yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
29158 commits 1 branch 0 tags 94 MiB
Commit graph

1379 commits

Author SHA1 Message Date
Sarvesh Bodakhe
430a4f3968 rsa_signature: Use heap memory to allocate DER encoded RSA private key 
'mbedtls_pk_psa_rsa_sign_ext' function allocates a buffer of maximum
size 5679 bytes (MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES) on the stack to store
DER encoded private key. This increased stack usage significantly for
RSA signature operations when MBEDTLS_PSA_CRYPTO_C is defined.

This issue was discovered when adding support for EAP-TLS 1.3 (rfc9190).

Signed-off-by: Sarvesh Bodakhe <sarvesh.bodakhe@espressif.com>
 2023-07-27 14:51:25 +05:30
Valerio Setti
dfed278218 changelog: fix errors/typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-27 10:57:55 +02:00
Gilles Peskine
7ef14bf8a2
Merge pull request #7835 from gilles-peskine-arm/ssl_premaster_secret-empty-3.4 
Fix empty union when TLS is disabled
 2023-07-27 08:28:21 +00:00
Valerio Setti
4b36c59d42 ChangeLog: improving descriptions of KEY_PAIR changes 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-27 09:15:34 +02:00
Manuel Pégourié-Gonnard
1c739ec277
Merge pull request #7900 from mpg/doc-driver-only 
ECPf wrap-up
 2023-07-26 10:25:54 +02:00
Gilles Peskine
5647d06be8
Merge pull request #7518 from gilles-peskine-arm/psa_inject_entropy-file-stability 
Fix and test MBEDTLS_PSA_INJECT_ENTROPY
 2023-07-21 17:37:15 +02:00
Gilles Peskine
2387bdab0f
Merge pull request #1038 from Mbed-TLS/development 
Merge development into development-restricted
 2023-07-21 15:40:36 +02:00
Thomas Daubney
8907815866 Added ChangeLog entry 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-07-18 18:29:46 +01:00
Ronald Cron
e501d0e71e Add change log and non-regression test 
Add change log and non-regression test
for CCM* with no tag not supported in
CCM only configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-17 11:53:20 +02:00
Marek Jansta
044a98aaa3 Updated changelog 
Signed-off-by: Marek Jansta <jansta@2n.cz>
 2023-07-12 17:15:38 +02:00
Dave Rodgman
f3e488ec40
Merge pull request #7216 from lpy4105/issue/6840/add-getters-for-some-fields 
Add getters for some fields
 2023-07-10 17:14:11 +01:00
Manuel Pégourié-Gonnard
5c41ae867b
Merge pull request #7887 from ronald-cron-arm/fix-hrr-in-psk-kem 
tls13: server: Fix spurious HRR
 2023-07-10 09:58:13 +02:00
Pengyu Lv
5a3f5f450c Add changelog entries 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-10 13:25:28 +08:00
Paul Elliott
2dfe7993af
Merge pull request #6914 from davidhorstmann-arm/cmake-pass-through-config-defines 
Pass `MBEDTLS_CONFIG_FILE` defines through cmake
 2023-07-07 17:01:57 +01:00
Manuel Pégourié-Gonnard
a787c0f986 Add Changelog for driver-only ECC so far 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-07 17:09:14 +02:00
Manuel Pégourié-Gonnard
d38ee855eb Add ChangeLog entry for PK_OPAQUE extensions 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-07 17:09:14 +02:00
Ronald Cron
c75ff730cd Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-07 15:53:34 +02:00
Andrzej Kurek
b8c784cdba Changelog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-07 09:05:41 -04:00
David Horstmann
2d3ba07bf4 Add ChangeLog entry for CMake config defines 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-07-07 11:25:40 +01:00
Dave Rodgman
1917ee7cd1
Merge pull request #7867 from gilles-peskine-arm/readme-python3.8 
Officially require Python 3.8
 2023-07-07 09:58:15 +01:00
Tom Cosgrove
836aed7cf8
Merge pull request #6003 from gstrauss/x509_time 
mbedtls_x509_time performance and reduce memory use
 2023-07-06 09:28:14 +01:00
Dave Rodgman
c8d81ad54d
Merge pull request #7784 from daverodgman/aesce-unroll 2023-07-04 18:41:13 +01:00
Kusumit Ghoderao
5168bd5f0f Add changelog entry 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:03 +05:30
Gilles Peskine
958346917c Officially require Python 3.8 
Our code is still compatible with Python 3.5 at the time of writing, but we
don't want to commit to that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-03 17:59:37 +02:00
Dave Rodgman
9cf17dad9d
Merge pull request #7851 from daverodgman/fix-unused-aes 
Fix AES dependencies - build TF-M config cleanly
 2023-07-03 16:49:00 +01:00
Manuel Pégourié-Gonnard
56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2 
Make use of FFDH keys in TLS 1.3 v.2
 2023-07-03 10:12:33 +02:00
Tom Cosgrove
c4a760c538
Merge pull request #7849 from davidhorstmann-arm/fix-string-to-names-retcode 
Fix false success return code in `mbedtls_x509_string_to_names()`
 2023-06-30 14:28:29 +01:00
Dave Rodgman
c23d2222ea
Merge pull request #7728 from waleed-elmelegy-arm/crypt_and_hash-decrypt-fix 
Fix crypt_and_hash decrypt issue when used with stream cipher
 2023-06-30 11:42:35 +01:00
Dave Rodgman
90282149fa fix trailing whitespace 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 11:29:27 +01:00
Dave Rodgman
6bed2dabc1 Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 10:00:23 +01:00
David Horstmann
582b7cf0d4 Add ChangeLog entry for string_to_names() fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-27 15:38:02 +01:00
Dave Rodgman
9f4fd28eff
Merge pull request #7808 from daverodgman/fix-ct-compile-warning 
Fix for arm64_32 (aka ILP32) on Clang
 2023-06-27 15:23:14 +01:00
Gilles Peskine
e8e1e157cb Fix empty union when TLS is disabled 
When all TLS 1.2 support is disabled, union mbedtls_ssl_premaster_secret was
empty, which is not valid C even if the union is never used. Fixes #6628.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-25 21:41:58 +02:00
Dave Rodgman
140fa15a7f Improve changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-21 12:36:52 +01:00
Dave Rodgman
517e891e55 Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-21 11:16:42 +01:00
Gilles Peskine
fd235bc9df Fix very high stack usage in SSL debug code 
Use a switch instead of an array. The array was very hollow for some enum
types such as mbedtls_ssl_protocol_version (which formerly used small
values, but switched to using the protocol encoding as enum values in Mbed
TLS 3.2.0). Optimizing compilers know how to compile a switch into a lookup
table when the range warrants it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-20 17:48:18 +02:00
Marek Jansta
8bde649c0b Fixed AlgorithmIdentifier parameters when used with ECDSA signature algorithm in x509 certificate 
Signed-off-by: Marek Jansta <jansta@2n.cz>
 2023-06-19 12:49:27 +02:00
Dave Rodgman
418843ed64 Improve changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 15:27:23 +01:00
Valerio Setti
01951f01ad changelog: added entries for explaining changes of this PR 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
Gilles Peskine
f45a5a0ddd
Merge pull request #7700 from silabs-Kusumit/PBKDF2_output_bytes 
PBKDF2: Output bytes
 2023-06-16 10:08:02 +02:00
Dave Rodgman
3650a60586 Update changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-15 18:56:15 +01:00
Gilles Peskine
8c2f18dac2
Merge pull request #7738 from davidhorstmann-arm/fix-iar-typo 
Fix typo in CMakeList.txt in IAR compiler flags
 2023-06-15 19:24:00 +02:00
David Horstmann
ff4b6a8d18 Reword changelog entry 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-15 14:08:19 +01:00
Dave Rodgman
2e7d57270e
Merge pull request #7624 from daverodgman/aes-perf 
AES perf improvements
 2023-06-15 12:10:06 +01:00
Tom Cosgrove
6edf8b8c7b
Merge pull request #7451 from yanrayw/7376_aes_128bit_only 
Introduce config option of 128-bit key only in AES calculation
 2023-06-15 10:35:32 +01:00
Gilles Peskine
6966141561 Changelog entry for the MBEDTLS_CIPHER_BLKSIZE_MAX deprecation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
SlugFiller
daa363b4d3
Add changelog entry 
Signed-off-by: SlugFiller <5435495+SlugFiller@users.noreply.github.com>
 2023-06-14 05:42:12 +03:00
Waleed Elmelegy
3bc6feae89 Add crypt_and_hash decrypt issue to Changelog 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-06-12 17:37:23 +01:00
Dave Rodgman
12d89741bf Improve phrasing 
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
 2023-06-11 16:29:54 +01:00
Dave Rodgman
5a46dfae2c Changelog for SHA-384 max block size bug 
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
 2023-06-11 16:23:02 +01:00
Dave Rodgman
0e22597871 Update Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-09 17:23:20 +01:00
Glenn Strauss
4b2a6e8df3 Reuse time when verifying certificate chain 
Replace mbedtls_x509_time_is_past(), mbedtls_x509_time_is_future()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-06-09 17:01:03 +01:00
Glenn Strauss
416dc03467 mbedtls_x509_time_cmp() compare mbedtls_x509_time 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-06-09 17:01:03 +01:00
Tom Cosgrove
ef2aa0ecad Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c 
If we're built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a
way to detect the crypto extensions required, the code turns off _IF_PRESENT
and falls back to C only (with a warning). This was done after the attributes
are pushed, and the pop is done only #if defined(xxx_IF_PRESENT), so this
commit fixes that.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-06-09 11:29:50 +01:00
Gilles Peskine
95b43a04a9
Merge pull request #7651 from daverodgman/fix-armclang-compile-fail 
Fix armclang compile fail
 2023-06-08 14:36:18 +02:00
Kusumit Ghoderao
e5dd11164a Edit changelog 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-08 16:43:32 +05:30
Dave Rodgman
05d71ffe5b Merge remote-tracking branch 'origin/development' into sha3-updated 2023-06-07 18:02:04 +01:00
Dave Rodgman
cf4d2bdc09 Spell as SHA-3 not SHA3 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 17:08:09 +01:00
Gilles Peskine
d598eaf212
Merge pull request #7106 from davidhorstmann-arm/parse-oid-from-string 
Parse an OID from a string
 2023-06-06 20:57:17 +02:00
Przemek Stekiel
da4fba64b8 Further code optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel
316c19ef93 Adapt guards, dependencies + optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel
f0d5df0c88 Add changelog entry (FFDH in TLS 1.3) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Kusumit Ghoderao
354434c466 Add changelog entry 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-06 15:05:47 +05:30
Gilles Peskine
5c3d6e277c
Merge pull request #7575 from AndrzejKurek/URI-SAN-verification 
Add partial support for URI SubjectAltNames verification
 2023-06-05 16:46:47 +02:00
Gilles Peskine
84b547b5ee
Merge pull request #7400 from AndrzejKurek/cert-write-sans 
Add a possibility to generate certificates with a Subject Alternative Name
 2023-06-05 15:38:38 +02:00
Dave Rodgman
4db4d6b9b0 Improve changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
 2023-06-04 20:41:24 -04:00
Dave Rodgman
49bd1f2cb2 Fix spelling in Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
 2023-06-02 10:31:49 -04:00
Manuel Pégourié-Gonnard
0b68784053
Merge pull request #7577 from mprse/ffdh_drivers 
FFDH 3b: add driver testing (no TLS 1.3)
 2023-06-01 10:26:08 +02:00
David Horstmann
57b5d22a9e Reword ChangeLog entry for consistency 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-05-31 14:36:41 +01:00
Robin Kastberg
925c9b826d
Create bugfix_iar_typo.txt 
Changelog entry

Signed-off-by: Robin Kastberg <robin.kastberg@iar.com>
 2023-05-26 16:06:44 +02:00
Dave Rodgman
1ae50aebb9 Update Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-25 09:46:34 +01:00
Dave Rodgman
a1f51c213c Fix Changelog formatting 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-24 13:02:18 +01:00
Dave Rodgman
a55e12c525 Add Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-24 12:15:26 +01:00
Dave Rodgman
b19b63a639 Changelog update 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-22 19:56:03 +01:00
Dave Rodgman
0805ad10b2 XOR perf improvements 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-19 11:48:10 +01:00
Andrzej Kurek
1bc7df2540 Add documentation and a changelog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-17 15:23:56 -04:00
Tom Cosgrove
6d62faca8e Only include psa_pake_setup() and friends if some PAKE algorithms are required 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-05-12 12:36:24 +01:00
Przemek Stekiel
ea52e1a43f Add changelog entry (FFDH driver dispatch) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-05-11 12:23:12 +02:00
Andrzej Kurek
199eab97e7 Add partial support for URI SubjectAltNames 
Only exact matching without normalization is supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-10 09:57:19 -04:00
Yanray Wang
463351d824 ChangeLog: remove issue number as this is a new feature 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-05-10 18:10:03 +08:00
Yanray Wang
a30c72fc44 rewrite ChangeLog 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-05-10 10:13:39 +08:00
Gilles Peskine
97edeb4fb8
Merge pull request #6866 from mprse/extract-key-ids 
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
 2023-05-08 20:38:29 +02:00
Pol Henarejos
d06c6fc45b
Merge branch 'development' into sha3 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-05-05 16:01:18 +02:00
Yanray Wang
d9bf370fbe add ChangeLog entry 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-05-05 16:28:35 +08:00
Jethro Beekman
0167244be4 Read and write X25519 and X448 private keys 
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
Co-authored-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
Signed-off-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
 2023-05-04 13:01:47 +02:00
Gilles Peskine
d3ca5e5897
Merge pull request #7328 from mprse/ec-jpake-fix1 
Fix the JPAKE driver interface for user+peer
 2023-05-02 20:42:25 +02:00
Gilles Peskine
672a771227 Fix a build error when MBEDTLS_PSA_INJECT_ENTROPY is enabled 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-28 21:00:28 +02:00
Gilles Peskine
53a9ac576d
Merge pull request #7443 from mprse/psa_init_in_programs 
Init PSA in ssl and x509 programs
 2023-04-28 12:49:11 +02:00
JonathanWitthoeft
2a878a85a6
Adjust ChangeLog 
Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
 2023-04-26 19:00:46 -05:00
JonathanWitthoeft
9b265180cc
Make mbedtls_ecdsa_can_do definition unconditional 
Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
 2023-04-26 16:09:28 -05:00
David Horstmann
b6ff8a2c4b Add ChangeLog entry for string-to-OID parsing 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-04-26 12:10:36 +01:00
Przemek Stekiel
6cec5e9d9e Add changelog entry (PSA initialization in sample programs) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-24 08:03:30 +02:00
Gilles Peskine
935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip 
x509 SAN IP parsing
 2023-04-21 22:00:58 +02:00
Ronald Cron
f54762e498
Merge pull request #7415 from Harshal5/fix/declaration_of_mbedtls_ecdsa_sign_det_restartable_function 
ecdsa: fix `-missing-prototypes` warning when `MBEDTLS_ECDSA_SIGN_ALT` is defined
 2023-04-17 15:41:25 +02:00
harshal.patil
8c77644906 ecdsa: fix -missing-prototypes warning when MBEDTLS_ECDSA_SIGN_ALT is defined 
- In `mbedtls/v3.4.0`, ECDSA restartable sign and verify functions (`ecdsa.c`) were made public.
- But the `mbedtls_ecdsa_sign_det_restartable` function prototype was declared in the file `ecdsa.h`,
  only when `MBEDTLS_ECDSA_SIGN_ALT` is not defined.

Signed-off-by: harshal.patil <harshal.patil@espressif.com>
 2023-04-17 12:53:00 +05:30
Eugene K
3208b0b391 add IP SAN tests changes per mbedTLS standards 
Signed-off-by: Eugene K <eugene.kobyakov@netfoundry.io>
 2023-04-11 08:29:42 -04:00
Gilles Peskine
7c1c7ce90e
Merge pull request #7401 from AndrzejKurek/md-guards-missing 
Add missing md.h includes
 2023-04-11 09:32:17 +02:00
Ronald Cron
4d31496294 Update TLS 1.3 documentation and add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Andrzej Kurek
468a99ed0b Add a changelog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-06 03:04:15 -04:00
toth92g
d96027acd2 Correcting documentation issues: 
- Changelog entry is Feature instead of API Change
- Correcting whitespaces around braces
- Also adding defensive mechanism to x509_get_subject_key_id
  to avoid malfunction in case of trailing garbage

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
toth92g
27f9e7815c Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields 
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
Manuel Pégourié-Gonnard
86d5d4bf31
Merge pull request #7103 from valeriosetti/issue6622 
Some MAX_SIZE macros are too small when PSA ECC is accelerated
 2023-04-03 16:23:27 +02:00
Valerio Setti
3a3a756431 adding missing newline at the end of changelog file 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-03 10:55:29 +02:00
Valerio Setti
0a7ff791a6 add Changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-03 09:18:41 +02:00
Dave Rodgman
b8f5ba826b
Merge pull request #6891 from yuhaoth/pr/add-milliseconds-platform-function 
Add milliseconds platform time function
 2023-03-31 11:47:37 +01:00
Andrzej Kurek
9fa1d25aeb Add changelog entry for directoryname SAN 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-29 11:38:47 -04:00
Paul Elliott
d01a3bca05 Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback 
Mbed TLS 3.4.0
 2023-03-27 18:09:49 +01:00
Manuel Pégourié-Gonnard
a71594538f Add a ChangeLog entry for driver-only hashes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:44:59 +01:00
Przemek Stekiel
ebfeb172ee Add change log entry (j-pake user/peer accept any values) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-23 13:37:18 +01:00
Paul Elliott
dbe435cda0 Assemble Changelog for 3.4.0 release 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-23 10:46:10 +00:00
Tom Cosgrove
4903139bc4 Add security entry to ChangeLog for AES-NI 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-22 17:43:40 +00:00
Tom Cosgrove
a9c58584be Add security entry to ChangeLog for AES-CE 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-22 17:42:17 +00:00
Paul Elliott
e214827347 Add TLS1.2 Opaque ECJPAKE changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-22 15:03:32 +00:00
Valerio Setti
89029e7366 changelog: fix description for ECDH changes 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:48:34 +01:00
Valerio Setti
8427b56d71 added changelog for accelerated ECDH changes 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:48:34 +01:00
Paul Elliott
1b5957165a Add Changelog for PSA to Mbed TLS error translation unification 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-21 16:38:31 +00:00
Tom Cosgrove
c4d759b697 Update AESCE changelog entry 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-21 16:31:18 +00:00
Tom Cosgrove
dcc0ee1a1e Update changelog entry, splitting into two sections 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-21 15:52:20 +00:00
Jerry Yu
8d3fa9bd7b Add changelog entry for #6932 and #7203 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-03-21 15:52:08 +00:00
Paul Elliott
3201f56952 Rename misnamed changelog entries 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-21 15:46:33 +00:00
Paul Elliott
f1eb5e2a04 Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-21 15:35:17 +00:00
Dave Rodgman
3543806026
Merge pull request #7190 from yanrayw/6197_rsa_get_padding_hashID 
RSA: provide interface to retrieve padding mode and hash_id
 2023-03-20 18:34:53 +00:00
Dave Rodgman
d3b6e92967
Merge pull request #997 from gilles-peskine-arm/aesni-intrinsics 
Implement AESNI with intrinsics
 2023-03-20 18:20:51 +00:00
Manuel Pégourié-Gonnard
e9a60224fd Add ChangeLog entry for driver-only EC J-PAKE 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-20 10:03:55 +01:00
Yanray Wang
b46ccf235c fix line length of ChangeLog 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-20 12:41:10 +08:00
Dave Rodgman
f992e6fe38 Changelog for AESCE support 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-17 17:52:38 +00:00
Dave Rodgman
8a7ed6951d Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-17 18:58:11 +08:00
Paul Elliott
9f02a4177b
Merge pull request #7009 from mprse/csr_write_san 
Added ability to include the SubjectAltName extension to a CSR - v.2
 2023-03-17 10:07:27 +00:00
Gilles Peskine
74b4223c81 Announce the expanded AESNI support 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-16 17:50:15 +01:00
Dave Rodgman
680dbd46ae
Merge pull request #7270 from DemiMarie/oid-fix 
Fix segfault in mbedtls_oid_get_numeric_string
 2023-03-16 12:21:36 +00:00
Demi Marie Obenour
889534a4d2 Fix segfault in mbedtls_oid_get_numeric_string 
When passed an empty OID, mbedtls_oid_get_numeric_string would read one
byte from the zero-sized buffer and return an error code that depends on
its value.  This is demonstrated by the test suite changes, which
check that an OID with length zero and an invalid buffer pointer does
not cause Mbed TLS to segfault.

Also check that second and subsequent subidentifiers are terminated, and
add a test case for that.  Furthermore, stop relying on integer division
by 40, use the same loop for both the first and subsequent
subidentifiers, and add additional tests.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
 2023-03-16 01:06:41 -04:00
Gilles Peskine
2a44ac245f
Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api 
ssl_cache: Add cache entry removal api
 2023-03-15 15:38:06 +01:00
Janos Follath
0086f8626a Add changelog entry 
PR7083 silently fixed a security vulnerability in public, this commit
adds a changelog entry for it.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-03-15 13:31:48 +00:00
Dave Rodgman
a94c90d30d
Merge pull request #7282 from gilles-peskine-arm/changelog-6567-psa_key_derivation_abort-no-other_secret 
Add changelog entry for a bug in non-PAKE code fixed during PAKE work
 2023-03-15 09:27:33 +00:00
Manuel Pégourié-Gonnard
18336dace2
Merge pull request #7196 from mprse/ecjpake-driver-dispatch-peer-user 
EC J-PAKE: partial fix for role vs user+peer
 2023-03-15 09:37:30 +01:00
Pengyu Lv
db47f2fbd4 Add changelog entry for new API 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-15 15:01:36 +08:00
Gilles Peskine
51b2868f3c Add changelog entry for a bug in non-PAKE code fixed during PAKE work 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-14 21:41:54 +01:00
Gilles Peskine
215ecd0439
Merge pull request #7252 from daverodgman/enable_pkcs7 
Enable PKCS 7
 2023-03-14 10:39:50 +01:00
Paul Elliott
e4622a3436 Merge remote-tracking branch 'development/development' into development-restricted 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-13 17:49:32 +00:00
Przemek Stekiel
a11c1d141e Reword change log entry 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-13 16:21:40 +01:00
Dave Rodgman
756b028511
Merge pull request #7171 from daverodgman/pr5527 
Fix undefined behavior in ssl_read if buf parameter is NULL
 2023-03-13 10:46:29 +00:00
Jerry Yu
3373ccaa18 Update changelog 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-03-13 11:39:43 +08:00
Przemek Stekiel
8b429ba414 Add change log entry (EC j-pake driver dispatch) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-12 16:59:28 +01:00
Przemek Stekiel
9cc1786e46 Add chenage log entry for j-pake user/peer partial fix 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-12 16:59:20 +01:00
Dave Rodgman
957cc36be9 Improve wording; use PKCS #7 not PKCS7 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 08:50:58 +00:00
Dave Rodgman
3fe2abf306 Apply suggestions from code review 
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 08:50:58 +00:00
Dave Rodgman
d12b592bc1 Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 08:50:58 +00:00
Manuel Pégourié-Gonnard
c2495f78e6 Add a ChangeLog entry for driver-only ECDSA 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-10 12:37:16 +01:00
Przemek Stekiel
89e268dfb9 Add change log entry (SubjectAltName extension in CSR) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 14:04:17 +01:00
Dave Rodgman
4693fd9e9e
Merge pull request #7173 from daverodgman/zeroize-platform 
Use platform-provided secure zeroization
 2023-03-06 09:16:12 +00:00
Pol Henarejos
f61d6c0a2b
Merge branch 'development' into sha3 2023-03-04 00:03:06 +01:00
Dave Rodgman
1f39a62ce6
Merge pull request #7151 from gilles-peskine-arm/psa-headers-alt 
Allow alternative names for overridable PSA headers
 2023-03-03 12:37:51 +00:00
Jerry Yu
8049346989 Add change log entry for mbedtls_ms_time 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-03-03 11:19:07 +08:00
Gilles Peskine
cc29bfd92a Bug fixes from the split of ssl_handle_hs_message_post_handshake 
The split of ssl_handle_hs_message_post_handshake() into
ssl_tls12_handle_hs_message_post_handshake() and
ssl_tls13_handle_hs_message_post_handshake() fixed some user-visible bugs.
Add a changelog entry for those bugs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-01 19:49:58 +01:00
Dave Rodgman
dd4427cc5b
Merge pull request #7169 from AndrzejKurek/mpi-window-size 
Reduce the default MBEDTLS_ECP_WINDOW_SIZE value from 6 to 2
 2023-02-27 17:12:38 +00:00
Paul Elliott
ac2251dad1
Merge pull request #7076 from mprse/parse_RFC822_name 
Add parsing of x509 RFC822 name + test
 2023-02-27 14:16:13 +00:00
Dave Rodgman
bf0597f804 Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-24 17:45:41 +00:00
Dave Rodgman
fd8929cfd1 Improve changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-24 15:57:30 +00:00
Ashley Duncan
88240e769f Added changelog entry. 
Signed-off-by: Ashley Duncan <ashley.duncan@evnex.com>
 2023-02-24 15:57:30 +00:00
Andrzej Kurek
86f30ff626 Reduce the default MBEDTLS_ECP_WINDOW_SIZE value to 2 
As tested in https://github.com/Mbed-TLS/mbedtls/issues/6790,
after introducing side-channel counter-measures to bignum,
the performance of RSA decryption in correlation to the
MBEDTLS_ECP_WINDOW_SIZE has changed.
The default value of 2 has been chosen as it provides best
or close-to-best results for tests on Cortex-M4 and Intel i7.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-24 07:51:21 -05:00
Paul Elliott
a3b625b0a1
Merge pull request #7098 from gilles-peskine-arm/retval-non-empty 
Pacify Clang 15 about empty \retval
 2023-02-24 09:10:53 +00:00
Gilles Peskine
b1176f2583 Allow alternative names for overridden PSA headers 
Integrators of Mbed TLS may override the header files
"psa/crypto_platform.h" and "psa/crypto_struct.h" by overwriting the files
or by placing alternative versions earlier in the include file search path.
These two methods are sometimes inconvenient, so allow a third method which
doesn't require overwriting files or having a precise order for the include
path: integrators can now specify alternative names for the headers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-22 22:07:28 +01:00
Gilles Peskine
ffb92b0789
Merge pull request #7105 from davidhorstmann-arm/fix-oid-printing-bug 
Fix bugs in OID to string conversion
 2023-02-21 23:16:44 +01:00
Gilles Peskine
250a5ac4cb
Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle 
Implement PSA interruptible sign/verify hash
 2023-02-21 15:13:34 +01:00
Ronald Cron
d89360b87b Fix and improve documentation, comments and logs 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-21 14:57:25 +01:00
Przemek Stekiel
d7820b7026 Add change log entry: SAN rfc822Name 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-20 15:09:50 +01:00
Ronald Cron
675d97d42e Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-20 11:42:19 +01:00
Manuel Pégourié-Gonnard
718eb4f190
Merge pull request #7025 from AndrzejKurek/uri_san 
Add the uniformResourceIdentifier subtype for the subjectAltName
 2023-02-20 11:29:59 +01:00
Paul Elliott
e04e15b766 Add Changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
David Horstmann
21b8387929 Add ChangeLog for OID-to-string fixes 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-15 13:07:49 +00:00
Gilles Peskine
4386cf188d Changelog entry for pacifying clang -Wdocumentation about \retval 
Fixes #6960

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-14 19:26:56 +01:00
Paul Elliott
1748de160a Fix IAR Warnings 
IAR was warning that conditional execution could bypass initialisation of
variables, although those same variables were not used uninitialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-13 15:35:35 +00:00
Andrzej Kurek
3e8f65a7e2 Add a changelog entry for URI SAN parsing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-13 10:21:20 -05:00
Gilles Peskine
928593f732
Merge pull request #7041 from gilles-peskine-arm/pk_ext-pss_options-public 
Make the fields of mbedtls_pk_rsassa_pss_options public
 2023-02-10 15:08:06 +01:00
Gilles Peskine
b8531c4b0b
Merge pull request #6882 from AndrzejKurek/x509_san_parsing_testing-dev 
X.509: Fix bug in SAN parsing and enhance negative testing
 2023-02-10 15:05:32 +01:00
Manuel Pégourié-Gonnard
cf1c16af6e
Merge pull request #6925 from gilles-peskine-arm/coding-style-doc 
Switch to the new coding style: documentation
 2023-02-10 10:05:27 +01:00
Pol Henarejos
4e747337ee
Merge branch 'development' into sha3 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-02-07 19:55:31 +01:00
Hanno Becker
dc0e8b92f8 Add a ChangeLog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-07 05:10:29 -05:00
Gilles Peskine
4c77601832
Merge pull request #6975 from davidhorstmann-arm/c-build-helper-improvements 
Minor improvements to `c_build_helper.py`
 2023-02-07 10:25:59 +01:00
Dave Rodgman
94c9c96c94
Merge pull request #6998 from aditya-deshpande-arm/fix-example-programs-usage 
Fix incorrect dispatch to USAGE in example programs, which causes uninitialized memory to be used
 2023-02-06 09:53:50 +00:00
Gilles Peskine
0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3 
Parsing v3 extensions from a CSR - v.2
 2023-02-03 16:41:11 +01:00
Gilles Peskine
34c43a871f Make the fields of mbedtls_pk_rsassa_pss_options public 
This makes it possible to verify RSA PSS signatures with the pk module,
which was inadvertently broken since Mbed TLS 3.0. Fixes #7040.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-02 23:06:37 +01:00
Aditya Deshpande
3b18a29c13 Amend changelog entry 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-02-02 09:06:00 +00:00
David Horstmann
a43e332fe4 Fix near-tautological repetition in ChangeLog 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-01 13:39:57 +00:00
Gilles Peskine
a193986aab
Merge pull request #6942 from ucko/2023a-bignum 
mbedtls_mpi_sub_abs: Skip memcpy when redundant (#6701).
 2023-02-01 11:36:25 +01:00
Aaron M. Ucko
a2b674f9a7 Simplify ChangeLog entry for mbedtls_mpi_sub_abs fix. 
Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>
 2023-01-31 15:31:18 -05:00
Aditya Deshpande
d05aa0fc60 Add changelog entry 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-01-30 17:22:07 +00:00
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843 
Improve X.509 cert writing serial number management
 2023-01-30 13:08:57 +01:00
David Horstmann
6fcc77cf5e Add ChangeLog for c_build_helper improvements 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-01-27 19:53:49 +00:00
Przemek Stekiel
3022370896 Add changelog entry for V3 extensions in CSR 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-27 16:06:08 +01:00
Manuel Pégourié-Gonnard
169d9e6eb4
Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215 
Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS
 2023-01-27 10:05:00 +01:00
Valerio Setti
af4815c6a4 x509: replace/fix name of new function for setting serial 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-26 17:43:09 +01:00
Dave Rodgman
fd09b31011 Add Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-01-20 11:41:43 +00:00
Gilles Peskine
bb3814c7a8 Reject key agreement chained with PSA_ALG_TLS12_ECJPAKE_TO_PMS 
The key derivation algorithm PSA_ALG_TLS12_ECJPAKE_TO_PMS cannot be
used on a shared secret from a key agreement since its input must be
an ECC public key. Reject this properly.

This is tested by test_suite_psa_crypto_op_fail.generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-19 12:11:23 +01:00
Gilles Peskine
ecaa7ca507 Add missing supported algorithm to psa/crypto_config.h 
The following shell command lists features that seem to be supported, but
are missing from include/psa/crypto_config.h:
```
for x in $(grep -ho -Ew '(PSA_WANT|MBEDTLS_PSA_BUILTIN)_\w+_\w+' library/psa_crypto*.c | sed 's/^MBEDTLS_PSA_BUILTIN/PSA_WANT/' | sort -u); do grep -qw $x include/psa/crypto_config.h || echo $x; done
```
This looks for PSA_WANT_<kind>_<thing> macros that gate a part of the
library, as well as their MBEDTLS_PSA_BUILTIN_<kind>_<thing> counterparts.
This is not necessarily a complete list of identifiers that must appear
in the config file, since a few features are not gated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-19 12:11:18 +01:00
Aaron M. Ucko
af67d2c1cf mbedtls_mpi_sub_abs: Skip memcpy when redundant (#6701). 
In some contexts, the output pointer may equal the first input
pointer, in which case copying is not only superfluous but results in
"Source and destination overlap in memcpy" errors from Valgrind (as I
observed in the context of ecp_double_jac) and a diagnostic message
from TrustInSoft Analyzer (as Pascal Cuoq reported in the context of
other ECP functions called by cert-app with a suitable certificate).

Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>
 2023-01-17 11:52:22 -05:00
Gilles Peskine
12f4122068 Announce coding style change in the changelog 
It doesn't affect users, but it affects some other external consumers of the
library.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-13 12:04:14 +01:00
Valerio Setti
791bbe629d programs: improved cert_write serial management 
Now it can accept serial both as decimal and hex number (only one format
at a time, of course, not simultaneously).

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:45 +01:00
Valerio Setti
ea19d2db73 changelog: fixed typos 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Valerio Setti
903b6aa87d Changelog: list changes in x509write_crt module 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Dave Rodgman
05bdb13be3 Update README and add changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-01-11 18:56:11 +00:00
Ronald Cron
83c5ad4873
Merge pull request #6787 from yuhaoth/pr/workaround-gnutls_anti_replay_fail 
TLS 1.3: EarlyData: Workaround anti replay fail from GnuTLS
 2023-01-11 09:05:36 +01:00
Gilles Peskine
f9c8d76db6
Merge pull request #6893 from tom-daubney-arm/modify_generate_errors_script 
Make generate_errors.pl handle directory names containing spaces when opening files
 2023-01-10 22:09:58 +01:00
Dave Rodgman
bbbd803c2e Add Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-01-10 10:08:12 +00:00
Thomas Daubney
1efe4a874d Add ChangeLog entry 
Add ChangeLog entry documenting bugfix.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-01-10 09:35:39 +00:00
Jerry Yu
3e60cada5d Improve comment and changlog 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-01-10 14:58:08 +08:00
Jerry Yu
99e902f479 Add changlog entry. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-01-07 20:20:35 +08:00
Manuel Pégourié-Gonnard
7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702 
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
 2023-01-03 09:36:58 +01:00
Valerio Setti
62e1ebbbc7 changelog: fix text error 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-28 13:28:42 +01:00
Valerio Setti
fe6c19b69c added changelog file for PR #6784 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-22 15:05:27 +01:00
Manuel Pégourié-Gonnard
2510dd41bf
Merge pull request #6282 from gstrauss/sw_derive_y 
mbedtls_ecp_point_read_binary from compressed fmt
 2022-12-22 10:20:31 +01:00
Dave Rodgman
2038da9266
Merge pull request #6826 from daverodgman/fix_gettimeofday 
Fix gettimeofday overflow
 2022-12-20 16:01:53 +00:00
Dave Rodgman
327b69c8a2 Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-20 13:16:34 +00:00
Gilles Peskine
d1dd41f3fc
Merge pull request #6723 from mpg/restartable-vs-use-psa 
Document ECP_RESTARTABLE and make it compatible with USE_PSA
 2022-12-15 19:47:44 +01:00
Dave Rodgman
01f6e61781
Merge pull request #986 from Mbed-TLS/merge-back-3.3.0-3 
Merge back 3.3.0 3
 2022-12-14 19:18:05 +00:00
Manuel Pégourié-Gonnard
ebf322ddf6
Merge pull request #6629 from concatime/cmake-config-dir 
Install CMake files in MbedTLS dir
 2022-12-14 10:30:52 +01:00
Manuel Pégourié-Gonnard
a9ac61203b
Merge pull request #6666 from daverodgman/fast_unaligned 
Fast unaligned memory access macros
 2022-12-12 12:18:17 +01:00
Dave Rodgman
852191e0b5 Improve Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-09 14:24:33 +00:00
Manuel Pégourié-Gonnard
67bad73e87 Add a ChangeLog entry for the ECDSA deterministic change 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-12-09 10:09:34 +01:00
Dave Rodgman
69591e9207 Assemble changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-08 14:59:54 +00:00
Dave Rodgman
a5b2c52885 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-3.3.0rc0-pr 2022-12-08 14:10:59 +00:00
Dave Rodgman
b74aa5a224 Add Changelog for Arm compile fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-08 13:43:08 +00:00
Dave Rodgman
98be95563d
Merge pull request #6689 from gilles-peskine-arm/changelog-20221129-pre-3.3 
Changelog improvements for 3.3
 2022-12-06 13:37:24 +00:00
Gilles Peskine
77d3057c6d More grammar fixes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-06 11:25:09 +01:00
Dave Rodgman
acbb6dc364 Merge remote-tracking branch 'origin/development' into merge-dev 2022-12-05 10:59:23 +00:00
Issam E. Maghni
760f3a0a48 Install CMake files in MbedTLS dir 
Right now, CMake files are installed in <prefix>/cmake. That being said,
it gets easily bloated, and the standard is to use a directory with the
same name as the project.

I discovered this issue with this "bug":
https://github.com/termux/termux-packages/issues/12416
The issue's author claimed that MbedTLS's files were not installed in
the lib directory. But the patch applied by termux team broke CMake's
search of MbedTLS config files. So I wanted to upstream the real fix
here instead.

Here are some examples of projects using directories:
 - https://github.com/xiph/flac/blob/1.4.2/CMakeLists.txt#L239
 - https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.15.2/CMakeLists.txt#L675
 - https://github.com/catchorg/Catch2/blob/v3.2.0/CMakeLists.txt#L62
 - https://github.com/capnproto/capnproto/blob/v0.10.2/c++/CMakeLists.txt#L162

Signed-off-by: Issam E. Maghni <issam.e.maghni@mailbox.org>
 2022-12-04 03:00:38 +00:00
Gilles Peskine
cf0074b2c8 More wording improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine
afb15206b5 Wording clarification 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine
f3cc9d925f Improve "codegen 1.1" entry 
"version 1.1 of #5137" is not meaningful to users, only as an internal
project milestone. Explain what this means from a user's point of view.

Announce the requirement for jsonschema in the proper section, which is
"Requirement changes". Mention jinja2 and basic.requirements.txt which
had not previously been explicitly mentioned in the changelog.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine
723bee67b2 Wrap lines to 79 columns max 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine
5ba1697e8a Put behavior change in the correct category 
"Changes" is for miscellaneous stuff that doesn't affect backward
compatibility.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine
6593c7e1cb Clarify PSS sigalg entry 
If my understanding is correct (to be confirmed in review), this is a new
feature which was not particularly desired on its own but was the simplest
way to fix an interoperability issue in TLS 1.2 caused accidentally by
the work on TLS 1.3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine
29a56a1251 Clarify ASN.1 entry named data free functions 
Mention the name of the new functions in the "Features" entry. Clarify what
they're for (there's no structure called mbedtls_x509_named_data, it's
mbedtls_asn1_named_data, but that name isn't so important here since we've
mentioned the names of the functions).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine
6d069afe6b Clarify that these two entries are about CMake 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine
20c1f03dd5 Improve wording, punctuation, etc. 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:47 +01:00
Dave Rodgman
bc5f03dabc Disable PKCS7 by default; improve docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-01 18:32:23 +00:00
Paul Elliott
266f79c136
Merge pull request #6426 from aditya-deshpande-arm/driver-wrapper-key-agreement 
Add driver dispatch layer for raw key agreement, along with test call for transparent drivers.
 2022-12-01 11:40:52 +00:00
Dave Rodgman
7f62f36f82 Add changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-01 09:44:31 +00:00
Aditya Deshpande
5484e96117 Add changelog entry 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-30 15:56:42 +00:00
Gilles Peskine
787c79dc1a Remove changelog entry for an internal change 
We removed internal code left over after removing a feature in Mbed TLS 3.0.
The removal of the internal code is not user-visible.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-29 22:27:03 +01:00
Gilles Peskine
d622c7de56 Changelog entry files must have a .txt extension 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-29 22:18:05 +01:00
Manuel Pégourié-Gonnard
37d41c79b8 Add ChangeLog entry for DTLS Connection ID 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-29 10:20:15 +01:00
Andrzej Kurek
a6ab9d8b12 Add a changelog entry explaining usage of PSA in TLS 1.2 EC J-PAKE 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-11-28 03:55:27 -05:00
Gilles Peskine
898db6b8e5 Move ssl_debug_helpers_generated to the correct library 
This is a private interface only, so it's an ABI change but not an API change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-26 14:15:32 +01:00
Dave Rodgman
bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0 
Fix NULL+0 undefined behavior in PSA crypto ECB
 2022-11-25 17:07:46 +00:00
Bence Szépkúti
6e85673e8d
Merge pull request #3431 from naynajain/development-pkcs7 
PKCS7 Parser - RFC 2315
 2022-11-25 15:55:46 +01:00
Dave Rodgman
f1419dbbe8
Merge pull request #6381 from tom-cosgrove-arm/pr2164 
mbedtls: fix possible false success in mbedtls_cipher_check_tag()
 2022-11-25 10:55:10 +00:00
Bence Szépkúti
12269e27b1 Add changelog for PKCS7 parser 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-11-25 05:51:40 +01:00
Manuel Pégourié-Gonnard
fecc6b2fe4 Minor tune-up to ChangeLog & documentation 
- fix a recurring typo
- use clearer names

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-24 09:40:12 +01:00
Gilles Peskine
42649d9270 Fix NULL+0 undefined behavior in ECB encryption and decryption 
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-23 14:16:52 +01:00