Fix undefined behavior (typically harmless in practice) of
mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() when
both operands are 0 and the left operand is represented with 0 limbs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 23:00:21 +01:00
Gilles Peskine
806c9588ef
Changelog entry for the negative zero from add/sub
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 20:36:18 +01:00
Gilles Peskine
32605b24be
Merge pull request #6559 from ihsinme/patch-1
...
dh_genprime: Fix issue where the error code returned by mbedtls_mpi_write_file() is incorrectly reported on failure
2022-11-15 12:38:41 +01:00
Aditya Deshpande
bd2bfa92bd
Add Changelog entry
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-11-10 15:30:12 +00:00
Gilles Peskine
4a480ac5a1
Merge pull request #6265 from Kabbah/x509-info-hwmodulename-hex
...
`x509_info_subject_alt_name`: Render HardwareModuleName as hex
2022-11-08 17:11:07 +01:00
Gilles Peskine
42d75f2daf
Merge pull request #6013 from gstrauss/asn1-type-free
...
Shared code to free x509 structs like mbedtls_x509_named_data
2022-11-08 12:20:20 +01:00
Glenn Strauss
82ba274c01
Deprecate mbedtls_asn1_free_named_data()
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-07 15:42:44 -05:00
Gilles Peskine
bf249accc7
Merge pull request #6498 from yuhaoth/pr/fix-session-resumption-fail-when-hostname-is-not-localhost
...
BUG: Fix session resumption fail when hostname is not localhost
2022-11-07 17:33:38 +01:00
Gilles Peskine
34c09469f3
Merge pull request #5396 from SiliconLabs/codegen_1.1
...
Driver dispatch Codegen 1.1
2022-11-07 15:27:41 +01:00
Asfandyar Orakzai
9b656d3c80
removed stray whitespaces from change logs
...
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-03 11:39:36 +01:00
Asfandyar Orakzai
65cd8a4a23
fixed formating issues in psa_crypto_code_gen_1_1.txt
...
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-03 11:16:40 +01:00
Asfandyar Orakzai
4f63ac4358
fixed changelog formating
...
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-03 10:18:05 +01:00
Asfandyar Orakzai
ee2b637d03
Fixed change log issue
...
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-02 21:50:27 +01:00
Dave Rodgman
5875f5f96b
Add Changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-01 16:28:03 +00:00
Dave Rodgman
e8734d8a55
Apply suggestions from code review
...
Two spelling fixes (changelog & a comment)
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-31 14:30:24 +00:00
Dave Rodgman
55fd0b9fc1
Merge pull request #6121 from daverodgman/pr277
...
cert_write - add a way to set extended key usages - rebase
2022-10-31 13:27:49 +00:00
Dave Rodgman
1a22bef116
Merge pull request #6190 from daverodgman/invalid-ecdsa-pubkey
...
Improve ECDSA verify validation
2022-10-31 09:37:26 +00:00
Jerry Yu
12f5c6b2bc
Add changelog entry
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-30 17:57:06 +08:00
Glenn Strauss
a4b4041219
Shared code to free x509 structs
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-10-28 12:51:35 -04:00
Dave Rodgman
b3166f4b2f
Update Changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-28 11:39:04 +01:00
Dave Rodgman
d7dfc0922e
Update Changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-28 11:38:05 +01:00
Dave Rodgman
169ae4f528
Add Changelog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-28 11:24:29 +01:00
Ronald Cron
04e2133f45
Merge pull request #6482 from ronald-cron-arm/tls13-misc
...
TLS 1.3: Update documentation for the coming release and misc
2022-10-28 11:09:03 +02:00
Dave Rodgman
ce48c92c6c
Credit Cryptofuzz in the changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-27 20:37:23 +01:00
Dave Rodgman
5d13e5e568
Improve changelog for ECDSA verify fix
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-27 20:34:21 +01:00
Ronald Cron
85b9e09525
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-26 15:18:37 +02:00
Ronald Cron
c9176a03a7
Merge pull request #6410 from gilles-peskine-arm/psa-pkparse-pkwrite-3.2
...
PSA with RSA requires PK_WRITE and PK_PARSE
2022-10-26 14:57:36 +02:00
Ronald Cron
4f7feca0dc
Merge pull request #6391 from davidhorstmann-arm/fix-x509-get-name-cleanup
...
The Open CI ran successfully thus I think we can ignore the internal CI.
2022-10-26 14:27:54 +02:00
Gilles Peskine
8874cd570e
Merge pull request #4826 from RcColes/development
...
Add LMS implementation
2022-10-14 18:33:01 +02:00
Manuel Pégourié-Gonnard
b3c30907d6
Merge pull request #6383 from mprse/aead_driver_test
...
Enable testing of AEAD drivers with libtestdriver1
2022-10-14 11:11:01 +02:00
Raef Coles
2ad6e611f0
Update LMS/LMOTS documentation
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:20 +01:00
Raef Coles
8ff6df538c
Add LMS implementation
...
Also an LM-OTS implementation as one is required for LMS.
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:15 +01:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
...
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
Pol Henarejos
c9754c3ec1
Merge branch 'Mbed-TLS:development' into sha3
2022-10-13 08:28:13 +02:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types
...
Test TLS 1.2 builds with each encryption type
2022-10-12 12:45:50 +02:00
Przemek Stekiel
ea37bb2403
Add changelog entry
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-12 11:17:41 +02:00
Gilles Peskine
fcee740b83
Automatically enable PK_PARSE for RSA in PSA
...
PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost
anything with them (import, get attributes, export public from private, any
cryptographic operations). Force it on, for symmetry with what we're doing
for MBEDTLS_PK_WRITE_C. Fixes #6409 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:15:24 +02:00
Gilles Peskine
fd94304f9d
PSA RSA needs pk_write
...
The PSA crypto code needs mbedtls_pk_write_key_der() and
mbedtls_pk_write_pubkey() when using RSA without drivers. We were already
forcing MBEDTLS_PK_WRITE_C when MBEDTLS_USE_PSA_CRYPTO is enabled. Do so
also when MBEDTLS_PSA_CRYPTO_C is enabled as well as MBEDTLS_RSA_C, even
without MBEDTLS_USE_PSA_CRYPTO. Fixes #6408 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:09:12 +02:00
Przemek Stekiel
1f02c6c25e
Reword change log entry
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-10 13:30:52 +02:00
David Horstmann
05bb2c5d0e
Add ChangeLog entry for memory leak fix
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-05 12:09:18 +01:00
Przemek Stekiel
e32cd44490
Add changelog entry: tls 1.2 builds with single encryption type
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-05 09:46:35 +02:00
Glenn Strauss
2ff77119df
mbedtls_ecp_point_read_binary from compressed fmt
...
mbedtls_ecp_point_read_binary from MBEDTLS_ECP_PF_COMPRESSED format
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-10-03 05:43:27 -04:00
Tom Cosgrove
51a0163828
Add ChangeLog entry
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-30 18:10:58 +01:00
Victor Barpp Gomes
00a02b1468
Add Changelog entry
...
Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>
2022-09-29 13:52:55 -03:00
Manuel Pégourié-Gonnard
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2
...
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2
...
Ad-hoc KDF for EC J-PAKE in TLS 1.2
2022-09-28 09:47:32 +02:00
Ronald Cron
cba39a386f
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-27 19:10:39 +02:00
Andrzej Kurek
f13925c022
Add a changelog entry for ECJPAKE to PMS KDF
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-27 05:16:10 -04:00
Gilles Peskine
8c2d236117
Merge pull request #6188 from N3xed/fix/windows-different-drives-build-error
...
Copy files instead of hard-linking on Windows
2022-09-23 17:03:50 +02:00
Manuel Pégourié-Gonnard
c998e43eb4
Add ChangeLog entry about driver-only hashes.
...
(The first entry will need editing if support for ENTROPY_C is sorted out
before the next release.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Gilles Peskine
d6355caa8f
Include platform.h unconditionally: fixes undefined mbedtls_setbuf
...
Now that mbedtls/platform.h is included unconditionally, there are no more
configurations where mbedtls_setbuf was accidentally left out of the manual
definitions when MBEDTLS_PLATFORM_C is disabled. Fixes #6118 , #6196 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:50 +02:00
Neil Armstrong
19bb9913c2
Update changelog entry for new PSA PAKE feature
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
bb28c56796
Add changelog entry for new PSA PAKE feature
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Dave Rodgman
5a28142410
Merge pull request #6189 from Kxuan/fix-ctr_drbg-uninit
...
ctr_drbg: fix free uninitialized aes context
2022-08-24 14:58:44 +01:00
Dave Rodgman
d106308c83
Changelog for ECDSA verify fix
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-19 11:16:37 +01:00
Dave Rodgman
273efeb0eb
Add Changelog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-12 11:02:03 +01:00
kXuan
9ac6b28e27
ctr_drbg: remove mbedtls_aes_init call from mbedtls_ctr_drbg_seed
...
Since 11e9310
add mbedtls_aes_init call in mbedtls_ctr_drbg_init, it
should not init aes_ctx again in mbedtls_ctr_drbg_seed.
Signed-off-by: kXuan <kxuanobj@gmail.com>
2022-08-11 16:38:45 +08:00
Dominik Gschwind
c6d16362f3
Copy files instead of hard-linking on Windows
...
Fixes an issue on Windows where when source and build directory are on different drives hard-linking
to files or directory fails as it doesn't work across filesystem boundaries. Note that symlinking is also
not possible because it requires administrator privileges on Windows.
The solution copies the files using the built-in cmake `configure_file(src dest COPYONLY)` command.
As this command only operates on files, if a directory is specified the files will be globbed recursively
and through symlinks.
Signed-off-by: Dominik Gschwind <dominik.gschwind99@gmail.com>
2022-08-10 16:27:14 +02:00
Dave Rodgman
f421d45869
Merge pull request #6139 from AdityaHPatwardhan/fix/build_error_due_to_missing_prototype
...
Fix build error due to missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled
2022-08-09 11:27:42 +01:00
Dave Rodgman
384f1e61f7
Merge pull request #5950 from savent404/development
...
cmake: IAR support option( MBEDTLS_FATAL_WARNINGS)
2022-08-09 10:52:31 +01:00
Dave Rodgman
953ce3962f
Merge pull request #5971 from yuhaoth/pr/add-rsa-pss-rsae-for-tls12
...
Add rsa pss rsae for tls12
2022-08-09 10:21:45 +01:00
Gilles Peskine
b3edc1576c
Merge pull request #2602 from edsiper/crt-symlink
...
x509_crt: handle properly broken links when looking for certificates
2022-08-03 13:05:29 +02:00
Gilles Peskine
7e1ee0f04b
Merge pull request #6114 from mman/development
...
Use double quotes to include private header file psa_crypto_cipher.h
2022-08-03 13:04:57 +02:00
Martin Man
4741e0b56c
Use double quotes to include private header file psa_crypto_cipher.h
...
Signed-off-by: Martin Man <mman@martinman.net>
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
2022-08-02 12:44:35 +02:00
Aditya Patwardhan
3096f331ee
Fix missing prototype warning when MBEDTLS_DEPRECATED_REMOVED
is
...
enabled
Added the changelog.d entry
Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-08-02 11:15:18 +05:30
savent
5d8adab983
cmake: IAR support option( MBEDTLS_FATAL_WARNINGS)
...
IAR toolchain makes some warning, forcing 'warning as error' is not for sure.
Signed-off-by: savent <savent_gate@outlook.com>
2022-08-02 03:23:02 +00:00
Dave Rodgman
919ff15ecf
Merge pull request #4686 from Kazuyuki-Kimura/patch_#2020
...
Fixed a bug that the little-endian Microblaze does not work when MBEDTLS_HAVE_ASM is defined
2022-07-29 17:08:11 +01:00
Jerry Yu
eec4f03c60
fix typo and changelog entry issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Jerry Yu
72a858517b
add changelog entry
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Dave Rodgman
257319a33e
Merge pull request #6133 from tom-cosgrove-arm/extend-query_compile_time_config-to-psa_want
...
Extend query_compile_time_config to PSA_WANT_xxx macros
2022-07-28 13:01:09 +01:00
Thomas Daubney
69576274cc
Add ChangeLog entry
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-07-26 16:13:23 +01:00
Tom Cosgrove
ff3c6c1a1a
Add parsing of psa/crypto_config.h for PSA_WANT_xxx to query_compile_time_config
...
Fixes #6131
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-25 12:19:35 +01:00
Dave Rodgman
a948f0588c
Merge pull request #1986 from jacmet/bn_mul-fix-x86-pic-compilation-for-gcc-4
...
bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5
2022-07-21 17:34:48 +01:00
Dave Rodgman
ecc1031dbf
Merge pull request #6086 from paul-elliott-arm/fix_cmake_no_gen_files
...
Fix linking of generated files in cmake
2022-07-20 16:13:42 +01:00
Dave Rodgman
7085aa42ee
Merge pull request #5896 from wernerlewis/aes_shallow_copy
...
Refactor AES context to be shallow-copyable
2022-07-20 15:16:37 +01:00
Dave Rodgman
c95cb6d6e5
Add Changelog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-07-20 14:37:08 +01:00
Paul Elliott
582f72bf3b
Fix linking of generated files in cmake
...
If generation of files is turned off, and a file is missing, when
building in tree with cmake, you can end up with the generated file
being turned into a symlink to itself. This will also break any future
attempt at building with make. Fix this by testing if the file exists
prior to attempting to link it.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-19 17:23:30 +01:00
Tom Cosgrove
d99f24c792
Add a ChangeLog entry
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-19 08:55:48 +01:00
Paul Elliott
2238eed2d9
Update Changelog for 3.2.0 release
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:55:59 +01:00
Paul Elliott
2089fd0ea9
Rename Changelog entries that don't have .txt extension
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:52:54 +01:00
Paul Elliott
237c87ba0e
Add missing Changelog entries
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:52:28 +01:00
Ronald Cron
ce7d76e2ee
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
Paul Elliott
6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash
...
Fix DTLS 1.2 session resumption
2022-07-06 15:03:36 +01:00
Andrzej Kurek
1ce9ca0630
Changelog rewording
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-06 06:50:30 -04:00
Paul Elliott
826762e315
Merge pull request #5765 from leorosen/fix-some-resource-leaks
...
Fix resource leaks
2022-07-05 23:12:02 +01:00
Andrzej Kurek
3a29e9cf57
Improve changelog wording
...
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-05 10:49:10 -04:00
Andrzej Kurek
2e1a232261
Fix changelog wording
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
9abad0c5ef
Improve the changelog message to contain more details
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:18:29 -04:00
Paul Elliott
b7aba1a584
Improve Changelog
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-04 06:49:26 -04:00
Leonid Rozenboim
56e01f37a8
Created customary ChangeLog.d entry.
...
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-07-04 06:49:26 -04:00
Manuel Pégourié-Gonnard
465341f438
Add ChangeLog entries for general Use PSA improvements
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Paul Elliott
41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf
...
Turn off stdio buffering with setbuf()
2022-07-04 10:12:22 +01:00
Paul Elliott
bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints
...
Add accessors to config DN hints for cert request
2022-07-01 17:23:14 +01:00
Paul Elliott
dfb5da2a99
Fix changelog requirements section.
...
Setbuf() is currently not guarded by MBEDTLS_FS_IO, nor can it easily be
so. Raised a seperate issue to cover this, and removed the mention of
MBEDTLS_FS_IO from the Changelog.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-01 16:32:14 +01:00
Ronald Cron
7922bfbd47
Merge pull request #6005 from ronald-cron-arm/tls13-changelogs-doc-update
...
TLS 1.3: Add missing change logs and update doc for 3.2 release
Validated by the internal CI, ready to be merged.
2022-07-01 17:27:33 +02:00
Ronald Cron
3cb707dc6d
Fix and improve logs and documentation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-07-01 14:36:52 +02:00
Manuel Pégourié-Gonnard
8b8a1610f7
Merge pull request #936 from paul-elliott-arm/fix_tls_record_size_check
...
Fix the wrong variable being used for TLS record size checks
2022-07-01 12:29:48 +02:00
Manuel Pégourié-Gonnard
790ab52ee0
Merge pull request #5962 from gilles-peskine-arm/storage-format-doc-202206
...
Documentation about storage format compatibility
2022-07-01 12:21:17 +02:00
Ronald Cron
08346434d2
Add TLS 1.3 change logs
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-07-01 11:37:07 +02:00
Gilles Peskine
cf4d9f98c7
Changelog entry for mbedtls_setbuf()
...
* Security: we're improving a countermeasure.
* Requirement change: the library will no longer compile on a platform
without setbuf().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 17:11:30 +02:00
Ronald Cron
cb67e1a890
Merge pull request #5917 from gilles-peskine-arm/asn1write-0-fix
...
Improve ASN.1 write tests
2022-06-30 15:42:16 +02:00
Tom Cosgrove
d7adb3c7d9
Add comments about MBEDTLS_PSA_CRYPTO_C also being required by MBEDTLS_SSL_PROTO_TLS1_3
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-06-30 09:48:40 +01:00
Paul Elliott
f6a56cf5ff
Merge pull request #939 from ronald-cron-arm/tls13-add-missing-overread-check
...
TLS 1.3: Add missing overread check
2022-06-29 17:01:14 +01:00
Tom Cosgrove
afb2fe1acf
Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3
...
Also have check_config.h enforce this. And MBEDTLS_SSL_EXPORT_KEYS has been removed,
so no longer mention it.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-06-29 16:36:12 +01:00
Werner Lewis
dd76ef359d
Refactor AES context to be shallow-copyable
...
Replace RK pointer in AES context with a buffer offset, to allow
shallow copying. Fixes #2147 .
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-29 16:17:50 +01:00
Dave Rodgman
1dc6848679
Merge pull request #5976 from gilles-peskine-arm/selftest-calloc-pointer-comparison-fix-development
...
Remove largely useless bit of test log to silence GCC 12
2022-06-29 15:25:04 +01:00
Dave Rodgman
5b50f38f92
Merge pull request #934 from gilles-peskine-arm/mpi-0-mod-2
...
Fix null pointer dereference in mpi_mod_int(0, 2)
2022-06-29 15:02:59 +01:00
Gilles Peskine
d86abf2392
Merge pull request #5861 from wernerlewis/csr_subject_comma
...
Fix output of commas and other special characters in X509 DN values
2022-06-28 21:00:49 +02:00
Gilles Peskine
7d14c19730
Merge pull request #5905 from gilles-peskine-arm/changelog-improvements-20220609-development
...
Changelog improvements before the 3.2 release
2022-06-28 21:00:10 +02:00
Glenn Strauss
999ef70b27
Add accessors to config DN hints for cert request
...
mbedtls_ssl_conf_dn_hints()
mbedtls_ssl_set_hs_dn_hints()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-06-28 12:43:59 -04:00
Gilles Peskine
bf918b9cfe
Use headlinese for added functions, per request
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-27 23:34:32 +02:00
Dave Rodgman
f5b7082f6e
Merge pull request #5811 from polhenarejos/bug_x448
...
Fix order value for curve x448
2022-06-27 13:47:24 +01:00
Gilles Peskine
251ca25d94
Clarify potential ambiguity in changelog entry
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-27 14:47:15 +02:00
Werner Lewis
fd8cfe4f8e
Replace parsing with outputting
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 11:23:43 +01:00
Werner Lewis
b33dacdb50
Fix parsing of special chars in X509 DN values
...
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes #769 .
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 11:19:50 +01:00
Ronald Cron
e0d7367a9e
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
9738a8d0fd
Merge pull request #943 from ronald-cron-arm/tls13-fix-key-usage-checks
...
TLS 1.3: Fix certificate key usage checks
2022-06-27 08:32:17 +02:00
Gilles Peskine
0ff241a1ea
Remove largely useless bit of test log to silence GCC 12
...
GCC 12 emits a warning because it thinks `buffer1` is used after having been
freed. The code is correct C because we're only using the value of
`(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for
anything useful: it doesn't really matter if an alloc-free-alloc sequence
returns the same address twice. So don't print that bit of information, and
this way we don't need to save the old address.
Fixes #5974 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-25 14:29:23 +02:00
Paul Elliott
668b31f210
Fix the wrong variable being used for TLS record size checks
...
Fix an issue whereby a variable was used to check the size of incoming
TLS records against the configured maximum prior to it being set to the
right value.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-06-24 20:09:37 +01:00
Manuel Pégourié-Gonnard
93a7f7d7f8
Merge pull request #5954 from wernerlewis/x509_next_merged
...
Add mbedtls_x509_dn_get_next function
2022-06-24 09:59:22 +02:00
Andrzej Kurek
5708b45154
Add a changelog entry for the session resumption + CID bug
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-23 08:00:14 -04:00
Manuel Pégourié-Gonnard
19a567ba43
Fix impact evaluation
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard
32a38dfec5
Add ChangeLog for potential overread with USE_PSA
...
The issue was fixed while adding support for static ECDH with Opaque
keys: https://github.com/Mbed-TLS/mbedtls/pull/5624
This is just adding the ChangeLog entry for that fix.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:29 +02:00
Gilles Peskine
e0469b5908
Merge pull request #931 from AndrzejKurek/clihlo_cookie_pxy_fix
...
Add a client hello cookie_len overflow test
2022-06-20 19:35:54 +02:00
Gilles Peskine
98473c4523
Officially deprecate MBEDTLS_PSA_CRYPTO_SE_C
...
This was intended as experimental, and we've been saying for a long time
that it's superseded by the "unified driver interface", but we hadn't
documented that inside the Mbed TLS source code. So announce it as
deprecated.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-20 18:46:22 +02:00
Gilles Peskine
36aeb7f163
Merge pull request #5834 from mprse/HKDF_1
...
HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms
2022-06-20 15:27:46 +02:00
Ronald Cron
c3e9abedff
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-20 13:53:50 +02:00
Werner Lewis
b3acb053fb
Add mbedtls_x509_dn_get_next function
...
Allow iteration through relative DNs when X509 name contains multi-
value RDNs.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-17 16:40:55 +01:00
Gilles Peskine
321a08944b
Fix bug whereby 0 was written as 0200 rather than 020100
...
0200 is not just non-DER, it's completely invalid, since there has to be a
sign bit.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:13:33 +02:00
Andrzej Kurek
96d5439da5
Fix incorrect changelog entry
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-10 04:26:08 -04:00
Gilles Peskine
ae25bb043c
Fix null pointer dereference in mpi_mod_int(0, 2)
...
Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or
mbedtls_mpi_write_string() in base 2.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 19:32:46 +02:00
Gilles Peskine
76c1c6b9c1
Changelog: minor copyediting
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:51:18 +02:00
Gilles Peskine
e1efbf7f36
Changelog: when adding a new function, state its name
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:50:50 +02:00
Gilles Peskine
c23a6d4feb
Changelog: make some long entries about TLS 1.3 more to the point
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:50:06 +02:00
Gilles Peskine
26a51cfe54
Changelog: list deprecations in the dedicated section
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:49:07 +02:00
Gilles Peskine
8df3623bee
Changelog: clarify some cmake-related entries as being about cmake
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:48:21 +02:00
Gilles Peskine
fed024dd52
Changelog: mention bug id in bugfix entry
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:44:51 +02:00
Gilles Peskine
d99083f7a4
Changelog: remove bugfix entry that's actually a robustness improvement
...
If the key agreement or the public key export in
ssl_write_client_key_exchange() fails, the handshake enters a failed state.
The only valid thing you can do in a failed handshake is to abort it, which
calls mbedtls_ssl_handshake_free(), which destroys ecdh_psa_privey. While
it's good hygiene to destroy the key in the function that creates it, it
would have been cleaned up a little later in the normal course of things
anyway, so there wasn't an actual bug.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:38:35 +02:00
Gilles Peskine
3ea721e234
Changelog: Remove redundant entry about USE_PSA_CRYPTO in reduced configs
...
The entry for “Fix several bugs…” already covers this. This is borderline an
internal detail anyway.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:36:47 +02:00
Gilles Peskine
10301d4322
Changelog: Consolidate and clarify Armv8 SHA2 acceleration support
...
Consolidate the entries for SHA512 and SHA256 since they are being released
together.
List the algorithms generically as SHA-2 since this also applies to SHA224
and SHA384.
Clearly state that the instructions are only supported when building for
Aarch64 (64-bit ARMv8+) and not for Aarch32 (32-bit ARMv8+).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:32:22 +02:00
Dave Rodgman
11930699f1
Merge pull request #5827 from wernerlewis/time_utc
...
Use ASN1 UTC tags for dates before 2000
2022-06-08 13:54:19 +01:00
Paul Elliott
5f2bc754d6
Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests
...
Pr/add-tls13-moving-state-tests
2022-06-08 13:39:52 +01:00
Ronald Cron
5313f034b4
Add change log
...
Add change log for the bug fixed in
"fix move state to handshake over fail" commit
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-08 09:26:03 +02:00
Dave Rodgman
4b55a89327
Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor
...
Add accessor for x509 certificate extension types
2022-06-06 21:51:38 +01:00
Andrzej Kurek
e6487ab490
Add a changelog entry for the cookie parsing bounds bug
...
Co-authored-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:31:08 -04:00
Dave Rodgman
5e03d9e601
Merge pull request #5837 from robert-shade/robert-shade/add_subdirectory_support
...
Allow building as a subdir
2022-06-06 14:11:06 +01:00
Przemek Stekiel
452a415476
Changelog: HKDF-Expand and HKDF-Extract as separate algorithms in the PSA API
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Werner Lewis
acd01e58a3
Use ASN1 UTC tags for dates before 2000
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-01 16:24:28 +01:00
Thomas Daubney
3d3cfc5553
Add Changelog entry
...
Add Changelog entry for changes made in this PR.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-01 10:23:50 +01:00
Gilles Peskine
f940693960
Merge pull request #5725 from tom-daubney-arm/x25519_program
...
Rewrite x25519 example program
2022-05-31 11:27:22 +02:00
Gilles Peskine
09858ae664
Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa
...
Deprecate mbedtls_cipher_setup_psa()
2022-05-31 10:56:52 +02:00
Dave Rodgman
3527880849
Add Changelog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-30 17:55:13 +01:00
Dave Rodgman
a636d1f192
Merge pull request #5714 from daverodgman/k-stachowiak_static-runtime-option-msvc
...
Enable static linking of the common runtime in MSVC
2022-05-25 14:47:58 +01:00
Dave Rodgman
32c995afa3
Merge pull request #5724 from Biswa96/cmake-mingw
...
cmake: Fix runtime library install location in mingw
2022-05-25 13:34:43 +01:00
Robert Shade
591e729b54
Allow building as a subdir
...
Fixes #5688
Signed-off-by: Robert Shade <robert.shade@gmail.com>
2022-05-21 12:55:12 -04:00
Thomas Daubney
eff0f3f5be
Add changelog entry
...
Add changelog entry for bug fix in sample program.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-05-20 18:46:02 +01:00
Gilles Peskine
3e56130fb9
psa_raw_key_agreement: return BUFFER_TOO_SMALL when warranted
...
psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH,
the only algorithm that is currently implemented. Make it return the correct
error code.
The reason for the wrong error code is that ecdh.c returns
MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It
might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL,
but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the
impact of the fix, handle this in the PSA layer.
Fixes #5735 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:37:54 +02:00
Dave Rodgman
3383e432bc
Add changelog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-10 13:46:09 +01:00
Pol Henarejos
0cd1f1c77f
Add SHA-3 module.
...
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2022-05-09 01:04:15 +02:00
Przemek Stekiel
fd750d1d9a
Add change log entry: deprecate mbedtls_cipher_setup_psa
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 12:45:34 +02:00
Pol Henarejos
f72803d6f9
Removing tabs.
...
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2022-05-05 20:12:13 +02:00
Pol Henarejos
030e802198
Added Changelog entry.
...
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2022-05-05 19:28:15 +02:00
Werner Lewis
b374a98e7d
Add ChangeLog entry
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-05-04 16:25:53 +01:00
Gilles Peskine
038108388a
Merge pull request #5654 from gilles-peskine-arm/psa-crypto-config-file
...
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
2022-04-28 18:17:50 +02:00
Gilles Peskine
4acd3c7ab1
Merge pull request #5776 from mprse/mixed_psk_log
...
Add change log entry for mixed-psk
2022-04-28 18:14:41 +02:00
Gilles Peskine
f21617915f
Merge pull request #2082 from hanno-arm/iotssl-2490
...
Fix documentation of allowed_pks field in mbedtls_x509_crt_profile
2022-04-28 18:13:55 +02:00
Hanno Becker
002a7b20ec
Adapt ChangeLog
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-25 11:17:40 +02:00
Przemek Stekiel
b51561b017
Add change log entry for mixed-psk
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-25 08:52:26 +02:00
Biswapriyo Nath
d7e0ee42b8
cmake: Fix runtime library install location in mingw
...
This install DLLs in bin directory instead of lib.
Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
2022-04-22 20:59:50 +05:30
Biswapriyo Nath
0f2e87bdf5
cmake: Use GnuInstallDirs to customize install directories
...
Replace custom LIB_INSTALL_DIR with standard CMAKE_INSTALL_LIBDIR variable.
For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set.
Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
2022-04-22 20:59:28 +05:30
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk
...
Run ssl-opt.sh in more reduced configurations
2022-04-21 12:03:53 +02:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
...
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail
...
PSA: systematically test operation failure
2022-04-15 10:52:47 +02:00
Glenn Strauss
d09b343ffc
Deprecate mbedtls_ssl_conf_(min/max)_version()
...
Deprecate mbedtls_ssl_conf_max_version()
Replaced with mbedtls_ssl_conf_max_tls_version()
Deprecate mbedtls_ssl_conf_min_version()
Replaced with mbedtls_ssl_conf_min_tls_version()
(PR feedback from @ronald-cron-arm)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
dff84620a0
Unify internal/external TLS protocol version enums
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 13:45:20 -04:00
Gilles Peskine
5dc8a0ac5a
Wording improvement
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-14 12:46:06 +02:00
Gilles Peskine
70b8a69b20
Add changelog entry for #3998 fix
...
The fix was in https://github.com/ARMmbed/mbedtls/pull/4989 .
We forgot to add a changelog entry.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 16:14:01 +02:00
Gilles Peskine
43b0943736
Merge pull request #1946 from hanno-arm/alert_reentrant
...
Make mbedtls_ssl_send_alert_message() reentrant
2022-04-12 11:05:20 +02:00
Manuel Pégourié-Gonnard
eaf3086831
Merge pull request #1133 from RonEld/1805
...
Fix Shared Library compilation issue with Cmake
2022-04-11 09:31:59 +02:00
Krzysztof Stachowiak
8790fa2088
Add ChangeLog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 15:17:47 +01:00
Dave Rodgman
f945e0a475
Update ChangeLog.d/alert_reentrant.txt
...
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:59:30 +01:00
Hanno Becker
8813c03cb0
Add ChangeLog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:16:55 +01:00
Gilles Peskine
f4c6eb0a49
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
...
When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, support an alternative file to
include instead of "psa/crypto_config.h", and an additional file to include
after it. This follows the model of the existing MBEDTLS_{,USER_}CONFIG_FILE.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:40:22 +02:00
Glenn Strauss
236e17ec26
Introduce mbedtls_ssl_hs_cb_t typedef
...
Inline func for mbedtls_ssl_conf_cert_cb()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-07 14:18:30 -04:00
Gilles Peskine
a91b68564c
Merge pull request #5429 from yuhaoth/pr/fix-parallel-build-fail-of-cmake_out_source
...
fix parallel build fail of cmake out source
2022-04-07 16:21:43 +02:00
Manuel Pégourié-Gonnard
33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors
...
Accessors to own CID within mbedtls_ssl_context
2022-04-01 11:36:00 +02:00
Paul Elliott
0113cf1022
Add accessor for own cid to ssl context
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 19:21:41 +01:00
Manuel Pégourié-Gonnard
3304f253d7
Merge pull request #5653 from paul-elliott-arm/handshake_over
...
Add mbedtls_ssl_is_handshake_over()
2022-03-30 12:16:40 +02:00
Paul Elliott
571f1187b6
Merge pull request #5642 from mprse/ecp_export
...
Add ECP keypair export function
2022-03-29 17:19:04 +01:00
Dave Rodgman
1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal
...
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
2022-03-29 15:34:12 +01:00
Ronald Cron
63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512
...
Add rsae sha384 sha512
2022-03-29 14:01:51 +02:00
Przemek Stekiel
2076cbe511
Add function name to changelog
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-28 07:22:11 +02:00
Tom Cosgrove
87fbfb5d82
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
...
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.
The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.
There should be minimal code size impact if no A64_CRYPTO option is set.
The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:53 +00:00
Paul Elliott
93ba3e3918
Add mbedtls_ssl_is_handshake_over() function
...
Add function to query if SSL handshake is over or not, in order to
determine when to stop calling mbedtls_ssl_handshake_step among other
things. Document function, and add warnings that the previous method of
ascertaining if handshake was over is now deprecated, and may break in
future releases.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-22 22:47:49 +00:00
Jerry Yu
8beb9e173d
Change prototype of pk_sign_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Paul Elliott
a5bebc297b
Add changelog entry
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-21 15:27:25 +00:00
Przemek Stekiel
815af94905
Add ChangeLog file
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-18 15:10:31 +01:00
Ron Eldor
183264cb95
Fix shared library link error with cmake on Windows
...
Set the library path as the current binary dir
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-17 12:07:50 +00:00
Gilles Peskine
08622b6dc7
Declare PSA_WANT_ALG_CCM_STAR_NO_TAG and use it in tests
...
CCM*-no-tag is currently available whenever CCM is, so declare
PSA_WANT_ALG_CCM_STAR_NO_TAG whenever PSA_WANT_ALG_CCM is declared and vice
versa.
Fix dependencies of test cases that use PSA_ALG_CCM_STAR_NO_TAG: some were
using PSA_WANT_ALG_CCM and some had altogether wrong dependencies.
This commit does not touch library code. There is still no provision for
providing CCM support without CCM*-no-tag or vice versa.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
...
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
Dave Rodgman
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal
...
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
2022-03-14 12:57:37 +00:00
Manuel Pégourié-Gonnard
c11bffe989
Merge pull request #5139 from mprse/key_der_ecc
...
PSA: implement key derivation for ECC keys
2022-03-14 09:17:13 +01:00
Przemek Stekiel
b38f797a24
Add change log entry for psa ECC key derivation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-11 14:12:34 +01:00
Jerry Yu
7599f3109a
Update changelog entry
...
Remove internal details. Add the condition of the bug.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-11 16:30:20 +08:00
Gilles Peskine
81d903f5aa
Merge pull request #5510 from SiliconLabs/feature/PSEC-3269-MD-X.509-hashing
...
feat: MD: X.509 hashing
2022-03-10 20:16:43 +01:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
...
server certificate selection callback
2022-03-10 11:51:42 +01:00
Dave Rodgman
73e91e13a6
Merge pull request #2229 from RonEld/fix_test_md_api_violation
...
Fix test md api violation
2022-03-10 09:21:47 +00:00
Paul Elliott
17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn
...
Port ALPN support for tls13 client from tls13-prototype
2022-03-08 17:53:38 +00:00
Jerry Yu
6dd2e34848
Add changelog entry
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-08 14:56:31 +08:00
Gilles Peskine
15364ffb03
Merge pull request #5579 from SiliconLabs/erase_secret_before_free
...
Erase secrets in allocated memory before freeing said memory
2022-03-07 17:04:04 +01:00
Tom Cosgrove
70245bee01
Add ChangeLog entry for fix to mbedtls_md_process() test
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-04 16:48:49 +00:00
Andrzej Kurek
3475b26375
Add a changelog entry
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Gilles Peskine
d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters
...
Add function to get message digest info from context
2022-03-02 16:44:26 +01:00
Gilles Peskine
5459a15863
Merge pull request #5365 from Tachi107/msvc-utf-8
...
build(msvc): always assume source files are in UTF-8
2022-03-02 16:42:33 +01:00
Glenn Strauss
6989407261
Add accessor to retrieve SNI during handshake
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Glenn Strauss
36872dbd0b
Provide means to reset handshake cert list
...
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null. Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:48 -05:00
Glenn Strauss
2ed95279c0
Add server certificate selection callback
...
https://github.com/ARMmbed/mbedtls/issues/5430
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 17:31:49 -05:00
Steven Cooreman
4b94f10b93
Add changelog entry for zeroizing key buffers before freeing
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2022-02-25 16:53:11 +01:00
Andrzej Kurek
a0237f86d3
Add missing key destruction calls in ssl_write_client_key_exchange
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-25 04:36:40 -05:00
Andrea Pappacoda
9202909d07
build(msvc): always assume source files are in UTF-8
...
Fixes https://github.com/ARMmbed/mbedtls/issues/4205
Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>
2022-02-23 23:13:09 +01:00
Gilles Peskine
9cb08822a1
Minor clarification
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:02 +01:00
Gilles Peskine
80dae04f24
Make user_data fields private
...
Add accessor functions.
Add unit tests for the accessor functions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00