Commit graph

926 commits

Author SHA1 Message Date
Dave Rodgman
bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0
Fix NULL+0 undefined behavior in PSA crypto ECB
2022-11-25 17:07:46 +00:00
Bence Szépkúti
6e85673e8d
Merge pull request #3431 from naynajain/development-pkcs7
PKCS7 Parser - RFC 2315
2022-11-25 15:55:46 +01:00
Dave Rodgman
f1419dbbe8
Merge pull request #6381 from tom-cosgrove-arm/pr2164
mbedtls: fix possible false success in mbedtls_cipher_check_tag()
2022-11-25 10:55:10 +00:00
Bence Szépkúti
12269e27b1 Add changelog for PKCS7 parser
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-11-25 05:51:40 +01:00
Manuel Pégourié-Gonnard
fecc6b2fe4 Minor tune-up to ChangeLog & documentation
- fix a recurring typo
- use clearer names

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-24 09:40:12 +01:00
Gilles Peskine
42649d9270 Fix NULL+0 undefined behavior in ECB encryption and decryption
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-23 14:16:52 +01:00
Manuel Pégourié-Gonnard
3518fb11d0 Improve ChangeLog entry for driver-only hashes
- avoid long unstructured paragraph with long messy sentences
- de-emphasize "no longer depends on MD" and emphasize "can work in
some driver-only builds" instead - that's what users are interested in
(building without MD is just the current way to accomplish that, but
that will change in the future)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-23 13:23:28 +01:00
Manuel Pégourié-Gonnard
18a3856a03 Document another limitation of driver-only hashes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-22 11:59:55 +01:00
Gilles Peskine
339406daf9
Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub
Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
2022-11-21 19:51:58 +01:00
Dave Rodgman
9e1836cc16
Merge pull request #6593 from Mbed-TLS/fix_tls12_sent_sigalgs
Fix TLS1.2 signature algorithms list entry getting overwritten by length.
2022-11-21 10:09:57 +00:00
Paul Elliott
96a0fd951f Fix signature algorithms list entry getting overwritten by length.
Fix bug whereby the supported signature algorithm list sent by the
server in the certificate request would not leave enough space for the
length to be written, and thus the first element would get overwritten,
leaving two random bytes in the last entry.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Tom Cosgrove
0f0b548519 Limit ChangeLog entry to 80 characters
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-16 14:23:51 +00:00
Gilles Peskine
af601f9751 Fix undefined behavior with the most negative mbedtls_mpi_sint
When x is the most negative value of a two's complement type,
`(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x`
has well-defined behavior and does what was intended.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 23:02:14 +01:00
Gilles Peskine
db14a9d180 Fix NULL+0 in addition 0 + 0
Fix undefined behavior (typically harmless in practice) of
mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() when
both operands are 0 and the left operand is represented with 0 limbs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 23:00:21 +01:00
Gilles Peskine
806c9588ef Changelog entry for the negative zero from add/sub
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 20:36:18 +01:00
Gilles Peskine
32605b24be
Merge pull request #6559 from ihsinme/patch-1
dh_genprime: Fix issue where the error code returned by mbedtls_mpi_write_file() is incorrectly reported on failure
2022-11-15 12:38:41 +01:00
Aditya Deshpande
bd2bfa92bd Add Changelog entry
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-11-10 15:30:12 +00:00
Gilles Peskine
4a480ac5a1
Merge pull request #6265 from Kabbah/x509-info-hwmodulename-hex
`x509_info_subject_alt_name`: Render HardwareModuleName as hex
2022-11-08 17:11:07 +01:00
Gilles Peskine
42d75f2daf
Merge pull request #6013 from gstrauss/asn1-type-free
Shared code to free x509 structs like mbedtls_x509_named_data
2022-11-08 12:20:20 +01:00
Glenn Strauss
82ba274c01 Deprecate mbedtls_asn1_free_named_data()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-07 15:42:44 -05:00
Gilles Peskine
bf249accc7
Merge pull request #6498 from yuhaoth/pr/fix-session-resumption-fail-when-hostname-is-not-localhost
BUG: Fix session resumption fail when hostname is not localhost
2022-11-07 17:33:38 +01:00
Gilles Peskine
34c09469f3
Merge pull request #5396 from SiliconLabs/codegen_1.1
Driver dispatch Codegen 1.1
2022-11-07 15:27:41 +01:00
Asfandyar Orakzai
9b656d3c80 removed stray whitespaces from change logs
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-03 11:39:36 +01:00
Asfandyar Orakzai
65cd8a4a23 fixed formating issues in psa_crypto_code_gen_1_1.txt
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-03 11:16:40 +01:00
Asfandyar Orakzai
4f63ac4358 fixed changelog formating
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-03 10:18:05 +01:00
Asfandyar Orakzai
ee2b637d03 Fixed change log issue
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-02 21:50:27 +01:00
Dave Rodgman
5875f5f96b Add Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-01 16:28:03 +00:00
Dave Rodgman
e8734d8a55
Apply suggestions from code review
Two spelling fixes (changelog & a comment)

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-31 14:30:24 +00:00
Dave Rodgman
55fd0b9fc1
Merge pull request #6121 from daverodgman/pr277
cert_write - add a way to set extended key usages - rebase
2022-10-31 13:27:49 +00:00
Dave Rodgman
1a22bef116
Merge pull request #6190 from daverodgman/invalid-ecdsa-pubkey
Improve ECDSA verify validation
2022-10-31 09:37:26 +00:00
Jerry Yu
12f5c6b2bc Add changelog entry
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-30 17:57:06 +08:00
Glenn Strauss
a4b4041219 Shared code to free x509 structs
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-10-28 12:51:35 -04:00
Dave Rodgman
b3166f4b2f Update Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-28 11:39:04 +01:00
Dave Rodgman
d7dfc0922e Update Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-28 11:38:05 +01:00
Dave Rodgman
169ae4f528 Add Changelog entry
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-28 11:24:29 +01:00
Ronald Cron
04e2133f45
Merge pull request #6482 from ronald-cron-arm/tls13-misc
TLS 1.3: Update documentation for the coming release and misc
2022-10-28 11:09:03 +02:00
Dave Rodgman
ce48c92c6c Credit Cryptofuzz in the changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-27 20:37:23 +01:00
Dave Rodgman
5d13e5e568 Improve changelog for ECDSA verify fix
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-27 20:34:21 +01:00
Ronald Cron
85b9e09525 Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-26 15:18:37 +02:00
Ronald Cron
c9176a03a7
Merge pull request #6410 from gilles-peskine-arm/psa-pkparse-pkwrite-3.2
PSA with RSA requires PK_WRITE and PK_PARSE
2022-10-26 14:57:36 +02:00
Ronald Cron
4f7feca0dc
Merge pull request #6391 from davidhorstmann-arm/fix-x509-get-name-cleanup
The Open CI ran successfully thus I think we can ignore the internal CI.
2022-10-26 14:27:54 +02:00
Gilles Peskine
8874cd570e
Merge pull request #4826 from RcColes/development
Add LMS implementation
2022-10-14 18:33:01 +02:00
Manuel Pégourié-Gonnard
b3c30907d6
Merge pull request #6383 from mprse/aead_driver_test
Enable testing of AEAD drivers with libtestdriver1
2022-10-14 11:11:01 +02:00
Raef Coles
2ad6e611f0
Update LMS/LMOTS documentation
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:20 +01:00
Raef Coles
8ff6df538c
Add LMS implementation
Also an LM-OTS implementation as one is required for LMS.

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:15 +01:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types
Test TLS 1.2 builds with each encryption type
2022-10-12 12:45:50 +02:00
Przemek Stekiel
ea37bb2403 Add changelog entry
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-12 11:17:41 +02:00
Gilles Peskine
fcee740b83 Automatically enable PK_PARSE for RSA in PSA
PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost
anything with them (import, get attributes, export public from private, any
cryptographic operations). Force it on, for symmetry with what we're doing
for MBEDTLS_PK_WRITE_C. Fixes #6409.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:15:24 +02:00
Gilles Peskine
fd94304f9d PSA RSA needs pk_write
The PSA crypto code needs mbedtls_pk_write_key_der() and
mbedtls_pk_write_pubkey() when using RSA without drivers. We were already
forcing MBEDTLS_PK_WRITE_C when MBEDTLS_USE_PSA_CRYPTO is enabled. Do so
also when MBEDTLS_PSA_CRYPTO_C is enabled as well as MBEDTLS_RSA_C, even
without MBEDTLS_USE_PSA_CRYPTO. Fixes #6408.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:09:12 +02:00