Hanno Becker
002a7b20ec
Adapt ChangeLog
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-25 11:17:40 +02:00
Przemek Stekiel
b51561b017
Add change log entry for mixed-psk
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-25 08:52:26 +02:00
Biswapriyo Nath
d7e0ee42b8
cmake: Fix runtime library install location in mingw
...
This install DLLs in bin directory instead of lib.
Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
2022-04-22 20:59:50 +05:30
Biswapriyo Nath
0f2e87bdf5
cmake: Use GnuInstallDirs to customize install directories
...
Replace custom LIB_INSTALL_DIR with standard CMAKE_INSTALL_LIBDIR variable.
For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set.
Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
2022-04-22 20:59:28 +05:30
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk
...
Run ssl-opt.sh in more reduced configurations
2022-04-21 12:03:53 +02:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
...
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail
...
PSA: systematically test operation failure
2022-04-15 10:52:47 +02:00
Glenn Strauss
d09b343ffc
Deprecate mbedtls_ssl_conf_(min/max)_version()
...
Deprecate mbedtls_ssl_conf_max_version()
Replaced with mbedtls_ssl_conf_max_tls_version()
Deprecate mbedtls_ssl_conf_min_version()
Replaced with mbedtls_ssl_conf_min_tls_version()
(PR feedback from @ronald-cron-arm)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
dff84620a0
Unify internal/external TLS protocol version enums
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 13:45:20 -04:00
Gilles Peskine
5dc8a0ac5a
Wording improvement
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-14 12:46:06 +02:00
Gilles Peskine
70b8a69b20
Add changelog entry for #3998 fix
...
The fix was in https://github.com/ARMmbed/mbedtls/pull/4989 .
We forgot to add a changelog entry.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 16:14:01 +02:00
Gilles Peskine
43b0943736
Merge pull request #1946 from hanno-arm/alert_reentrant
...
Make mbedtls_ssl_send_alert_message() reentrant
2022-04-12 11:05:20 +02:00
Manuel Pégourié-Gonnard
eaf3086831
Merge pull request #1133 from RonEld/1805
...
Fix Shared Library compilation issue with Cmake
2022-04-11 09:31:59 +02:00
Krzysztof Stachowiak
8790fa2088
Add ChangeLog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 15:17:47 +01:00
Dave Rodgman
f945e0a475
Update ChangeLog.d/alert_reentrant.txt
...
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:59:30 +01:00
Hanno Becker
8813c03cb0
Add ChangeLog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:16:55 +01:00
Gilles Peskine
f4c6eb0a49
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
...
When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, support an alternative file to
include instead of "psa/crypto_config.h", and an additional file to include
after it. This follows the model of the existing MBEDTLS_{,USER_}CONFIG_FILE.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:40:22 +02:00
Glenn Strauss
236e17ec26
Introduce mbedtls_ssl_hs_cb_t typedef
...
Inline func for mbedtls_ssl_conf_cert_cb()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-07 14:18:30 -04:00
Gilles Peskine
a91b68564c
Merge pull request #5429 from yuhaoth/pr/fix-parallel-build-fail-of-cmake_out_source
...
fix parallel build fail of cmake out source
2022-04-07 16:21:43 +02:00
Manuel Pégourié-Gonnard
33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors
...
Accessors to own CID within mbedtls_ssl_context
2022-04-01 11:36:00 +02:00
Paul Elliott
0113cf1022
Add accessor for own cid to ssl context
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 19:21:41 +01:00
Manuel Pégourié-Gonnard
3304f253d7
Merge pull request #5653 from paul-elliott-arm/handshake_over
...
Add mbedtls_ssl_is_handshake_over()
2022-03-30 12:16:40 +02:00
Paul Elliott
571f1187b6
Merge pull request #5642 from mprse/ecp_export
...
Add ECP keypair export function
2022-03-29 17:19:04 +01:00
Dave Rodgman
1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal
...
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
2022-03-29 15:34:12 +01:00
Ronald Cron
63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512
...
Add rsae sha384 sha512
2022-03-29 14:01:51 +02:00
Przemek Stekiel
2076cbe511
Add function name to changelog
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-28 07:22:11 +02:00
Tom Cosgrove
87fbfb5d82
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
...
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.
The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.
There should be minimal code size impact if no A64_CRYPTO option is set.
The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:53 +00:00
Paul Elliott
93ba3e3918
Add mbedtls_ssl_is_handshake_over() function
...
Add function to query if SSL handshake is over or not, in order to
determine when to stop calling mbedtls_ssl_handshake_step among other
things. Document function, and add warnings that the previous method of
ascertaining if handshake was over is now deprecated, and may break in
future releases.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-22 22:47:49 +00:00
Jerry Yu
8beb9e173d
Change prototype of pk_sign_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Paul Elliott
a5bebc297b
Add changelog entry
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-21 15:27:25 +00:00
Przemek Stekiel
815af94905
Add ChangeLog file
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-18 15:10:31 +01:00
Ron Eldor
183264cb95
Fix shared library link error with cmake on Windows
...
Set the library path as the current binary dir
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-17 12:07:50 +00:00
Gilles Peskine
08622b6dc7
Declare PSA_WANT_ALG_CCM_STAR_NO_TAG and use it in tests
...
CCM*-no-tag is currently available whenever CCM is, so declare
PSA_WANT_ALG_CCM_STAR_NO_TAG whenever PSA_WANT_ALG_CCM is declared and vice
versa.
Fix dependencies of test cases that use PSA_ALG_CCM_STAR_NO_TAG: some were
using PSA_WANT_ALG_CCM and some had altogether wrong dependencies.
This commit does not touch library code. There is still no provision for
providing CCM support without CCM*-no-tag or vice versa.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
...
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
Dave Rodgman
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal
...
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
2022-03-14 12:57:37 +00:00
Manuel Pégourié-Gonnard
c11bffe989
Merge pull request #5139 from mprse/key_der_ecc
...
PSA: implement key derivation for ECC keys
2022-03-14 09:17:13 +01:00
Przemek Stekiel
b38f797a24
Add change log entry for psa ECC key derivation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-11 14:12:34 +01:00
Jerry Yu
7599f3109a
Update changelog entry
...
Remove internal details. Add the condition of the bug.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-11 16:30:20 +08:00
Gilles Peskine
81d903f5aa
Merge pull request #5510 from SiliconLabs/feature/PSEC-3269-MD-X.509-hashing
...
feat: MD: X.509 hashing
2022-03-10 20:16:43 +01:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
...
server certificate selection callback
2022-03-10 11:51:42 +01:00
Dave Rodgman
73e91e13a6
Merge pull request #2229 from RonEld/fix_test_md_api_violation
...
Fix test md api violation
2022-03-10 09:21:47 +00:00
Paul Elliott
17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn
...
Port ALPN support for tls13 client from tls13-prototype
2022-03-08 17:53:38 +00:00
Jerry Yu
6dd2e34848
Add changelog entry
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-08 14:56:31 +08:00
Gilles Peskine
15364ffb03
Merge pull request #5579 from SiliconLabs/erase_secret_before_free
...
Erase secrets in allocated memory before freeing said memory
2022-03-07 17:04:04 +01:00
Tom Cosgrove
70245bee01
Add ChangeLog entry for fix to mbedtls_md_process() test
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-04 16:48:49 +00:00
Andrzej Kurek
3475b26375
Add a changelog entry
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Gilles Peskine
d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters
...
Add function to get message digest info from context
2022-03-02 16:44:26 +01:00
Gilles Peskine
5459a15863
Merge pull request #5365 from Tachi107/msvc-utf-8
...
build(msvc): always assume source files are in UTF-8
2022-03-02 16:42:33 +01:00
Glenn Strauss
6989407261
Add accessor to retrieve SNI during handshake
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Glenn Strauss
36872dbd0b
Provide means to reset handshake cert list
...
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null. Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:48 -05:00
Glenn Strauss
2ed95279c0
Add server certificate selection callback
...
https://github.com/ARMmbed/mbedtls/issues/5430
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 17:31:49 -05:00
Steven Cooreman
4b94f10b93
Add changelog entry for zeroizing key buffers before freeing
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2022-02-25 16:53:11 +01:00
Andrzej Kurek
a0237f86d3
Add missing key destruction calls in ssl_write_client_key_exchange
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-25 04:36:40 -05:00
Andrea Pappacoda
9202909d07
build(msvc): always assume source files are in UTF-8
...
Fixes https://github.com/ARMmbed/mbedtls/issues/4205
Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>
2022-02-23 23:13:09 +01:00
Gilles Peskine
9cb08822a1
Minor clarification
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:02 +01:00
Gilles Peskine
80dae04f24
Make user_data fields private
...
Add accessor functions.
Add unit tests for the accessor functions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
c63a1e0e15
Fix mbedtls_ssl_get_version() for TLSv1.3
...
Test it in ssl-opt.sh.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
e1a0c25f71
New function to access the TLS version from a context as an enum
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
915896f03c
Add accessor function from mbedtls_ssl_context to the configuration
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
69477b5706
Add a field for application data to TLS structures
...
In structure types that are passed to user callbacks, add a field that the
library won't ever care about. The application can use this field to either
identify an instance of the structure with a handle, or store a pointer to
extra data.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Tom Cosgrove
f3ebd90a1c
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
...
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.
The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.
There should be minimal code size impact if no A64_CRYPTO option is set.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-02-21 08:37:26 +00:00
Manuel Pégourié-Gonnard
4fa604cc3b
Merge pull request #5511 from SiliconLabs/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0
...
feat: Update test_suite_psa_its to NOT use UID=0
2022-02-17 11:49:33 +01:00
Manuel Pégourié-Gonnard
3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto
...
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
2022-02-16 17:33:47 +01:00
Manuel Pégourié-Gonnard
e14b644f4d
Merge pull request #5456 from mpg/cleanup-ecdh-psa
...
Cleanup PSA-based ECDHE in TLS 1.2
2022-02-15 09:09:07 +01:00
lhuang04
86cacac91a
Port ALPN support for tls13 client from tls13-prototype
...
Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124 ).
Test Plan:
Reviewers:
Subscribers:
Tasks:
Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
2022-02-14 08:03:32 -08:00
Ronald Cron
fb84e98fb4
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-11 16:10:44 +01:00
Gilles Peskine
bebeae9428
Merge pull request #5504 from gstrauss/mbedtls_pem_get_der
...
Add accessor to get der from mbedtls_pem_context
2022-02-10 23:56:57 +01:00
Glenn Strauss
a950938ff0
Add mbedtls_ssl_ticket_rotate for ticket rotation.
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 14:33:15 -05:00
Glenn Strauss
72bd4e4d6a
Add accessor to get buf from mbedtls_pem_context
...
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-08 14:53:46 -05:00
pespacek
d62e906b1c
TEST: added psa_its_set expected failure test
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 15:19:26 +01:00
pespacek
7599a7744e
X.509: use PSA for hashing under USE_PSA_CRYPTO
...
When MBEDTLS_USE_PSA_CRYPTO is enabled, use psa_hash_xxx rather than
mbedtls_md_xxx.
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 11:27:42 +01:00
Manuel Pégourié-Gonnard
141be6cc7f
Fix missing check on server-chosen curve
...
We had this check in the non-PSA case, but it was missing in the PSA
case.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs
...
Resolve problems with reduced configs using USE_PSA_CRYPTO
2022-02-02 10:20:26 +01:00
Paul Elliott
a9f32fbb21
Merge pull request #5382 from lhuang04/tls13_f_export_keys
...
Swap the client and server random for TLS 1.3 f_export_keys
2022-01-28 12:09:19 +00:00
lhuang04
a3890a3427
Swap the client and server random for TLS 1.3
...
Summary:
Test Plan:
Reviewers:
Subscribers:
Tasks:
Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
2022-01-27 06:00:43 -08:00
Andrzej Kurek
76c185b0a3
Add a changelog entry regarding bugfixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-24 10:09:38 -05:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite
...
Add accessors for ciphersuite info
2022-01-24 11:13:31 +01:00
Dave Rodgman
b032685543
Merge pull request #5309 from gilles-peskine-arm/pkparse-pkcs8-unencrypted-no-alloc
...
mbedtls_pk_parse_key: don't allocate if not needed
2022-01-24 10:03:48 +00:00
Gilles Peskine
fe271b9c92
Merge pull request #5253 from AndrzejKurek/chacha-iv-len-16-fixes
...
Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
2022-01-21 21:46:08 +01:00
Andrzej Kurek
ad40bb7f3f
Add a changelog entry for forced MBEDTLS_PK_WRITE_C
...
Describe why and when it is enabled automatically.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:34:48 -05:00
Andrzej Kurek
f2d4e275a8
Add a changelog entry for the ChaCha20 default behavior change
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Manuel Pégourié-Gonnard
73839e02a7
Merge pull request #5353 from gstrauss/mbedtls_ssl_config_defaults-repeat
...
Reset dhm_P and dhm_G if config call repeated; avoid memory leak
2022-01-14 10:41:06 +01:00
Glenn Strauss
8f52690956
Add accessors for ciphersuite info
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-13 00:05:48 -05:00
Bence Szépkúti
08f34656cb
Return the same error in multipart and single shot AEAD
...
psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning
PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing
PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or
psa_aead_decrypt().
The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT
in the case that the supplied algorithm is not an AEAD one.
Also move these shared checks to a helper function, to reduce code
duplication and ensure that the functions remain in sync.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-01-07 19:36:07 +01:00
Max Fillinger
8737ec2407
Add ChangeLog entry for md_info getter
...
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-12-28 16:53:40 +01:00
Glenn Strauss
cee11296aa
Reset dhm_P and dhm_G if config call repeated
...
Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated
to avoid leaking memory.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2021-12-20 20:24:56 -05:00
Archana
4a9e02632a
Review comments addressed
...
* Updated the default argument to create less noise with argument
passing.
* Reworded ChangeLog to match MbedTLS documentation/ announcement
requirements
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-19 13:37:37 +05:30
Archana
21b20c72d3
Add Changelog and update documentation
...
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-19 10:35:15 +05:30
Ronald Cron
831cf48abf
Assemble change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 09:02:38 +01:00
Ronald Cron
acf0df81f2
Add change log for #4842
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 09:02:02 +01:00
Ronald Cron
be252a0da9
Add change log for #4859
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 08:43:53 +01:00
Ronald Cron
7e1cb129e8
Add change log for #4514
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 08:41:32 +01:00
Ronald Cron
2a4344d1fa
Add change log for #4883
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-14 18:11:45 +01:00
Dave Rodgman
a53779dba4
Add missing changelog for ARIA ( #4959 )
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-14 18:11:45 +01:00
Manuel Pégourié-Gonnard
28e3bcf6e1
Fix misleading ChangeLog entry formatting.
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-12-14 18:11:45 +01:00
Manuel Pégourié-Gonnard
4e511ede90
Double-free goes under security, not bugfix.
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-12-14 18:11:45 +01:00
Ronald Cron
8188d19b0e
Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr
2021-12-14 10:58:18 +01:00
Gilles Peskine
32d2a58cc2
Merge pull request #5325 from gilles-peskine-arm/zeroize-tag-3.1
...
Zeroize expected MAC/tag intermediate variables
2021-12-13 19:09:30 +01:00
Gilles Peskine
a5c18512b9
Merge pull request #5155 from paul-elliott-arm/pcks12_fix
...
Fixes for pkcs12 with NULL and/or zero length password
2021-12-13 14:52:36 +01:00
Gilles Peskine
36d33f37b6
Generalize MAC zeroization changelog entry
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 12:43:11 +01:00
Dave Rodgman
050ad4bb50
Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac
...
Check HMAC return values
2021-12-13 10:51:27 +00:00
Gilles Peskine
ecf6bebb9c
Catch failures of md_hmac operations
...
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.
Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 15:00:57 +01:00
Gilles Peskine
d5ba50e239
Zeroize local MAC variables
...
Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption,
this is just good hygiene but probably not needed for security since the
data protected by the MAC that could leak is about to be transmitted anyway.
In DTLS decryption, this could be a security issue since an adversary could
learn the MAC of data that they were trying to inject. At least with
encrypt-then-MAC, the adversary could then easily inject a datagram with
a corrected packet. TLS would still be safe since the receiver would close
the connection after the bad MAC.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 14:59:45 +01:00
Gilles Peskine
c11192fcb2
Merge pull request #5290 from minosgalanakis/development
...
Document platform architecture portability constraints
2021-12-10 21:13:11 +01:00
Gilles Peskine
0ca219575a
mbedtls_pk_parse_key: don't allocate if not needed
...
mbedtls_pk_parse_key() makes a temporary copy of the key when it calls
pk_parse_key_pkcs8_encrypted_der(), because that function requires a
writable buffer. pk_parse_key_pkcs8_encrypted_der() always rejects an
empty password, so skip calling it in that case, which allows us to
skip the allocation as well.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-10 17:36:37 +01:00
Minos Galanakis
c10086e33e
changelog: Addressed review comments #6
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2021-12-10 15:52:54 +00:00
Ronald Cron
6aeda5305c
Add change log for TLS 1.3 MVP
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:48:12 +01:00
Gilles Peskine
d5b2a59826
Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm
...
PSA Multipart AEAD CCM Internal implementation and tests.
2021-12-09 14:49:42 +01:00
Manuel Pégourié-Gonnard
49c20954e4
Merge pull request #865 from davidhorstmann-arm/3.0-fix-session-copy-bug-chglog
...
Add changelog entry for session copy bugfix
2021-12-09 09:21:28 +01:00
David Horstmann
e217edf49c
Add changelog entry for session copy bugfix
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-12-08 13:32:59 +00:00
Manuel Pégourié-Gonnard
5d9f42200f
Merge pull request #861 from ronald-cron-arm/fix-aead-nonce
...
psa: aead: Fix invalid output buffer usage in generate_nonce()
2021-12-08 13:30:21 +01:00
Manuel Pégourié-Gonnard
39c2aba920
Merge pull request #849 from ronald-cron-arm/fix-cipher-iv
...
Avoid using encryption output buffer to pass generated IV to PSA driver
2021-12-08 13:30:06 +01:00
Ronald Cron
0118627013
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-07 09:28:36 +01:00
Ronald Cron
6fd156aa6b
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-07 09:21:38 +01:00
Gilles Peskine
aa1e9857a5
Add changelog entry for build error fixes
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-06 20:58:47 +01:00
Gilles Peskine
1bbf6d645b
Merge pull request #5149 from mfil/feature/additional_cipher_info_getters
...
Additional cipher_info getters
2021-12-03 17:21:51 +01:00
Paul Elliott
117282f25e
Delete unneccesary changelog entry
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-01 17:18:12 +00:00
Gilles Peskine
161d661d90
Merge pull request #5222 from paul-elliott-arm/fix_test_suite_ssl
...
Fix test_suite_ssl compilation errors with GCC11
2021-11-25 22:02:43 +01:00
Paul Elliott
62dc392ef8
Stop CMake out of source tests running on 16.04
...
Running the out of source CMake test on Ubuntu 16.04 using more than one
processor (as the CI does) can create a race condition whereby the build
fails to see a generated file, despite that file actually having been
generated. This problem appears to go away with 18.04 or newer, so make
the out of source tests not supported on Ubuntu 16.04
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:03:50 +00:00
Paul Elliott
472fd176a6
Fix Changelog
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-24 17:45:43 +00:00
Paul Elliott
21c8fe5c6e
Fix compilation errors.
...
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-24 17:19:51 +00:00
Gabor Mezei
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module
2021-11-24 10:44:13 +01:00
Gilles Peskine
0c9f058504
Merge pull request #5213 from tom-cosgrove-arm/pr_4950
...
Fix GCM calculation with very long IV
2021-11-22 22:22:37 +01:00
Paul Elliott
0b7d5a88d9
Make changelog more specific
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-18 22:39:16 +00:00
Bence Szépkúti
6d48e20d4b
Indicate nonce sizes invalid for ChaCha20-Poly1305
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 18:06:11 +01:00
Paul Elliott
853c0da8de
Fix for pkcs12 with NULL or zero length password
...
Previously passing a NULL or zero length password into either
mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate
loop, and it was also possible to pass a NULL password, with a non-zero
length, which would cause memory corruption.
I have fixed these errors, and improved the documentation to reflect the
changes and further explain what is expected of the inputs.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-11 19:26:37 +00:00
Max Fillinger
7568d1a238
Add Changelog entry for additional getters
...
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-11-10 15:12:04 +01:00
Manuel Pégourié-Gonnard
087f04783d
Merge pull request #5076 from mstarzyk-mobica/psa_ccm_no_tag
...
PSA CCM*-no-tag
2021-11-10 10:18:55 +01:00
Gilles Peskine
c756b5f9fa
Merge pull request #5126 from haampie/fix/DT_NEEDED_for_shared_libraries
...
DT_NEEDED for shared builds in makefile
2021-11-05 12:04:29 +01:00
Harmen Stoppels
3e636161ec
Add changelog
...
Signed-off-by: Harmen Stoppels <harmenstoppels@gmail.com>
2021-11-05 09:32:05 +01:00
Gabor Mezei
77390dc8ec
Update changelog with the new public API
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-03 17:12:56 +01:00
Gilles Peskine
c323d4585f
Note the change to PSA_ALG_IS_HASH_AND_SIGN in the changelog
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 15:51:20 +01:00
Mateusz Starzyk
5bc9bf7584
Add changelog entry for new PSA Crypto API macros.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-11-03 15:47:03 +01:00
Manuel Pégourié-Gonnard
4313d3ac87
Merge pull request #5010 from gilles-peskine-arm/psa-rsa-pss_any_salt
...
PSA: fix salt length for PSS verification
2021-10-29 16:36:36 +02:00
Manuel Pégourié-Gonnard
774b4422e2
Merge pull request #5116 from gilles-peskine-arm/remove-greentea-3.0
...
Remove on-target testing
2021-10-29 09:33:34 +02:00
Gilles Peskine
d025422c28
Remove on-target testing
...
It was unmaintained and untested, and the fear of breaking it was holding us
back. Resolves #4934 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-27 11:45:57 +02:00
Mateusz Starzyk
812ef6b379
Fix ccm*-no-tag changelog entry
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-27 11:26:47 +02:00
Gilles Peskine
66c9b84f93
Fix typo in documentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:15:20 +02:00
Gilles Peskine
680747b868
Fix the build of sample programs without mbedtls_strerror
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
66884e6dae
Base64 range-based constant-flow code: changelog entry
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
4fa0725936
Merge pull request #5002 from mstarzyk-mobica/psa_output_buffer_limitation
...
Remove output buffer limitation for PSA with GCM.
2021-10-25 19:37:33 +02:00
Mateusz Starzyk
61a8b2daf2
Add changelog entry for CCM*-no-tag.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-22 13:52:42 +02:00
Gilles Peskine
6210320215
Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys
...
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
2021-10-18 17:53:56 +02:00
Gilles Peskine
bf21c07923
Merge pull request #5072 from mprse/issue_5065
...
Use switch statement instead if-else in psa_aead_check_nonce_length() and psa_aead_set_lengths(). Fixes #5065
2021-10-18 17:51:50 +02:00
Gilles Peskine
7637ab0d8b
Merge pull request #5037 from mprse/issue_4551
...
Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
2021-10-18 10:39:21 +02:00
Przemyslaw Stekiel
316c4fa3ce
Address review comments
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-15 08:04:53 +02:00
Gilles Peskine
2bb5e9c973
Merge pull request #4760 from gilles-peskine-arm/ecb-alt-ret-3.0
...
Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
2021-10-14 12:11:20 +02:00
Przemyslaw Stekiel
ed61c5e8b0
Add change-log file (issue #5065 )
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-14 09:14:09 +02:00
openluopworld
151ccb2977
update changelog for #4884
...
Signed-off-by: openluopworld <wuhanluop@163.com>
2021-10-13 00:23:30 +08:00
openluopworld
506752299b
add changelog file for #4950
...
Signed-off-by: openluopworld <wuhanluop@163.com>
2021-10-12 18:38:50 +08:00