Commit graph

693 commits

Author SHA1 Message Date
Przemyslaw Stekiel
73142dfb98 Add change-log: fix-mbedtls_cipher_crypt-aes-ecb.txt
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-09-30 13:14:20 +02:00
Ronald Cron
cd51e76583
Merge pull request #4338 from paul-elliott-arm/psa-m-aead
Implement multipart PSA AEAD
2021-09-29 22:48:33 +02:00
Andrzej Kurek
5902cd64e2 Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
This option only gated an ability to set a callback,
but was deemed unnecessary as it was yet another define to
remember when writing tests, or test configurations. Fixes #4653.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 10:15:42 -04:00
gabor-mezei-arm
6565ea0739
Add changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 17:11:47 +02:00
Gilles Peskine
9a7d4c2734 New configuration option MBEDTLS_CHECK_RETURN_WARNING
MBEDTLS_CHECK_RETURN_TYPICAL defaults off, but is enabled if
MBEDTLS_CHECK_RETURN_WARNING is enabled at compile time.
(MBEDTLS_CHECK_RETURN_CRITICAL is always enabled.)

The default is off so that a plausible program that builds with one version
of Mbed TLS in the default configuration will still build under the next
version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 19:15:56 +02:00
Gilles Peskine
ea59237370 Move changelog entry to the appropriate directory
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 19:15:56 +02:00
Gilles Peskine
aafb21f320
Merge pull request #4968 from davidhorstmann-arm/fix-aarch64-asm-constraints
Fix aarch64 assembly for bignum multiplication
2021-09-27 09:01:15 +02:00
David Horstmann
7500a0e1ea Combine changelog entries for muladdc assembly fix
Combine the changelog entries for the memory constraints fix on
aarch64 and amd64, since these are essentially fixing the same
issue.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-09-24 15:18:44 +01:00
Paul Elliott
71b0567c87 Merge remote-tracking branch 'upstream/development' into psa-m-aead-merge
Also fiixed the following merge problems:

crypto_struct.h   : Added MBEDTLS_PRIVATE to psa_aead_operation_s
                    members (merge conflict)
psa_crypto_aead.c : Added ciphertext_length to mbedtls_gcm_finish
                    call (change of API during development)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-24 11:18:13 +01:00
joseph
6113af68c5 Fix test code to can be built on alpine
Signed-off-by: joseph <joseph@jc-lab.net>
2021-09-24 09:21:29 +09:00
David Horstmann
11c81df707 Fix aarch64 assembly for bignum multiplication
Add memory constraints to the aarch64 inline assembly in MULADDC_STOP.
This fixes an issue where Clang 12 and 13 were generating
non-functional code on aarch64 platforms. See #4962, #4943
for further details.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-09-22 18:31:35 +01:00
Gilles Peskine
f0f2294f57
Merge pull request #4708 from mstarzyk-mobica/ccm_chunked
Ccm chunked - enable multipart CCM in PSA
2021-09-21 13:46:52 +02:00
Gilles Peskine
5b1df10470 Update the list of issues fixed
This had actually been reported multiple times.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-15 17:07:21 +02:00
Gilles Peskine
d337fbc4cb x86_64 MULADDC assembly: add missing constraints about memory
MULADDC_CORE reads from (%%rsi) and writes to (%%rdi). This fragment is
repeated up to 16 times, and %%rsi and %%rdi are s and d on entry
respectively. Hence the complete asm statement reads 16 64-bit words
from memory starting at s, and writes 16 64-bit words starting at d.

Without any declaration of modified memory, Clang 12 and Clang 13 generated
non-working code for mbedtls_mpi_mod_exp. The constraints make the unit
tests pass with Clang 12.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-15 15:51:43 +02:00
Gilles Peskine
1716f32864 psa_cipher_update_ecb: remove parameter output_size
This parameter was set but not used, which was pointless. Clang 14 detects
this and legitimately complains.

Remove the parameter. This is an internal function, only called once. The
caller already has a sufficient check on the output buffer size which
applies in more cases, so there is no real gain in robustness in adding the
same check inside the internal function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-13 09:46:41 +02:00
Mateusz Starzyk
cbefb6ba4d Merge branch 'development' into ccm_chunked
Conflicts:
	library/ccm.c

Conflict resolved by re-applying the MBEDTLS_BYTE_0 macro.
Conflict resolved by ignoring the MBEDTLS_PUT_UINT16_BE macro
used in development branch on the 'b' buffer, because the 'b'
buffer is removed in current branch.
2021-08-24 15:14:23 +02:00
Mateusz Starzyk
3879c345ec Fix typo in the changelog for chunked CCM.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-23 10:56:06 +02:00
Gilles Peskine
7dd2f504b3 Allow configuring MBEDTLS_TLS_EXT_CID at compile time
The numerical identifier of the CID extension hasn't been settled yet
and different implementations use values from different drafts. Allow
configuring the value at compile time.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-12 10:31:01 +02:00
Mateusz Starzyk
de7a83da0d Add changelog for chunked CCM implementation.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Gilles Peskine
69813477b0
Merge pull request #4758 from paul-elliott-arm/fix_cipher_output_size
Fix divide by zero if macro used with wrong key type
2021-07-30 18:56:18 +02:00
Dave Rodgman
677c6c4cac
Merge pull request #4801 from hanno-arm/ssl_session_exported_private
Explicitly mark fields as private via MBEDTLS_PRIVATE(...)
2021-07-30 14:39:07 +01:00
Manuel Pégourié-Gonnard
06672ef771
Merge pull request #4776 from gilles-peskine-arm/generate_psa_tests-robutness-202107
Fix bugs around generate_psa_tests.py invocation from tests/Makefile
2021-07-29 09:58:19 +02:00
Gilles Peskine
3b9bea0757
Merge pull request #4750 from yutotakano/fix-reserved-identifier-clash
Replace reserved identifier clashes with suitable replacements
2021-07-22 16:20:56 +02:00
Hanno Becker
5d26efdea3 Add ChangeLog entry
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-07-22 11:37:05 +01:00
Paul Elliott
64df5f88c5 Add Changelog entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-14 12:39:54 +01:00
Archana
554e64e689
Add a changelog for Armmbed#4626
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-14 16:12:22 +05:30
Yuto Takano
ff58686e88 Add ChangeLog entry for reserved identifier replacments
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-14 10:25:57 +01:00
Gilles Peskine
8b427c851e Use python3 when building on non-Windows for Windows
The makefiles look for python3 on Unix-like systems where python is often
Python 2. This uses sh code so it doesn't work on Windows. On Windows, the
makefiles just assume that python is Python 3.

The code was incorrectly deciding not to try python3 based on WINDOWS_BUILD,
which indicates that the build is *for* Windows. Switch to checking WINDOWS,
which indicates that the build is *on* Windows.

Fix #4774

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 18:26:08 +02:00
Dave Rodgman
bb2eece7cf Create aggregated ChangeLog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 23:09:51 +01:00
Dave Rodgman
b1d1c2af73 Fix filename on Changelog item
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 22:51:28 +01:00
Dave Rodgman
34d8cd2892 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-3.0.0rc0-pr 2021-06-30 22:51:02 +01:00
Dave Rodgman
bd3bfbf5c2
Merge pull request #4737 from daverodgman/migration-guide 2021-06-30 21:31:53 +01:00
Dave Rodgman
9f5774f56d
Merge pull request #4739 from gabor-mezei-arm/3258_fp30_implement_one-shot_MAC_and_cipher
Implement one-shot cipher
2021-06-30 17:04:23 +01:00
Dave Rodgman
0a7ff4a4e2
Merge pull request #4741 from gabor-mezei-arm/3267_fp30_sign_verify_key_policies
Key policy extension for PSA_KEY_USAGE_SIGN/VERIFY_HASH
2021-06-30 14:50:57 +01:00
Gilles Peskine
a481052407 Add migration guide and changelog entry for MBEDTLS_PRIVATE
We forgot those in #4511.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-30 11:06:40 +01:00
Dave Rodgman
dc1a3b2d70
Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0
Cleanup SSL error code space
2021-06-30 09:02:55 +01:00
gabor-mezei-arm
01e99083a5
Fix changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:00 +02:00
gabor-mezei-arm
9ca3ad7329
Add changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:48:59 +02:00
gabor-mezei-arm
52176f794a
Fix changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:07:00 +02:00
gabor-mezei-arm
6740c9de77
Add changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:59 +02:00
Dave Rodgman
4b60e0742b Improve Changelog wording
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 14:40:02 +01:00
Dave Rodgman
858894056d Improve changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 09:43:55 +01:00
Dave Rodgman
43fcb8d7c1 Address review feedback
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 08:57:19 +01:00
Ronald Cron
8682faeb09
Merge pull request #4694 from gilles-peskine-arm/out_size-3.0
Add output size parameter to signature functions
2021-06-29 09:43:17 +02:00
Bence Szépkúti
1b2a8836c4 Correct documentation references to Mbed TLS
Use the correct formatting of the product name in the documentation.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 10:37:19 +01:00
Bence Szépkúti
60c863411c Remove references to MBEDTLS_USER_CONFIG_VERSION
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
36da4ccc51 Update changelog and migration guide
This reflect changes to the config version symbols.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
8d9132f43c Fix typo
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
90b79ab342 Add migration guide and changelog
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Dave Rodgman
10bda58b49
Merge pull request #4259 from CJKay/cmake-config
Add CMake package config file
2021-06-25 20:32:13 +01:00
Janos Follath
cdfd73aa7f Add ChangeLog entry
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-25 13:43:59 +01:00
Ronald Cron
3698fa1043
Merge pull request #4673 from gilles-peskine-arm/psa_crypto_spm-from_platform_h
Fix and test the MBEDTLS_PSA_CRYPTO_SPM build
2021-06-25 09:01:08 +02:00
Gilles Peskine
f00f152444 Add output size parameter to signature functions
The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable()
now take an extra parameter indicating the size of the output buffer for the
signature.

No change to RSA because for RSA, the output size is trivial to calculate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-25 00:46:22 +02:00
Gilles Peskine
fedd52ca19
Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation
Require matching hashlen in RSA functions: implementation
2021-06-24 10:28:20 +02:00
Gilles Peskine
f06b92d724
Merge pull request #4567 from mstarzyk-mobica/gcm_ad
Enable multiple calls to mbedtls_gcm_update_ad
2021-06-23 19:36:23 +02:00
Ronald Cron
4f7cc1bb63
Merge pull request #4713 from gilles-peskine-arm/psa-storage-format-test-lifetimes-3.0
PSA storage format: test lifetimes
Almost straightforward of #4392 thus merging with only one approval.
2021-06-23 15:22:03 +02:00
Janos Follath
aa5938edb3
Merge pull request #4703 from gilles-peskine-arm/mpi_montmul-null-3.0
Fix several bugs with the value 0 in bignum
2021-06-23 13:40:14 +01:00
Gilles Peskine
6687cd07f3 Refuse to destroy read-only keys
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:44:35 +02:00
Gilles Peskine
87bc91c13b Forbid creating a read-only key
The persistence level PSA_KEY_PERSISTENCE_READ_ONLY can now only be used
as intended, for keys that cannot be modified through normal use of the API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
c9d86a05ce
Merge pull request #4665 from yanesca/issue-3990-fix_psa_verify_with_alt
Fix PSA RSA PSS verify with ALT implementations
2021-06-23 11:47:38 +02:00
Paul Elliott
2007d70a5a Improve changelog
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-23 09:59:14 +01:00
Manuel Pégourié-Gonnard
92f387777d Merge branch 'development' into development-restricted
* development: (66 commits)
  Document the return type change in the migration guide
  Fix return type of example key export callbacks
  Add change log
  psa: mac: Add driver dispatch tests for psa_mac_verify
  psa: mac: Add driver delegation support for psa_mac_verify()
  psa: mac: Introduce psa_mac_compute_internal
  psa: mac: Add driver dispatch tests for psa_mac_compute
  psa: mac: Improve MAC finalization code
  psa: mac: Add driver delegation support for psa_mac_compute()
  psa: mac: Add MAC compute builtin implementation
  psa: mac: Improve implementation of psa_mac_finalize_alg_and_key_validation()
  psa: mac: Split psa_mac_setup()
  psa: mac: Re-organize psa_mac_setup() internal function
  Move export callback and context to the end of SSL context
  Improve ChangeLog wording for key export
  Remove return value from key export callback
  Make key export callback and context connection-specific
  Remove all occurrences of TLS < 1.2 PRF identifier
  Remote key export identifier used for TLS < 1.2.
  Add missing documentation for key export callback parameters
  ...
2021-06-23 09:04:42 +02:00
Gilles Peskine
e9bc857327
Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export
Implement modified key export API for Mbed TLS 3.0
2021-06-22 18:52:37 +02:00
Gilles Peskine
9dbbc297a3 PK signature function: require exact hash length
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 18:39:41 +02:00
Gilles Peskine
34bfa15b21 Changelog entry for the mbedtls_mpi_read_xxx changes
mbedtls_mpi_read_binary{,_le} (in https://github.com/ARMmbed/mbedtls/pull/4276)
and mbedtls_mpi_read_string (in https://github.com/ARMmbed/mbedtls/pull/4644)
changed their behavior on an empty input from constructing an MPI object with
one limb to not allocating a limb. In principle, this change should be
transparent to applications, however it caused a bug in the library and it does
affect the value when writing back out, so list the change in the changelog.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
27253bc885 mbedtls_mpi_gcd: fix the case B==0
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:44:05 +02:00
Gilles Peskine
3008dde386 Changelog for the fix to mbedtls_mpi_exp_mod(A=0)
In Mbed TLS 2.26.0, the bug was hard to trigger, since all methods for
parsing a bignum (mbedtls_mpi_read_xxx functions) constructed an mbedtls_mpi
object with at least one limb.

In the development branch, after the commit
"New internal function mbedtls_mpi_resize_clear", this bug could be
triggered by a TLS server, by passing invalid custom Diffie-Hellman
parameters with G=0 transmitted as a 0-length byte string.

Since the behavior change in mbedtls_mpi_read_binary and
mbedtls_mpi_read_binary_le (constructing 0 limbs instead of 1 when passed
empty input) turned out to have consequences despite being in principle an
internal detail, mention it in the changelog.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:44:05 +02:00
Manuel Pégourié-Gonnard
e7885e5441 RSA: Require hashlen to match md_alg when applicable
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-22 12:29:27 +02:00
Gilles Peskine
36ff66c4b4
Merge pull request #4316 from gabor-mezei-arm/3258_implement_one-shot_MAC
Implement one-shot MAC
2021-06-22 12:18:25 +02:00
Manuel Pégourié-Gonnard
3e7ddb2bb6
Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0
Update the default hash and curve selection for X.509 and TLS
2021-06-22 12:08:37 +02:00
Manuel Pégourié-Gonnard
508d3a5824
Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext
Remove truncated HMAC extension
2021-06-22 11:53:10 +02:00
Manuel Pégourié-Gonnard
8aed60bdfb Merge branch 'development' into development-restricted
* development:
  Reword changelog - Test Resource Leak
  Fix improper spacing
  Update changelog formatting - Missing Free Context
  Update changlog formatting - Missing Free Context
  Update changelog formatting - Missing Free Context
  Changelog entry for Free Context in test_suite_aes fix
  Free context in at the end of aes_crypt_xts_size()
2021-06-22 10:36:06 +02:00
Dave Rodgman
8f2b66a39a
Merge pull request #4676 from JoeSubbiani/MissingContextFree-test_suite_aes.function
Add missing free context in at the end of aes_crypt_xts_size()
2021-06-22 09:24:08 +01:00
Manuel Pégourié-Gonnard
21efe44af3 Merge branch 'development' into development-restricted
* development: (236 commits)
  Changing the key length to 32 bytes in one of the PSA cipher setup tests
  Removal of RC4 certs and fixes to docs and tests
  Fix fd range for select on Windows
  Refactor file descriptor checks into a common function
  Removing global variable and moving variant function comment block
  Fix typo in doc'n of session resumption API
  Code review fixes
  Fix warning in some configurations
  Fix cmake build of fuzz_privkey
  Fix async support in ssl_server2
  Improve ChangeLog and migration guide entries
  Use a proper DRBG in programs
  Use the dedicated dummy_random in fuzzing programs
  Fix cmake build of programs
  Add ChangeLog and migration guide entries
  Simplify internal code
  Remove "internal RNG" code from ECP
  Remove config option MBEDTLS_ECP_NO_INTERNAL_RNG
  Add RNG params to private key parsing
  Add RNG parameter to check_pair functions
  ...
2021-06-22 10:20:48 +02:00
Manuel Pégourié-Gonnard
da1eab3c3f
Merge pull request #828 from mpg/rsa-lookup-restricted
Use constant-time look-up in modular exponentiation
2021-06-22 09:33:20 +02:00
Manuel Pégourié-Gonnard
ffafae4f51
Merge pull request #4687 from gilles-peskine-arm/winsock-fd-range-3.0
Fix net_sockets regression on Windows
2021-06-22 09:29:23 +02:00
Manuel Pégourié-Gonnard
a805d57261
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-22 09:27:41 +02:00
Joe Subbiani
08b5ab2b81 Reword changelog - Test Resource Leak
- “Fix an issue where X happens” → ”Fix X“
  the extra words are just a distraction.
- “resource” → “a resource”
- “where resource is never freed” has a name: it's a resource leak
- “when running one particular test suite” → “in a test suite”

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-06-21 16:50:51 +01:00
Janos Follath
3dd3ff0096 Add ChangeLog entry
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-21 10:39:36 +01:00
Ronald Cron
4d91bcd413 Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-21 09:58:10 +02:00
Gilles Peskine
a5dd7bded8 Fix fd range for select on Windows
Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with
MBEDTLS_ERR_NET_POLL_FAILED on Windows: they were testing that the file
descriptor is in range for fd_set, but on Windows socket descriptors are not
limited to a small range. Fixes #4465.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-20 23:14:36 +02:00
Joe Subbiani
e6ef5febfb Update changelog formatting - Missing Free Context
Missing trailing full stop added to the end of the fixed issue number

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-06-18 18:54:08 +01:00
Hanno Becker
1e1c23d768 Improve ChangeLog wording for key export
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Hanno Becker
7e6c178b6d Make key export callback and context connection-specific
Fixes #2188

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Hanno Becker
5a234e8718 Add ChangeLog entry
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Joe Subbiani
dc5660c4c0 Update changlog formatting - Missing Free Context
Trailing white space causing `check_files.py` to fail

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-06-18 17:40:54 +01:00
Manuel Pégourié-Gonnard
ae35830295
Merge pull request #4661 from mpg/make-blinding-mandatory
Make blinding mandatory
2021-06-18 18:32:13 +02:00
Dave Rodgman
8c8166a7f1
Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test
Move part of timing module out of the library
2021-06-18 16:35:58 +01:00
Joe Subbiani
487b4ae426 Update changelog formatting - Missing Free Context
The original formatting was in dos and the changelog
assembler would fail. The length of the description was
too long horizontally. This has been updated.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-06-18 15:37:21 +01:00
Joe Subbiani
26e8608fcb Changelog entry for Free Context in test_suite_aes fix
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-06-18 12:01:54 +01:00
Thomas Daubney
379227cc59 Modifies ChangeLog and Migration Guide
Entries in ChangeLog and Migration guide files
have been merged to cover both the removal of
MBEDTLS_SSL_TRUNCATED_HMAC and
MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-18 10:46:12 +01:00
Thomas Daubney
a42bf29b2c Modifies ChangeLog entry
Corrects wording in ChangeLog entry as
requested in review.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-18 09:13:53 +01:00
Gilles Peskine
b26696bafb Simplify mbedtls_debug_print_mpi and fix the case of empty bignums
Rewrite mbedtls_debug_print_mpi to be simpler and smaller. Leverage
mbedtls_mpi_bitlen() instead of manually looking for the leading
zeros.

Fix #4608: the old code made an invalid memory dereference when
X->n==0 (freshly initialized bignum with the value 0).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:29 +02:00
Gilles Peskine
b1940a76ad In TLS, order curves by resource usage, not size
TLS used to prefer larger curves, under the idea that a larger curve has a
higher security strength and is therefore harder to attack. However, brute
force attacks are not a practical concern, so this was not particularly
meaningful. If a curve is considered secure enough to be allowed, then we
might as well use it.

So order curves by resource usage. The exact definition of what this means
is purposefully left open. It may include criteria such as performance and
memory usage. Risk of side channels could be a factor as well, although it
didn't affect the current choice.

The current list happens to exactly correspond to the numbers reported by
one run of the benchmark program for "full handshake/s" on my machine.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:29 +02:00
Gilles Peskine
5752e599b3 Reduce the default ECP window size
MBEDTLS_ECP_WINDOW_SIZE is a compromise between memory usage (growing based
on the value) and performance (faster with larger values). There are
disminishing returns as the value grows larger. Based on Manuel's benchmarks
recorded in https://github.com/ARMmbed/mbedtls/issues/4127, 4 is a good
compromise point, with larger values bringing little advantage. So reduce
the default from 6 to 4.

Document the default value as in optimized for performance mostly, but don't
document the specific value, so we may change it later or make it
platform-dependent.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:29 +02:00
Gilles Peskine
3758fd6b79 Changelog entry and migration guide for hash and curve profile upgrades
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:14 +02:00
Gilles Peskine
e96c5854d0 Move the inclusion of crypto_spe.h to psa/crypto_platform.h
This makes it easier to ensure that crypto_spe.h is included everywhere it
needs to be, and that it's included early enough to do its job (it must be
included before any mention of psa_xxx() functions with external linkage,
because it defines macros to rename these functions).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 11:43:58 +02:00
Gilles Peskine
532327b429
Merge pull request #4576 from gilles-peskine-arm/psa_key_derivation-bad_workflow-20210527
PSA key derivation bad-workflow tests
2021-06-17 09:55:39 +02:00
Manuel Pégourié-Gonnard
8707259318 Improve ChangeLog and migration guide entries
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:41:00 +02:00
Manuel Pégourié-Gonnard
e6e51aab55 Add ChangeLog and migration guide entries
Merge part of the RSA entries into this one, as I think it's easier for
users to have all similar changes in one place regardless of whether
they were introduce in the same PR or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Thomas Daubney
22ecf49e9a Adds ChangeLog entry
Commit adds ChangeLog entry for removal of
MBEDTLS_SSL_TRUNCATED_HMAC.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-16 16:26:59 +01:00
Mateusz Starzyk
c1ec0b8959 Add changelog entry for chunked associated data in GCM.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-16 14:34:09 +02:00
TRodziewicz
15a7b73708 Documentation rewording
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 11:22:53 +02:00
TRodziewicz
8f91c721d3 Code review follow-up corrections
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:45 +02:00
TRodziewicz
7ff652ae53 Addition of ChangeLog and migration guide entry files.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:39 +02:00
Gilles Peskine
17575dcb03
Merge pull request #4629 from TRodziewicz/rename_functions_whose_deprecated_variants_have_been_removd
Rename the _ret() functions
2021-06-15 20:32:07 +02:00
TRodziewicz
9c90226df1 Addition of the migration guide and change log files
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-15 15:49:20 +02:00
Manuel Pégourié-Gonnard
8cad2e22fc
Merge pull request #4595 from gilles-peskine-arm/alt-dummy-headers-3.0
Lighten and test constraints on context types in alternative implementations
2021-06-15 12:12:46 +02:00
TRodziewicz
28a4a963fc Corrections to the docs wording and changes to aux scripts
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-15 00:18:32 +02:00
Gilles Peskine
f35c42bdb9 Document the remaining constraints on ALT context types
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:14:28 +02:00
Gilles Peskine
cd07e22048 New function mbedtls_ecjpake_set_point_format
Use this instead of accessing the field directly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:12:37 +02:00
Gilles Peskine
71acc6e8d9 New function mbedtls_dhm_get_value to copy a field of a DHM context
Reduce the need to break the DHM abstraction by accessing the context directly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:12:37 +02:00
Gilles Peskine
487bbf6805 DHM: new functions to query the length of the modulus
Add two functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() to
query the length of the modulus in bytes or bits.

Remove the len field: the cost of calling mbedtls_dhm_get_len() each time
it's needed is negligible, and this improves the abstraction of the DHM
module.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:12:37 +02:00
Gilles Peskine
a1b44dd808 Changelog entry for MBEDTLS_ECP_MAX_BITS automatic determination
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:10:37 +02:00
TRodziewicz
3946f79cab Correction according to code review (function and param. names change
and docs rewording)

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-14 13:46:21 +02:00
TRodziewicz
8476f2f30a Turn _SSL_SRV_RESPECT_CLIENT_PREFERENCE config option to a runtime option
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-14 11:56:20 +02:00
TRodziewicz
1fcd72e93c change log and migr. guide fixes and _DEPRECATED_REMOVED removed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-14 11:16:06 +02:00
Gilles Peskine
b1edaec18f Fix missing state check for tls12_prf output
Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive
about missing inputs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-11 22:41:46 +02:00
Ronald Cron
57864faf84
Merge pull request #4634 from Patater/mbed-can-do-timing
config: Allow Mbed to implement TIMING_C
2021-06-11 09:14:13 +02:00
Gilles Peskine
02b76b7d18
Merge pull request #4619 from TRodziewicz/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options
Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code
2021-06-10 17:43:36 +02:00
Manuel Pégourié-Gonnard
8323244ca3 Add ChangeLog entry about RSA side channel.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-10 13:30:07 +02:00
Jaeden Amero
197496af69 config: Allow Mbed to implement TIMING_C
Mbed OS now provides POSIX-like time functions, although not alarm() nor
signal(). It is possible to implement MBEDTLS_TIMING_ALT on Mbed OS, so
we should not artificially prevent this in check-config. Remove the the
check that prevents implementing MBEDTLS_TIMING_ALT on Mbed OS.

Note that this limitation originally was added in the following commit,
although there isn't much context around why the restriction was
imposed: 63e7ebaaa1 ("Add material for generating yotta module"). In
2015, Mbed OS was quite a different thing: no RTOS, no threads, just an
asynchronous event loop model. I'd suppose the asynchronous event loop
model made it difficult before to implement MBEDTLS_TIMING_C on Mbed OS,
but that is no longer the case.

Fixes #4633

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2021-06-09 13:47:27 +01:00
TRodziewicz
b8367380b1 Addition of the migration guide
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-09 13:31:42 +02:00
TRodziewicz
3ecb92e680 Remove _X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-09 13:28:16 +02:00
TRodziewicz
1e66642d68 Addition of change log and migration guide files.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-09 11:25:28 +02:00
Ronald Cron
6fe1bc3f24 Add change log and migration guide
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-08 14:11:19 +02:00
Manuel Pégourié-Gonnard
caa0e93f08
Merge pull request #4617 from daverodgman/cmake-version
Document minimum tool versions for 3.0
2021-06-08 11:38:03 +02:00
Manuel Pégourié-Gonnard
16fdab79a5
Merge pull request #4382 from hanno-arm/max_record_payload_api
Remove MFL query API and add API for maximum plaintext size of incoming records
2021-06-08 11:07:27 +02:00
Manuel Pégourié-Gonnard
dacd044938
Merge pull request #4516 from TRodziewicz/Remove__CHECK_PARAMS_option
Remove MBEDTLS_CHECK_PARAMS option
2021-06-08 09:30:48 +02:00
Gilles Peskine
8d4e32b888
Merge pull request #4522 from mpg/fix-ssl-cf-hmac-alt-dev
Fix misuse of MD API in SSL constant-flow HMAC
2021-06-07 20:53:33 +02:00
TRodziewicz
0730cd5d9e Merge branch 'development' into Remove__CHECK_PARAMS_option 2021-06-07 15:41:49 +02:00
TRodziewicz
442fdc22ea Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-07 13:52:23 +02:00
Manuel Pégourié-Gonnard
13a9776676 Editorial improvements
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-07 12:00:04 +02:00
Manuel Pégourié-Gonnard
3b5a7c198c Update ChangeLog and migration guide
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-07 11:13:34 +02:00
Dave Rodgman
f21e4621f8 Changelog entry for updated tool versions
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-07 09:18:50 +01:00
Chris Kay
d259e347e6 Add CMake package config file
This change enables automatic detection and consumption of Mbed TLS
library targets from within other CMake projects. By generating an
`MbedTLSConfig.cmake` file, consuming projects receive a more complete
view of these targets, allowing them to be used as dependencies which
properly inherit the transitive dependencies of the libraries.

This is fairly fragile, as it seems Mbed TLS's libraries do not appear
to properly model their dependencies on other targets, including
third-party dependencies. It is, however, sufficient for building and
linking the compiled Mbed TLS libraries when there are no third-party
dependencies involved. Further work is needed for more complex
use-cases, but this will likely meet the needs of most projects.

Resolves #298. Probably useful for #2857.

Signed-off-by: Chris Kay <chris.kay@arm.com>
2021-06-04 16:02:48 +01:00
Gilles Peskine
5b0589e9ab Fix non-constant-time comparison in mbedtls_mpi_random
Calling mbedtls_mpi_cmp_int reveals the number of leading zero limbs
to an adversary who is capable of very fine-grained timing
measurements. This is very little information, but could be practical
with secp521r1 (1/512 chance of the leading limb being 0) if the
adversary can measure the precise timing of a large number of
signature operations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-04 14:47:24 +02:00
Manuel Pégourié-Gonnard
0c1a42a147
Merge pull request #4611 from gilles-peskine-arm/random-range-uniformity-3.0
Fix non-uniform random generation in a range
2021-06-04 10:43:15 +02:00
Manuel Pégourié-Gonnard
f9f9cc217c
Merge pull request #4579 from tom-daubney-arm/rm_ecdh_legacy_context_config_option
Remove `MBEDTLS_ECDH_LEGACY_CONTEXT` config option
2021-06-04 10:02:59 +02:00
Gilles Peskine
9367f4b1d9 Add changelog entry for non-uniform MPI random generation
Fix #4245.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
fdc58c1e8b Changelog entry for adding mbedtls_mpi_random()
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Manuel Pégourié-Gonnard
84191eab06
Merge pull request #4315 from Kxuan/feat-pre-compute-tls
Static initialize comb table
2021-06-03 11:41:54 +02:00
kXuan
782c2b9f36
fix comment, ChangeLog & migration-guide for MBEDTLS_ECP_FIXED_POINT_OPTIM
Signed-off-by: kXuan <kxuanobj@gmail.com>
2021-06-03 15:47:40 +08:00
Thomas Daubney
adb93d732f Adds ChangeLog entry
Commit adds required ChangeLog entry.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-02 13:45:57 +01:00
Manuel Pégourié-Gonnard
1b1327cc0d
Merge pull request #4581 from TRodziewicz/remove_supp_for_extensions_in_pre-v3_X.509_certs
Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option
2021-06-02 13:48:03 +02:00
Manuel Pégourié-Gonnard
df77624ab5
Merge pull request #4490 from TRodziewicz/Combine__SSL_<CID-TLS1_3>_PADDING_GRANULARITY_options
Combine _SSL_<CID-TLS1_3>_PADDING_GRANULARITY options
2021-06-02 13:47:48 +02:00
Manuel Pégourié-Gonnard
1b3b27cbb0
Merge pull request #4587 from TRodziewicz/remove_3DES_ciphersuites
Remove 3DES ciphersuites
2021-06-02 11:01:42 +02:00
Paul Elliott
b2ce2ed6d8 Merge remote-tracking branch 'upstream/development' into psa-m-aead
Conflicts:
* None
2021-06-01 17:13:19 +01:00
Gilles Peskine
fe3069b7f1
Merge pull request #4585 from mpg/cipher-aead-delayed
Clarify multi-part AEAD calling sequence in Cipher module
2021-06-01 12:04:19 +02:00
TRodziewicz
f059e74a22 Re-wording ChangeLog and reverting overzealous removal from config.h
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-01 11:17:07 +02:00