yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
18271 commits 1 branch 0 tags 94 MiB
Commit graph

646 commits

Author SHA1 Message Date
Gilles Peskine
32d2a58cc2
Merge pull request #5325 from gilles-peskine-arm/zeroize-tag-3.1 
Zeroize expected MAC/tag intermediate variables
 2021-12-13 19:09:30 +01:00
Gilles Peskine
a5c18512b9
Merge pull request #5155 from paul-elliott-arm/pcks12_fix 
Fixes for pkcs12 with NULL and/or zero length password
 2021-12-13 14:52:36 +01:00
Gilles Peskine
36d33f37b6 Generalize MAC zeroization changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 12:43:11 +01:00
Dave Rodgman
050ad4bb50
Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac 
Check HMAC return values
 2021-12-13 10:51:27 +00:00
Gilles Peskine
ecf6bebb9c Catch failures of md_hmac operations 
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.

Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-11 15:00:57 +01:00
Gilles Peskine
d5ba50e239 Zeroize local MAC variables 
Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption,
this is just good hygiene but probably not needed for security since the
data protected by the MAC that could leak is about to be transmitted anyway.
In DTLS decryption, this could be a security issue since an adversary could
learn the MAC of data that they were trying to inject. At least with
encrypt-then-MAC, the adversary could then easily inject a datagram with
a corrected packet. TLS would still be safe since the receiver would close
the connection after the bad MAC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-11 14:59:45 +01:00
Gilles Peskine
c11192fcb2
Merge pull request #5290 from minosgalanakis/development 
Document platform architecture portability constraints
 2021-12-10 21:13:11 +01:00
Minos Galanakis
c10086e33e changelog: Addressed review comments #6 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2021-12-10 15:52:54 +00:00
Ronald Cron
6aeda5305c Add change log for TLS 1.3 MVP 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:48:12 +01:00
Gilles Peskine
d5b2a59826
Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm 
PSA Multipart AEAD CCM Internal implementation and tests.
 2021-12-09 14:49:42 +01:00
Gilles Peskine
aa1e9857a5 Add changelog entry for build error fixes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-06 20:58:47 +01:00
Gilles Peskine
1bbf6d645b
Merge pull request #5149 from mfil/feature/additional_cipher_info_getters 
Additional cipher_info getters
 2021-12-03 17:21:51 +01:00
Paul Elliott
117282f25e Delete unneccesary changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-01 17:18:12 +00:00
Gilles Peskine
161d661d90
Merge pull request #5222 from paul-elliott-arm/fix_test_suite_ssl 
Fix test_suite_ssl compilation errors with GCC11
 2021-11-25 22:02:43 +01:00
Paul Elliott
62dc392ef8 Stop CMake out of source tests running on 16.04 
Running the out of source CMake test on Ubuntu 16.04 using more than one
processor (as the CI does) can create a race condition whereby the build
fails to see a generated file, despite that file actually having been
generated. This problem appears to go away with 18.04 or newer, so make
the out of source tests not supported on Ubuntu 16.04

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-25 18:03:50 +00:00
Paul Elliott
472fd176a6 Fix Changelog 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-24 17:45:43 +00:00
Paul Elliott
21c8fe5c6e Fix compilation errors. 
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-24 17:19:51 +00:00
Gabor Mezei
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module 2021-11-24 10:44:13 +01:00
Gilles Peskine
0c9f058504
Merge pull request #5213 from tom-cosgrove-arm/pr_4950 
Fix GCM calculation with very long IV
 2021-11-22 22:22:37 +01:00
Paul Elliott
0b7d5a88d9 Make changelog more specific 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-18 22:39:16 +00:00
Bence Szépkúti
6d48e20d4b Indicate nonce sizes invalid for ChaCha20-Poly1305 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-11-17 18:06:11 +01:00
Paul Elliott
853c0da8de Fix for pkcs12 with NULL or zero length password 
Previously passing a NULL or zero length password into either
mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate
loop, and it was also possible to pass a NULL password, with a non-zero
length, which would cause memory corruption.
I have fixed these errors, and improved the documentation to reflect the
changes and further explain what is expected of the inputs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-11 19:26:37 +00:00
Max Fillinger
7568d1a238 Add Changelog entry for additional getters 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2021-11-10 15:12:04 +01:00
Manuel Pégourié-Gonnard
087f04783d
Merge pull request #5076 from mstarzyk-mobica/psa_ccm_no_tag 
PSA CCM*-no-tag
 2021-11-10 10:18:55 +01:00
Gilles Peskine
c756b5f9fa
Merge pull request #5126 from haampie/fix/DT_NEEDED_for_shared_libraries 
DT_NEEDED for shared builds in makefile
 2021-11-05 12:04:29 +01:00
Harmen Stoppels
3e636161ec Add changelog 
Signed-off-by: Harmen Stoppels <harmenstoppels@gmail.com>
 2021-11-05 09:32:05 +01:00
Gabor Mezei
77390dc8ec
Update changelog with the new public API 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-03 17:12:56 +01:00
Gilles Peskine
c323d4585f Note the change to PSA_ALG_IS_HASH_AND_SIGN in the changelog 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-03 15:51:20 +01:00
Mateusz Starzyk
5bc9bf7584 Add changelog entry for new PSA Crypto API macros. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-11-03 15:47:03 +01:00
Manuel Pégourié-Gonnard
4313d3ac87
Merge pull request #5010 from gilles-peskine-arm/psa-rsa-pss_any_salt 
PSA: fix salt length for PSS verification
 2021-10-29 16:36:36 +02:00
Manuel Pégourié-Gonnard
774b4422e2
Merge pull request #5116 from gilles-peskine-arm/remove-greentea-3.0 
Remove on-target testing
 2021-10-29 09:33:34 +02:00
Gilles Peskine
d025422c28 Remove on-target testing 
It was unmaintained and untested, and the fear of breaking it was holding us
back. Resolves #4934.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-27 11:45:57 +02:00
Mateusz Starzyk
812ef6b379 Fix ccm*-no-tag changelog entry 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-10-27 11:26:47 +02:00
Gilles Peskine
66c9b84f93 Fix typo in documentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 22:15:20 +02:00
Gilles Peskine
680747b868 Fix the build of sample programs without mbedtls_strerror 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 22:09:12 +02:00
Gilles Peskine
66884e6dae Base64 range-based constant-flow code: changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 22:09:12 +02:00
Gilles Peskine
4fa0725936
Merge pull request #5002 from mstarzyk-mobica/psa_output_buffer_limitation 
Remove output buffer limitation for PSA with GCM.
 2021-10-25 19:37:33 +02:00
Mateusz Starzyk
61a8b2daf2 Add changelog entry for CCM*-no-tag. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-10-22 13:52:42 +02:00
Gilles Peskine
6210320215
Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys 
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
 2021-10-18 17:53:56 +02:00
Gilles Peskine
bf21c07923
Merge pull request #5072 from mprse/issue_5065 
Use switch statement instead if-else in psa_aead_check_nonce_length() and psa_aead_set_lengths(). Fixes #5065
 2021-10-18 17:51:50 +02:00
Gilles Peskine
7637ab0d8b
Merge pull request #5037 from mprse/issue_4551 
Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
 2021-10-18 10:39:21 +02:00
Przemyslaw Stekiel
316c4fa3ce Address review comments 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-10-15 08:04:53 +02:00
Gilles Peskine
2bb5e9c973
Merge pull request #4760 from gilles-peskine-arm/ecb-alt-ret-3.0 
Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
 2021-10-14 12:11:20 +02:00
Przemyslaw Stekiel
ed61c5e8b0 Add change-log file (issue #5065) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-10-14 09:14:09 +02:00
openluopworld
151ccb2977 update changelog for #4884 
Signed-off-by: openluopworld <wuhanluop@163.com>
 2021-10-13 00:23:30 +08:00
openluopworld
506752299b add changelog file for #4950 
Signed-off-by: openluopworld <wuhanluop@163.com>
 2021-10-12 18:38:50 +08:00
Przemyslaw Stekiel
b576c7b779 Address review comments 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-10-11 10:43:17 +02:00
Paul Elliott
f76dcb2efc Add Changelog.d entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-10-07 18:21:40 +01:00
Przemyslaw Stekiel
770153e836 Add change-log entry 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-10-07 11:12:41 +02:00
Gilles Peskine
b9b817e977 Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length 
PSA_ALG_RSA_PSS algorithm now accepts only the same salt length for
verification that it produces when signing, as documented.

Fixes #4946.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-05 14:26:25 +02:00