yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
20770 commits 1 branch 0 tags 94 MiB
Commit graph

859 commits

Author SHA1 Message Date
Gilles Peskine
3e56130fb9 psa_raw_key_agreement: return BUFFER_TOO_SMALL when warranted 
psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH,
the only algorithm that is currently implemented. Make it return the correct
error code.

The reason for the wrong error code is that ecdh.c returns
MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It
might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL,
but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the
impact of the fix, handle this in the PSA layer.

Fixes #5735.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:37:54 +02:00
Dave Rodgman
3383e432bc Add changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-10 13:46:09 +01:00
Przemek Stekiel
fd750d1d9a Add change log entry: deprecate mbedtls_cipher_setup_psa 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-06 12:45:34 +02:00
Pol Henarejos
f72803d6f9
Removing tabs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 20:12:13 +02:00
Pol Henarejos
030e802198
Added Changelog entry. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 19:28:15 +02:00
Werner Lewis
b374a98e7d Add ChangeLog entry 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-05-04 16:25:53 +01:00
Gilles Peskine
038108388a
Merge pull request #5654 from gilles-peskine-arm/psa-crypto-config-file 
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
 2022-04-28 18:17:50 +02:00
Gilles Peskine
4acd3c7ab1
Merge pull request #5776 from mprse/mixed_psk_log 
Add change log entry for mixed-psk
 2022-04-28 18:14:41 +02:00
Gilles Peskine
f21617915f
Merge pull request #2082 from hanno-arm/iotssl-2490 
Fix documentation of allowed_pks field in mbedtls_x509_crt_profile
 2022-04-28 18:13:55 +02:00
Hanno Becker
002a7b20ec Adapt ChangeLog 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-04-25 11:17:40 +02:00
Przemek Stekiel
b51561b017 Add change log entry for mixed-psk 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-25 08:52:26 +02:00
Biswapriyo Nath
d7e0ee42b8 cmake: Fix runtime library install location in mingw 
This install DLLs in bin directory instead of lib.

Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
 2022-04-22 20:59:50 +05:30
Biswapriyo Nath
0f2e87bdf5 cmake: Use GnuInstallDirs to customize install directories 
Replace custom LIB_INSTALL_DIR with standard CMAKE_INSTALL_LIBDIR variable.
For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set.

Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
 2022-04-22 20:59:28 +05:30
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk 
Run ssl-opt.sh in more reduced configurations
 2022-04-21 12:03:53 +02:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers 
Unify internal/external TLS protocol version enums
 2022-04-19 17:05:26 +01:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail 
PSA: systematically test operation failure
 2022-04-15 10:52:47 +02:00
Glenn Strauss
d09b343ffc Deprecate mbedtls_ssl_conf_(min/max)_version() 
Deprecate mbedtls_ssl_conf_max_version()
Replaced with mbedtls_ssl_conf_max_tls_version()

Deprecate mbedtls_ssl_conf_min_version()
Replaced with mbedtls_ssl_conf_min_tls_version()

(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
dff84620a0 Unify internal/external TLS protocol version enums 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 13:45:20 -04:00
Gilles Peskine
5dc8a0ac5a Wording improvement 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-14 12:46:06 +02:00
Gilles Peskine
70b8a69b20 Add changelog entry for #3998 fix 
The fix was in https://github.com/ARMmbed/mbedtls/pull/4989.
We forgot to add a changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-13 16:14:01 +02:00
Gilles Peskine
43b0943736
Merge pull request #1946 from hanno-arm/alert_reentrant 
Make mbedtls_ssl_send_alert_message() reentrant
 2022-04-12 11:05:20 +02:00
Manuel Pégourié-Gonnard
eaf3086831
Merge pull request #1133 from RonEld/1805 
Fix Shared Library compilation issue with Cmake
 2022-04-11 09:31:59 +02:00
Krzysztof Stachowiak
8790fa2088 Add ChangeLog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 15:17:47 +01:00
Dave Rodgman
f945e0a475 Update ChangeLog.d/alert_reentrant.txt 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:59:30 +01:00
Hanno Becker
8813c03cb0 Add ChangeLog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:16:55 +01:00
Gilles Peskine
f4c6eb0a49 Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE 
When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, support an alternative file to
include instead of "psa/crypto_config.h", and an additional file to include
after it. This follows the model of the existing MBEDTLS_{,USER_}CONFIG_FILE.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-07 21:40:22 +02:00
Glenn Strauss
236e17ec26 Introduce mbedtls_ssl_hs_cb_t typedef 
Inline func for mbedtls_ssl_conf_cert_cb()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-07 14:18:30 -04:00
Gilles Peskine
a91b68564c
Merge pull request #5429 from yuhaoth/pr/fix-parallel-build-fail-of-cmake_out_source 
fix parallel build fail of cmake out source
 2022-04-07 16:21:43 +02:00
Manuel Pégourié-Gonnard
33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors 
Accessors to own CID within mbedtls_ssl_context
 2022-04-01 11:36:00 +02:00
Paul Elliott
0113cf1022 Add accessor for own cid to ssl context 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-31 19:21:41 +01:00
Manuel Pégourié-Gonnard
3304f253d7
Merge pull request #5653 from paul-elliott-arm/handshake_over 
Add mbedtls_ssl_is_handshake_over()
 2022-03-30 12:16:40 +02:00
Paul Elliott
571f1187b6
Merge pull request #5642 from mprse/ecp_export 
Add ECP keypair export function
 2022-03-29 17:19:04 +01:00
Dave Rodgman
1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal 
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
 2022-03-29 15:34:12 +01:00
Ronald Cron
63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512 
Add rsae sha384 sha512
 2022-03-29 14:01:51 +02:00
Przemek Stekiel
2076cbe511 Add function name to changelog 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-28 07:22:11 +02:00
Tom Cosgrove
87fbfb5d82 SECLIB-667: Accelerate SHA-512 with A64 crypto extensions 
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.

The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-03-23 21:40:53 +00:00
Paul Elliott
93ba3e3918 Add mbedtls_ssl_is_handshake_over() function 
Add function to query if SSL handshake is over or not, in order to
determine when to stop calling mbedtls_ssl_handshake_step among other
things. Document function, and add warnings that the previous method of
ascertaining if handshake was over is now deprecated, and may break in
future releases.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-22 22:47:49 +00:00
Jerry Yu
8beb9e173d Change prototype of pk_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Paul Elliott
a5bebc297b Add changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-21 15:27:25 +00:00
Przemek Stekiel
815af94905 Add ChangeLog file 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-18 15:10:31 +01:00
Ron Eldor
183264cb95 Fix shared library link error with cmake on Windows 
Set the library path as the current binary dir

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-03-17 12:07:50 +00:00
Gilles Peskine
08622b6dc7 Declare PSA_WANT_ALG_CCM_STAR_NO_TAG and use it in tests 
CCM*-no-tag is currently available whenever CCM is, so declare
PSA_WANT_ALG_CCM_STAR_NO_TAG whenever PSA_WANT_ALG_CCM is declared and vice
versa.

Fix dependencies of test cases that use PSA_ALG_CCM_STAR_NO_TAG: some were
using PSA_WANT_ALG_CCM and some had altogether wrong dependencies.

This commit does not touch library code. There is still no provision for
providing CCM support without CCM*-no-tag or vice versa.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-03-16 13:54:25 +01:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless 
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
 2022-03-15 16:43:19 +00:00
Dave Rodgman
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal 
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
 2022-03-14 12:57:37 +00:00
Manuel Pégourié-Gonnard
c11bffe989
Merge pull request #5139 from mprse/key_der_ecc 
PSA: implement key derivation for ECC keys
 2022-03-14 09:17:13 +01:00
Przemek Stekiel
b38f797a24 Add change log entry for psa ECC key derivation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-11 14:12:34 +01:00
Jerry Yu
7599f3109a Update changelog entry 
Remove internal details. Add the condition of the bug.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-11 16:30:20 +08:00
Gilles Peskine
81d903f5aa
Merge pull request #5510 from SiliconLabs/feature/PSEC-3269-MD-X.509-hashing 
feat: MD: X.509 hashing
 2022-03-10 20:16:43 +01:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data 
server certificate selection callback
 2022-03-10 11:51:42 +01:00
Dave Rodgman
73e91e13a6
Merge pull request #2229 from RonEld/fix_test_md_api_violation 
Fix test md api violation
 2022-03-10 09:21:47 +00:00
Paul Elliott
17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn 
Port ALPN support for tls13 client from tls13-prototype
 2022-03-08 17:53:38 +00:00
Jerry Yu
6dd2e34848 Add changelog entry 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-08 14:56:31 +08:00
Gilles Peskine
15364ffb03
Merge pull request #5579 from SiliconLabs/erase_secret_before_free 
Erase secrets in allocated memory before freeing said memory
 2022-03-07 17:04:04 +01:00
Tom Cosgrove
70245bee01 Add ChangeLog entry for fix to mbedtls_md_process() test 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-03-04 16:48:49 +00:00
Andrzej Kurek
3475b26375 Add a changelog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Gilles Peskine
d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters 
Add function to get message digest info from context
 2022-03-02 16:44:26 +01:00
Gilles Peskine
5459a15863
Merge pull request #5365 from Tachi107/msvc-utf-8 
build(msvc): always assume source files are in UTF-8
 2022-03-02 16:42:33 +01:00
Glenn Strauss
6989407261 Add accessor to retrieve SNI during handshake 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Glenn Strauss
36872dbd0b Provide means to reset handshake cert list 
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null.  Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:48 -05:00
Glenn Strauss
2ed95279c0 Add server certificate selection callback 
https://github.com/ARMmbed/mbedtls/issues/5430

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 17:31:49 -05:00
Steven Cooreman
4b94f10b93 Add changelog entry for zeroizing key buffers before freeing 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2022-02-25 16:53:11 +01:00
Andrzej Kurek
a0237f86d3 Add missing key destruction calls in ssl_write_client_key_exchange 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-25 04:36:40 -05:00
Andrea Pappacoda
9202909d07
build(msvc): always assume source files are in UTF-8 
Fixes https://github.com/ARMmbed/mbedtls/issues/4205

Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>
 2022-02-23 23:13:09 +01:00
Gilles Peskine
9cb08822a1 Minor clarification 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:02 +01:00
Gilles Peskine
80dae04f24 Make user_data fields private 
Add accessor functions.

Add unit tests for the accessor functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
c63a1e0e15 Fix mbedtls_ssl_get_version() for TLSv1.3 
Test it in ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
e1a0c25f71 New function to access the TLS version from a context as an enum 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
915896f03c Add accessor function from mbedtls_ssl_context to the configuration 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
69477b5706 Add a field for application data to TLS structures 
In structure types that are passed to user callbacks, add a field that the
library won't ever care about. The application can use this field to either
identify an instance of the structure with a handle, or store a pointer to
extra data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Tom Cosgrove
f3ebd90a1c SECLIB-667: Accelerate SHA-256 with A64 crypto extensions 
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.

The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-02-21 08:37:26 +00:00
Manuel Pégourié-Gonnard
4fa604cc3b
Merge pull request #5511 from SiliconLabs/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0 
feat: Update test_suite_psa_its to NOT use UID=0
 2022-02-17 11:49:33 +01:00
Manuel Pégourié-Gonnard
3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto 
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
 2022-02-16 17:33:47 +01:00
Manuel Pégourié-Gonnard
e14b644f4d
Merge pull request #5456 from mpg/cleanup-ecdh-psa 
Cleanup PSA-based ECDHE in TLS 1.2
 2022-02-15 09:09:07 +01:00
lhuang04
86cacac91a Port ALPN support for tls13 client from tls13-prototype 
Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124).

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2022-02-14 08:03:32 -08:00
Ronald Cron
fb84e98fb4 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-11 16:10:44 +01:00
Gilles Peskine
bebeae9428
Merge pull request #5504 from gstrauss/mbedtls_pem_get_der 
Add accessor to get der from mbedtls_pem_context
 2022-02-10 23:56:57 +01:00
Glenn Strauss
a950938ff0 Add mbedtls_ssl_ticket_rotate for ticket rotation. 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 14:33:15 -05:00
Glenn Strauss
72bd4e4d6a Add accessor to get buf from mbedtls_pem_context 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-08 14:53:46 -05:00
pespacek
d62e906b1c TEST: added psa_its_set expected failure test 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-08 15:19:26 +01:00
pespacek
7599a7744e X.509: use PSA for hashing under USE_PSA_CRYPTO 
When MBEDTLS_USE_PSA_CRYPTO is enabled, use psa_hash_xxx rather than
mbedtls_md_xxx.

Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-08 11:27:42 +01:00
Manuel Pégourié-Gonnard
141be6cc7f Fix missing check on server-chosen curve 
We had this check in the non-PSA case, but it was missing in the PSA
case.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs 
Resolve problems with reduced configs using USE_PSA_CRYPTO
 2022-02-02 10:20:26 +01:00
Paul Elliott
a9f32fbb21
Merge pull request #5382 from lhuang04/tls13_f_export_keys 
Swap the client and server random for TLS 1.3 f_export_keys
 2022-01-28 12:09:19 +00:00
lhuang04
a3890a3427 Swap the client and server random for TLS 1.3 
Summary:

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2022-01-27 06:00:43 -08:00
Andrzej Kurek
76c185b0a3 Add a changelog entry regarding bugfixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-24 10:09:38 -05:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite 
Add accessors for ciphersuite info
 2022-01-24 11:13:31 +01:00
Dave Rodgman
b032685543
Merge pull request #5309 from gilles-peskine-arm/pkparse-pkcs8-unencrypted-no-alloc 
mbedtls_pk_parse_key: don't allocate if not needed
 2022-01-24 10:03:48 +00:00
Gilles Peskine
fe271b9c92
Merge pull request #5253 from AndrzejKurek/chacha-iv-len-16-fixes 
Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
 2022-01-21 21:46:08 +01:00
Andrzej Kurek
ad40bb7f3f Add a changelog entry for forced MBEDTLS_PK_WRITE_C 
Describe why and when it is enabled automatically.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:34:48 -05:00
Andrzej Kurek
f2d4e275a8 Add a changelog entry for the ChaCha20 default behavior change 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Manuel Pégourié-Gonnard
73839e02a7
Merge pull request #5353 from gstrauss/mbedtls_ssl_config_defaults-repeat 
Reset dhm_P and dhm_G if config call repeated; avoid memory leak
 2022-01-14 10:41:06 +01:00
Glenn Strauss
8f52690956 Add accessors for ciphersuite info 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-01-13 00:05:48 -05:00
Bence Szépkúti
08f34656cb Return the same error in multipart and single shot AEAD 
psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning
PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing
PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or
psa_aead_decrypt().

The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT
in the case that the supplied algorithm is not an AEAD one.

Also move these shared checks to a helper function, to reduce code
duplication and ensure that the functions remain in sync.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-01-07 19:36:07 +01:00
Max Fillinger
8737ec2407 Add ChangeLog entry for md_info getter 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2021-12-28 16:53:40 +01:00
Glenn Strauss
cee11296aa Reset dhm_P and dhm_G if config call repeated 
Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated
to avoid leaking memory.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2021-12-20 20:24:56 -05:00
Archana
4a9e02632a
Review comments addressed 
* Updated the default argument to create less noise with argument
  passing.
* Reworded ChangeLog to match MbedTLS documentation/ announcement
  requirements

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-19 13:37:37 +05:30
Archana
21b20c72d3
Add Changelog and update documentation 
Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-19 10:35:15 +05:30
Ronald Cron
831cf48abf Assemble change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-15 09:02:38 +01:00
Ronald Cron
acf0df81f2 Add change log for #4842 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-15 09:02:02 +01:00
Ronald Cron
be252a0da9 Add change log for #4859 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-15 08:43:53 +01:00
Ronald Cron
7e1cb129e8 Add change log for #4514 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-15 08:41:32 +01:00
Ronald Cron
2a4344d1fa Add change log for #4883 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-14 18:11:45 +01:00
Dave Rodgman
a53779dba4 Add missing changelog for ARIA (#4959) 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-14 18:11:45 +01:00
Manuel Pégourié-Gonnard
28e3bcf6e1 Fix misleading ChangeLog entry formatting. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-12-14 18:11:45 +01:00
Manuel Pégourié-Gonnard
4e511ede90 Double-free goes under security, not bugfix. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-12-14 18:11:45 +01:00
Ronald Cron
8188d19b0e Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr 2021-12-14 10:58:18 +01:00
Gilles Peskine
32d2a58cc2
Merge pull request #5325 from gilles-peskine-arm/zeroize-tag-3.1 
Zeroize expected MAC/tag intermediate variables
 2021-12-13 19:09:30 +01:00
Gilles Peskine
a5c18512b9
Merge pull request #5155 from paul-elliott-arm/pcks12_fix 
Fixes for pkcs12 with NULL and/or zero length password
 2021-12-13 14:52:36 +01:00
Gilles Peskine
36d33f37b6 Generalize MAC zeroization changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 12:43:11 +01:00
Dave Rodgman
050ad4bb50
Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac 
Check HMAC return values
 2021-12-13 10:51:27 +00:00
Gilles Peskine
ecf6bebb9c Catch failures of md_hmac operations 
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.

Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-11 15:00:57 +01:00
Gilles Peskine
d5ba50e239 Zeroize local MAC variables 
Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption,
this is just good hygiene but probably not needed for security since the
data protected by the MAC that could leak is about to be transmitted anyway.
In DTLS decryption, this could be a security issue since an adversary could
learn the MAC of data that they were trying to inject. At least with
encrypt-then-MAC, the adversary could then easily inject a datagram with
a corrected packet. TLS would still be safe since the receiver would close
the connection after the bad MAC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-11 14:59:45 +01:00
Gilles Peskine
c11192fcb2
Merge pull request #5290 from minosgalanakis/development 
Document platform architecture portability constraints
 2021-12-10 21:13:11 +01:00
Gilles Peskine
0ca219575a mbedtls_pk_parse_key: don't allocate if not needed 
mbedtls_pk_parse_key() makes a temporary copy of the key when it calls
pk_parse_key_pkcs8_encrypted_der(), because that function requires a
writable buffer. pk_parse_key_pkcs8_encrypted_der() always rejects an
empty password, so skip calling it in that case, which allows us to
skip the allocation as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 17:36:37 +01:00
Minos Galanakis
c10086e33e changelog: Addressed review comments #6 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2021-12-10 15:52:54 +00:00
Ronald Cron
6aeda5305c Add change log for TLS 1.3 MVP 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:48:12 +01:00
Gilles Peskine
d5b2a59826
Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm 
PSA Multipart AEAD CCM Internal implementation and tests.
 2021-12-09 14:49:42 +01:00
Manuel Pégourié-Gonnard
49c20954e4
Merge pull request #865 from davidhorstmann-arm/3.0-fix-session-copy-bug-chglog 
Add changelog entry for session copy bugfix
 2021-12-09 09:21:28 +01:00
David Horstmann
e217edf49c Add changelog entry for session copy bugfix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-12-08 13:32:59 +00:00
Manuel Pégourié-Gonnard
5d9f42200f
Merge pull request #861 from ronald-cron-arm/fix-aead-nonce 
psa: aead: Fix invalid output buffer usage in generate_nonce()
 2021-12-08 13:30:21 +01:00
Manuel Pégourié-Gonnard
39c2aba920
Merge pull request #849 from ronald-cron-arm/fix-cipher-iv 
Avoid using encryption output buffer to pass generated IV to PSA driver
 2021-12-08 13:30:06 +01:00
Ronald Cron
0118627013 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-07 09:28:36 +01:00
Ronald Cron
6fd156aa6b Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-07 09:21:38 +01:00
Gilles Peskine
aa1e9857a5 Add changelog entry for build error fixes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-06 20:58:47 +01:00
Gilles Peskine
1bbf6d645b
Merge pull request #5149 from mfil/feature/additional_cipher_info_getters 
Additional cipher_info getters
 2021-12-03 17:21:51 +01:00
Paul Elliott
117282f25e Delete unneccesary changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-01 17:18:12 +00:00
Gilles Peskine
161d661d90
Merge pull request #5222 from paul-elliott-arm/fix_test_suite_ssl 
Fix test_suite_ssl compilation errors with GCC11
 2021-11-25 22:02:43 +01:00
Paul Elliott
62dc392ef8 Stop CMake out of source tests running on 16.04 
Running the out of source CMake test on Ubuntu 16.04 using more than one
processor (as the CI does) can create a race condition whereby the build
fails to see a generated file, despite that file actually having been
generated. This problem appears to go away with 18.04 or newer, so make
the out of source tests not supported on Ubuntu 16.04

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-25 18:03:50 +00:00
Paul Elliott
472fd176a6 Fix Changelog 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-24 17:45:43 +00:00
Paul Elliott
21c8fe5c6e Fix compilation errors. 
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-24 17:19:51 +00:00
Gabor Mezei
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module 2021-11-24 10:44:13 +01:00
Gilles Peskine
0c9f058504
Merge pull request #5213 from tom-cosgrove-arm/pr_4950 
Fix GCM calculation with very long IV
 2021-11-22 22:22:37 +01:00
Paul Elliott
0b7d5a88d9 Make changelog more specific 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-18 22:39:16 +00:00
Bence Szépkúti
6d48e20d4b Indicate nonce sizes invalid for ChaCha20-Poly1305 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-11-17 18:06:11 +01:00
Paul Elliott
853c0da8de Fix for pkcs12 with NULL or zero length password 
Previously passing a NULL or zero length password into either
mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate
loop, and it was also possible to pass a NULL password, with a non-zero
length, which would cause memory corruption.
I have fixed these errors, and improved the documentation to reflect the
changes and further explain what is expected of the inputs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-11 19:26:37 +00:00
Max Fillinger
7568d1a238 Add Changelog entry for additional getters 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2021-11-10 15:12:04 +01:00
Manuel Pégourié-Gonnard
087f04783d
Merge pull request #5076 from mstarzyk-mobica/psa_ccm_no_tag 
PSA CCM*-no-tag
 2021-11-10 10:18:55 +01:00
Gilles Peskine
c756b5f9fa
Merge pull request #5126 from haampie/fix/DT_NEEDED_for_shared_libraries 
DT_NEEDED for shared builds in makefile
 2021-11-05 12:04:29 +01:00
Harmen Stoppels
3e636161ec Add changelog 
Signed-off-by: Harmen Stoppels <harmenstoppels@gmail.com>
 2021-11-05 09:32:05 +01:00
Gabor Mezei
77390dc8ec
Update changelog with the new public API 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-03 17:12:56 +01:00
Gilles Peskine
c323d4585f Note the change to PSA_ALG_IS_HASH_AND_SIGN in the changelog 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-03 15:51:20 +01:00
Mateusz Starzyk
5bc9bf7584 Add changelog entry for new PSA Crypto API macros. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-11-03 15:47:03 +01:00
Manuel Pégourié-Gonnard
4313d3ac87
Merge pull request #5010 from gilles-peskine-arm/psa-rsa-pss_any_salt 
PSA: fix salt length for PSS verification
 2021-10-29 16:36:36 +02:00
Manuel Pégourié-Gonnard
774b4422e2
Merge pull request #5116 from gilles-peskine-arm/remove-greentea-3.0 
Remove on-target testing
 2021-10-29 09:33:34 +02:00
Gilles Peskine
d025422c28 Remove on-target testing 
It was unmaintained and untested, and the fear of breaking it was holding us
back. Resolves #4934.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-27 11:45:57 +02:00
Mateusz Starzyk
812ef6b379 Fix ccm*-no-tag changelog entry 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-10-27 11:26:47 +02:00
Gilles Peskine
66c9b84f93 Fix typo in documentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 22:15:20 +02:00
Gilles Peskine
680747b868 Fix the build of sample programs without mbedtls_strerror 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 22:09:12 +02:00
Gilles Peskine
66884e6dae Base64 range-based constant-flow code: changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 22:09:12 +02:00
Gilles Peskine
4fa0725936
Merge pull request #5002 from mstarzyk-mobica/psa_output_buffer_limitation 
Remove output buffer limitation for PSA with GCM.
 2021-10-25 19:37:33 +02:00