TRodziewicz
c1c479fbe9
Fllow-up of the review: ChangeLog expansion, mmigration guides added and comments fixed
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-06 00:53:22 +02:00
Gilles Peskine
275b9b2ef4
Merge pull request #4402 from mpg/migration-guide-3.0
...
Migration guide for 3.0
2021-05-05 14:30:39 +02:00
Ronald Cron
98d00d06a0
Merge pull request #4426 from ronald-cron-arm/remove-enable-weak-ciphersuites
...
Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option
2021-05-04 17:20:36 +02:00
Ronald Cron
d5d04962ef
Add change log and migration guide
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-05-04 15:59:10 +02:00
Manuel Pégourié-Gonnard
759f551010
Add a missing ChangeLog entry
...
Was missed in https://github.com/ARMmbed/mbedtls/pull/4324
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 11:35:08 +02:00
Gilles Peskine
59d97a16d6
Merge pull request #4437 from gilles-peskine-arm/aes2crypt-removal-2.x
...
Remove the sample program aescrypt2
2021-04-30 11:15:22 +02:00
TRodziewicz
85dfc4de20
Applying current changes
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-30 00:07:04 +02:00
TRodziewicz
18efb73743
Remove deprecated functions and constants.
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-29 23:12:19 +02:00
Ronald Cron
1a85d3b122
Merge pull request #4146 from stevew817/allow_skipping_3des_cmac_when_alt
...
Allow CMAC self-test to skip tests for unsupported primitives (2)
2021-04-29 16:04:39 +02:00
Gilles Peskine
85f023b007
Merge pull request #3950 from gilles-peskine-arm/dhm_min_bitlen-bits
...
Enforce dhm_min_bitlen exactly
2021-04-29 14:55:30 +02:00
Dave Rodgman
c86f330aed
Merge pull request #3777 from hanno-arm/x509-info-optimization_rebased
...
Reduce ROM usage due to X.509 info
2021-04-28 17:31:55 +01:00
Gilles Peskine
e67665ca20
Merge pull request #4006 from chris-jones-arm/development
...
Add macro to check error code additions/combinations
2021-04-28 16:47:29 +02:00
Tomasz Rodziewicz
e66f49c3ce
Merge branch 'development_3.0' into change_config_h_defaults
2021-04-28 16:37:27 +02:00
Gilles Peskine
98b3cd6b23
Remove the sample program aescrypt2
...
The sample program aescrypt2 shows bad practice: hand-rolled CBC
implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key
stretching, no algorithm agility. The new sample program pbcrypt does
the same thing, but better. So remove aescrypt2.
Fix #1906
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-28 15:57:30 +02:00
Gilles Peskine
2c8041d6df
Merge pull request #4433 from bensze01/psa_aead_output_size
...
[development] PSA: Update AEAD output buffer macros to PSA API version 1.0
2021-04-28 13:30:40 +02:00
Bence Szépkúti
da95ef9ae0
Remove PSA AEAD output size compatibility macros
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-28 10:01:20 +02:00
Ronald Cron
3e7481e6a2
Merge pull request #4219 from stevew817/fix_missing_parenthesis
...
Add missing parenthesis when MBEDTLS_ECP_NORMALIZE_MXZ_ALT is declared
@mpg comment has been addressed thus this can be merged.
2021-04-28 08:35:00 +02:00
Hanno Becker
54dcf5e6c9
Add ChangeLog entry
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:20:56 +01:00
Dave Rodgman
0c37b4f826
Improve changelog entry for #4217
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-27 17:01:24 +01:00
Bence Szépkúti
58d8518eb1
Update changelog
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-27 04:41:43 +02:00
Dave Rodgman
12f93f4fc2
Merge pull request #4407 from ARMmbed/dev3_signoffs
...
Merge development_3.0 into development
2021-04-26 19:48:16 +01:00
TRodziewicz
87bfa20f1c
Removing trailing space from ChangeLog file
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-26 20:08:53 +02:00
Dave Rodgman
10ba553c2e
Update Changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-26 16:23:22 +01:00
Dave Rodgman
ddb8ea6847
Fix Changelog entry
...
Rename a Changelog.d file, so that it gets picked up as expected by
scripts/assemble_changelog.py.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-26 16:23:21 +01:00
Dave Rodgman
a00e8502c9
Documentation updates for Mbed TLS 3.0
...
Update documentation to reflect the branch changes.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-26 16:23:21 +01:00
TRodziewicz
ede3085563
Add ChangeLog file and fix comment in config.h
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-26 15:44:25 +02:00
Ronald Cron
b5939e814e
Merge pull request #4160 from stevew817/feature/driver_builtin_keys
...
Add implementation for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
Merging as it has been ready for four days now and I prefer not having to go through other rebases especially given the coming change of scope of development (3.0 rather than 2.2x).
2021-04-23 09:40:31 +02:00
Steven Cooreman
894b9c4635
Add documentation for change in CMAC self-test behaviour
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-23 08:19:43 +02:00
Tomasz Rodziewicz
9a97a13d3e
Merge branch 'development_3.0' into remove_depr_error_codes
2021-04-22 12:53:15 +02:00
Manuel Pégourié-Gonnard
f6b677ea98
Merge pull request #4349 from mpg/apply-4334-3.0
...
Apply 4334 to development-3.0
2021-04-22 12:42:40 +02:00
Tomasz Rodziewicz
7bdbc45275
Update issue4283.txt
...
Corrections in the ChangeLog file after a review.
2021-04-21 16:50:15 +02:00
Tomasz Rodziewicz
d6c246f5bf
Merge branch 'development_3.0' into remove_depr_error_codes
2021-04-21 12:31:43 +02:00
Mateusz Starzyk
f9c7b3eb11
Remove PKCS#11 library wrapper.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-21 11:05:00 +02:00
Manuel Pégourié-Gonnard
1cc91e7475
Merge pull request #4366 from gilles-peskine-arm/development_3.0-merge_2.x-20210419
...
Merge development 2.x into 3.0 (Apr 19)
2021-04-19 13:08:48 +02:00
Manuel Pégourié-Gonnard
16529bd439
Merge pull request #4344 from TRodziewicz/remove_deprecated_things_in_crypto_compat_h
...
Remove deprecated things from crypto_compat.h and dependent tests.
2021-04-19 10:55:21 +02:00
Gilles Peskine
ee259130e4
Merge branch 'development' into development_3.0
...
Conflicts:
* visualc/VS2010/mbedTLS.vcxproj: resolved by re-generating the file
with scripts/generate_visualc_files.pl.
2021-04-19 10:51:59 +02:00
Manuel Pégourié-Gonnard
0bbb38c67e
Merge pull request #4199 from TRodziewicz/mul_shortcut_fix
...
Fix ECDSA failing when the hash is all-bits-zero
2021-04-19 09:54:12 +02:00
Mateusz Starzyk
bf4c4f9cd5
Reword changelog entry for removal of SHA-1
...
from the default TLS configuration.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-16 18:39:10 +02:00
Mateusz Starzyk
a58625f90d
Remove optional SHA-1 in the default TLS configuration.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-16 18:39:10 +02:00
Mateusz Starzyk
a17fb8eac8
Fix line lenghts in changelog entry for removal of old TLS features.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-16 10:32:17 +02:00
Gilles Peskine
295fc13ef3
Split mbedtls_gcm_update_ad out of mbedtls_gcm_starts
...
The GCM interface now has separate functions to start the operation
and to pass the associated data.
This is in preparation for allowing the associated data to be passed
in chunks with repeatated calls to mbedtls_gcm_update_ad().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-15 21:34:33 +02:00
Gilles Peskine
a56c448636
Add output length parameters to mbedtls_gcm_update
...
Alternative implementations of GCM may delay the output of partial
blocks from mbedtls_gcm_update(). Add an output length parameter to
mbedtls_gcm_update() to allow such implementations to delay the output
of partial blocks. With the software implementation, there is no such
delay.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-15 21:34:33 +02:00
Gilles Peskine
9461e45a17
Add output parameter to mbedtls_gcm_finish
...
Alternative implementations of GCM may delay the output of partial
blocks from mbedtls_gcm_update(). Add an output parameter to
mbedtls_gcm_finish() to allow such implementations to pass the final
partial block back to the caller. With the software implementation,
this final output is always empty.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-15 18:41:38 +02:00
Gilles Peskine
441907ec30
Remove alignment requirement for mbedtls_gcm_update: documentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-15 18:41:38 +02:00
Bence Szépkúti
8072db2fcb
Add changelog
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 17:32:16 +02:00
Steven Cooreman
5be864f645
Add changelog for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Mateusz Starzyk
c301bd56f0
Merge branch 'development_3.0' into drop_old_tls_options
2021-04-15 13:55:20 +02:00
Mateusz Starzyk
4222682672
Uniformize ChangeLog entries.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-15 13:34:04 +02:00
TRodziewicz
720b659ea1
Changelog added
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-15 12:35:05 +02:00
Manuel Pégourié-Gonnard
247745ffc4
Revert "Changelog added"
...
This reverts commit 0961e3db49
.
This was merged by mistake in development instead of development_3.0.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-15 12:27:04 +02:00
Chris Jones
fdb588b3a7
Fix an incorrect error code addition in pk_parse_key_pkcs8_unencrypted_der
...
An incorrect error code addition was spotted by the new invasive testing
infrastructure whereby pk_get_pk_alg will always return a high level
error or zero and pk_parse_key_pkcs8_unencrypted_der will try to add
another high level error, resulting in a garbage error code.
Apply the same fix from ae3741e8a
to fix the bug.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-15 11:19:56 +01:00
Manuel Pégourié-Gonnard
c039514559
Merge pull request #4334 from TRodziewicz/origin/remove_old_func_from_hashing
...
Remove deprecated things from hashing modules
2021-04-15 10:13:32 +02:00
TRodziewicz
06fe88e672
Changelog added.
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-13 23:22:25 +02:00
TRodziewicz
29fd277f36
New line added at the end of the Changelog file.
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-13 18:13:02 +02:00
TRodziewicz
53423c097e
Changelog added
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-13 16:27:43 +02:00
TRodziewicz
0961e3db49
Changelog added
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-12 17:19:43 +02:00
Gilles Peskine
8f28c24b4a
Explain the problem in more concrete terms
...
Don't try to make the reader guess what a “negative zero” might mean.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-09 20:20:26 +02:00
Gilles Peskine
fd4fab0b24
mbedtls_mpi_read_string("-0") no longer produces a "negative zero"
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-09 17:13:15 +02:00
TRodziewicz
40de3c99c0
Fix Changelog, add separate test functions for hash of all-zero bits
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-07 19:16:18 +02:00
Dave Rodgman
bd069163be
Fix line lengths in changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-07 16:38:31 +01:00
Dave Rodgman
73e3e2cb1a
Merge remote-tracking branch 'origin/development' into development_new
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Conflicts:
include/mbedtls/check_config.h: nearby edits
library/entropy.c: nearby edits
programs/random/gen_random_havege.c: modification vs. removal
programs/ssl/ssl_test_lib.h: nearby edits
programs/test/cpp_dummy_build.cpp: nearby edits
visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
regenerated with scripts/generate_visualc_files.pl
2021-04-07 16:31:09 +01:00
Gilles Peskine
7bc6a3749c
Merge pull request #3183 from meuter/development
...
RSA PSS signature generation with the option to specify the salt length
2021-04-06 21:36:06 +02:00
TRodziewicz
5feb6702dd
Fix the Changelog and extend tests to cover the hash of all-bits zero
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-06 19:56:42 +02:00
Gilles Peskine
889828d0b4
Merge pull request #4279 from ronald-cron-arm/fix-invalid-id-error-code
...
Fix error code when creating/registering a key with invalid id
2021-04-06 18:46:30 +02:00
Ronald Cron
602f986511
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:55:04 +02:00
Gilles Peskine
e8a2fc8461
Enforce dhm_min_bitlen exactly, not just the byte size
...
In a TLS client, enforce the Diffie-Hellman minimum parameter size
set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
minimum size was rounded down to the nearest multiple of 8.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-01 14:20:03 +02:00
Ronald Cron
2af9641a7d
Merge pull request #4198 from maulik-arm/maulik-arm/fix-4162
...
PSA Update return code for non-existing key in various key operations
2021-04-01 13:27:31 +02:00
Maulik Patel
f41be14269
Add Change log entry for bug fix.
...
Signed-off-by: Maulik Patel <Maulik.Patel@arm.com>
2021-04-01 10:01:32 +01:00
Gilles Peskine
bf792e0a82
Merge pull request #3616 from militant-daos/bug_3175
...
Fix premature fopen() call in mbedtls_entropy_write_seed_file
2021-03-30 17:33:08 +02:00
Steven Cooreman
a71e369f2d
Add changelog entry for #4217
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-29 15:46:55 +02:00
Manuel Pégourié-Gonnard
4dfb83c0d7
Merge pull request #4164 from chris-jones-arm/move-internal-headers
...
Unify internal headers in library/
2021-03-29 11:18:54 +02:00
Chris Jones
8d2bc90b4e
Add changelog entry for alt implementors
...
Files available for use by alt implementations have been moved and renamed
so alt implementators should be told about the changes specific to them.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-19 15:17:23 +00:00
Chris Jones
d02f4c2e44
Reword move_internal_headers changelog entry
...
Reword the changelog entry to tailor it for users of the library as
opposed to developers of the library.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-19 15:15:18 +00:00
TRodziewicz
782a7eab14
ecjpake_zkp_read() now returns ...BAD_INPUT_DATA when r len == 0 and test follows that
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-03-17 11:36:31 +01:00
Mateusz Starzyk
1aec64642c
Remove certs module from mbedtls.
...
Certs will be used only by tests and programs.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 15:51:25 +01:00
Mateusz Starzyk
e204dbf272
Drop support for MBEDTLS_SSL_HW_RECORD_ACCEL.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:49:54 +01:00
Mateusz Starzyk
7e37338dda
Drop single-DES ciphersuites.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:49:54 +01:00
Mateusz Starzyk
5224e29f0e
Drop support for RC4 TLS ciphersuites.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:49:54 +01:00
Mateusz Starzyk
a3a9984a5d
Drop support for TLS record-level compression.
...
Remove option MBEDTLS_ZLIB_SUPPORT.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:49:51 +01:00
Mateusz Starzyk
2012ed7560
Drop support for compatibility with our own previous buggy implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT).
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:19:09 +01:00
Mateusz Starzyk
06b07fb839
Drop support for SSLv3.
...
Remove options: MBEDTLS_SSL_MINOR_VERSION_0 and
MBEDTLS_SSL_PROTO_SSL3).
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:19:05 +01:00
Ryan LaPointe
59244e87e1
Actually use the READ_TIMEOUT_MS in the sample DTLS client and server
...
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
2021-03-15 16:43:08 -04:00
Mateusz Starzyk
9e9ca1a738
Drop support for parsing SSLv2 ClientHello.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-15 11:40:28 +01:00
Dave Rodgman
e483a77c85
Merge pull request #816 from ARMmbed/development
...
Merge recent commits from development into 2.26.0-rc
2021-03-12 16:55:26 +00:00
Chris Jones
ca38fabf0c
Add move_internal_headers changelog
...
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-12 09:57:26 +00:00
Paul Elliott
9907e2c334
Improve wording of ChangeLog entry
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:14:10 +00:00
Paul Elliott
3949065aef
Fix incorrect case in changelog entry
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott
6f21e11265
Add Changelog entry
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
paul-elliott-arm
0135516d55
Merge pull request #4203 from paul-elliott-arm/memsan_fix_build
...
Fix memsan build with Clang 11
2021-03-09 16:31:31 +00:00
Dave Rodgman
74755e484c
Update Changelog for 2.26.0
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-08 18:35:44 +00:00
Dave Rodgman
b4fe1053e4
Add missing changelog entry
...
Add missing changelog entry for 3698: Mark basic constraints critical
as appropriate.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-08 18:34:24 +00:00
Dave Rodgman
2d83ac100d
Add a missing changelog entry
...
Add a missing changelog entry for #3996 : Allow loading external wrapped
keys.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-08 18:34:16 +00:00
Dave Rodgman
5cce6a24d0
Merge branch 'development-restricted' into mbedtls-2.26.0-rc
2021-03-08 17:01:24 +00:00
Gilles Peskine
e252868be4
Merge pull request #4067 from stevew817/feature/allow_multilength_aead
...
Add support for key policies (MAC & AEAD)
2021-03-08 15:04:17 +01:00
Paul Elliott
fb91a48616
Fix memsan build with clang 11
...
Memsan build was reporting a false positive use of uninitialised memory
in x509_crt.c on a struct filled by an _stat function call. According to
the man pages, the element reported has to be filled in by the call, so
to be safe, and keep memsan happy, zero the struct first.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-05 14:24:03 +00:00
TRodziewicz
9edff740e1
Fix EC J-PAKE failing when the payload is all-bits-zero
...
Fix function mbedtls_ecp_mul_shortcuts() to skip multiplication when m
is 0 and simply assignt 0 to R. Additionally fix ecjpake_zkp_read() to
return MBEDTLS_ERR_ECP_INVALID_KEY when the above condintion is met.
Fix #1792
Signed-off-by: TRodziewicz <rodziewicz@gmail.com>
2021-03-04 18:19:48 +01:00
Paul Elliott
a5dce14291
Fixup changelog formatting
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:24:57 +00:00
Mateusz Starzyk
7d48b28218
Remove 1.3 to 2.0 transition helpers files.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-03 11:00:34 +01:00
Steven Cooreman
7de9e2db1f
Language / verbiage fixes
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
5d81481a1c
Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
# Conflicts:
# include/psa/crypto_values.h
# tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman
caad49316b
rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
ee18b1f5a4
Style and language updates after review
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
b3ce8156ce
Add support for minimum-tag-length AEAD and MAC policies
...
Includes tests.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
# Conflicts:
# include/psa/crypto_values.h
# tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
Gilles Peskine
ddf4374879
Fix stack buffer overflow in net functions with large file descriptor
...
Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout() when given a file descriptor that is beyond
FD_SETSIZE. The bug was due to not checking that the file descriptor
is within the range of an fd_set object.
Fix #4169
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-25 15:56:48 +01:00
Paul Elliott
b4e4bfdd00
Add Changelog entry
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-25 10:47:56 +00:00
Gilles Peskine
b15832160b
Make entropy double-free work
...
Although the library documentation does not guarantee that calling
mbedtls_entropy_free() twice works, it's a plausible assumption and it's
natural to write code that frees an object twice. While this is uncommon for
an entropy context, which is usually a global variable, it came up in our
own unit tests (random_twice tests in test_suite_random).
Announce this in the same changelog entry as for RSA because it's the same
bug in the two modules.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 11:27:03 +01:00
Gilles Peskine
4337a9cb18
Document mutex usage for RSA
...
The mutex is now initialized iff ver != 0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
1226ecef01
Changelog entry for RSA mutex usage fix
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
71edf749e1
Changelog entry for DRBG mutex usage fix
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Dave Rodgman
d6ee36ed04
Merge pull request #4110 from gilles-peskine-arm/psa-external-random-in-mbedtls
...
Expose the PSA RNG in mbedtls
2021-02-22 14:47:29 +00:00
Gilles Peskine
d548d964db
Clarify where mbedtls_psa_get_random might be useful
...
Also fix some typos.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:46:06 +01:00
Gilles Peskine
e3ed802138
Expose mbedtls_psa_get_random()
...
Expose whatever RNG the PSA subsystem uses to applications using the
mbedtls_xxx API.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:39:48 +01:00
Gilles Peskine
bb86d0c61c
Merge pull request #3995 from stevew817/feature/psa_configurable_static_ram_usage
...
Allow tweaking PSA_KEY_SLOT_COUNT
2021-02-16 12:52:24 +01:00
Manuel Pégourié-Gonnard
baf4fc8c87
Merge pull request #4115 from mstarzyk-mobica/const_changelog
...
Add changelog for applying missing const attributes to the API.
2021-02-16 10:46:17 +01:00
Manuel Pégourié-Gonnard
495ef98b24
Merge pull request #3976 from devnexen/fbsd_dfly_upd
...
Implements getrandom's wrapper for handful of BSD.
2021-02-16 09:41:55 +01:00
Steven Cooreman
863470a5f9
Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 14:26:44 +01:00
David Carlier
4971c3fce7
Changelog entry.
...
Signed-off-by: David Carlier <devnexen@gmail.com>
2021-02-15 13:13:13 +00:00
Steven Cooreman
7976574f82
Allow tweaking PSA_KEY_SLOT_COUNT
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 13:58:27 +01:00
Gilles Peskine
59ad77032f
Merge pull request #4131 from paul-elliott-arm/fix_crypto_leak
...
Fix memory leak in error case in psa_crypto
2021-02-15 11:38:13 +01:00
Ronald Cron
5cd00d28bf
Merge pull request #4092 from ronald-cron-arm/psa-crypto-client
...
Psa crypto client
2021-02-15 10:46:35 +01:00
Paul Elliott
d17062e6bf
Correct english in changelog.
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-12 14:48:16 +00:00
Mateusz Starzyk
b22a31f805
Add changelog for applying missing const attributes to the API.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-02-11 17:13:12 +01:00
Mateusz Starzyk
0fdcc8eee9
Remove Havege module.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-02-11 14:17:07 +01:00
Bence Szépkúti
a63b20d28b
Rename AEAD tag length macros
...
This brings them in line with PSA Crypto API 1.0.0
PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
PSA_ALG_AEAD_WITH_TAG_LENGTH -> PSA_ALG_AEAD_WITH_SHORTENED_TAG
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-11 11:39:31 +01:00
Paul Elliott
da3e7db495
Fix memory leak in error case in psa_crypto
...
In psa_generate_derived_key_internal() an error case was returning
directly rather than jumping to the exit label, which meant that an
allocated buffer would not be free'd.
Found via coverity.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-09 19:03:47 +00:00
Ronald Cron
07907ae84e
Add change log entry
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-09 15:36:14 +01:00
Gilles Peskine
2fa6b5f503
ECC import: more useful choice of INVALID_ARGUMENT vs NOT_SUPPORTED
...
Attempting to create an ECC key with a curve specification that is not
valid can plausibly fail with PSA_ERROR_INVALID_ARGUMENT ("this is not
a curve specification at all") or PSA_ERROR_NOT_SUPPORTED ("this may
be a curve specification, but not one I support"). The choice of error
is somewhat subjective.
Before this commit, due to happenstance in the implementation, an
attempt to use a curve that is declared in the PSA API but not
implemented in Mbed TLS returned PSA_ERROR_INVALID_ARGUMENT, whereas
an attempt to use a curve that Mbed TLS supports but for which support
was disabled at compile-time returned PSA_ERROR_NOT_SUPPORTED. This
inconsistency made it difficult to write negative tests that could
work whether the curve is implemented via Mbed TLS code or via a
driver.
After this commit, any attempt to use parameters that are not
recognized fails with NOT_SUPPORTED, whether a curve with the
specified size might plausibly exist or not, because "might plausibly
exist" is not something Mbed TLS can determine.
To keep returning INVALID_ARGUMENT when importing an ECC key with an
explicit "bits" attribute that is inconsistent with the size of the
key material, this commit changes the way mbedtls_ecc_group_of_psa()
works: it now works on a size in bits rather than bytes, with an extra
flag indicating whether the bit-size must be exact or not.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 18:43:26 +01:00
Janos Follath
6a32ad83e3
Merge pull request #4094 from d-otte/development
...
wrong RSA_PRV_DER_MAX_BYTES for odd MBEDTLS_MPI_MAX_SIZE
2021-02-02 16:15:07 +00:00
Daniel Otte
da43d78017
adjusting Changelog entry for PR #4094
...
Signed-off-by: Daniel Otte <d.otte@wut.de>
2021-02-02 12:38:26 +01:00
Daniel Otte
21cbe4a494
adding entry file to ChangeLog.d for PR4094
...
Signed-off-by: Daniel Otte <d.otte@wut.de>
2021-02-01 18:47:22 +01:00
Gilles Peskine
c8a9177110
mbedtls_mpi_sub_abs: fix buffer overflow in error case
...
Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
|A| - |B| where |B| is larger than |A| and has more limbs (so the
function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE).
Fix #4042
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 17:28:03 +01:00
Gilles Peskine
53943ca434
Merge pull request #3992 from stevew817/feature/ecp_no_fallback
...
Add a flag for disabling software fallback in ecp.c
2021-01-29 16:08:51 +01:00
Ronald Cron
318515b384
Merge pull request #3984 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size_renames
...
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0
2021-01-29 09:31:59 +01:00
gabor-mezei-arm
47278ee8f8
Add changelog entry
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-21 14:03:57 +01:00
Steven Cooreman
6226a12acc
Documentation update for MBEDTLS_ECP_NO_FALLBACK
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-21 13:58:31 +01:00
Cédric Meuter
ff3db6a5cf
Removed trailing whitespace
...
Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
2021-01-10 15:40:33 +01:00
Cédric Meuter
ad27fb03b5
Added changelog entry
...
Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
2021-01-10 13:33:14 +01:00
Steven Cooreman
97b4984657
Add a flag for disabling fallback in ecp.c
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-08 16:43:43 +01:00
Gilles Peskine
ae3741e8a4
Fix an incorrect error code if RSA private operation glitched
...
mbedtls_rsa_private() could return the sum of two RSA error codes
instead of a valid error code in some rare circumstances:
* If rsa_prepare_blinding() returned MBEDTLS_ERR_RSA_RNG_FAILED
(indicating a misbehaving or misconfigured RNG).
* If the comparison with the public value failed (typically indicating
a glitch attack).
Make sure not to add two high-level error codes.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine
a51e1dbe76
Merge pull request #3895 from gilles-peskine-arm/psa-external-random
...
Alternative random generator support for PSA
2021-01-06 17:09:11 +01:00
Manuel Pégourié-Gonnard
75fdd0640f
Merge pull request #3973 from stroebeljc/development
...
Fixed seed variable concatenation pointer.
2021-01-06 10:07:52 +01:00
stroebeljc
03ee3834a0
Updated change description as suggested by @gilles-peskine-arm.
...
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-05 11:28:30 -06:00
Gilles Peskine
73d783244f
Merge pull request #3969 from frestr/bugfix/psa_close_key_leak
...
PSA Crypto: Don't skip key data removal when SE driver is not in use
2021-01-05 16:55:52 +01:00
stroebeljc
e67ba98581
Fixed verb tense in change log.
...
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-04 18:19:29 -06:00
stroebeljc
2b50d78972
Fixed incorrect change log formatting.
...
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-04 18:17:35 -06:00
stroebeljc
d4de1b5d4e
Updated per comments from @gilles-peskine-arm.
...
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-04 18:14:32 -06:00
ENT\stroej1
6a5f10cdc7
Added ChangeLog entry for related issue.
...
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-24 12:39:13 -06:00
Fredrik Strupe
462aa575a4
PSA Crypto: Don't skip key data removal when SE driver is not in use
...
Closing a wrapped key with the new SE driver interface while
MBEDTLS_PSA_CRYPTO_SE_C is also enabled leads to the key material not
being freed, even though an old SE driver is not in use, leading to a
memory leak. This is because a wrapped key is also considered external.
This commit extends the check for skipping by checking whether an
old-style SE driver is registered with the provided slot, in addition to
checking whether the key is external.
Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
2020-12-17 11:05:36 +01:00
Bence Szépkúti
0bd9d226bc
Add Changelog entry
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-16 15:02:50 +01:00
Janos Follath
7ac5fd1861
Assemble ChangeLog
...
Executed scripts/assemble_changelog.py.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:03:46 +00:00