mbedtls

Author	SHA1	Message	Date
Gilles Peskine	d929dbbb25	Merge pull request #5368 from mfil/feature/additional_md_getters Add function to get message digest info from context	2022-03-02 16:44:26 +01:00
Gilles Peskine	5459a15863	Merge pull request #5365 from Tachi107/msvc-utf-8 build(msvc): always assume source files are in UTF-8	2022-03-02 16:42:33 +01:00
Andrzej Kurek	a0237f86d3	Add missing key destruction calls in ssl_write_client_key_exchange Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-02-25 04:36:40 -05:00
Andrea Pappacoda	9202909d07	build(msvc): always assume source files are in UTF-8 Fixes https://github.com/ARMmbed/mbedtls/issues/4205 Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>	2022-02-23 23:13:09 +01:00
Gilles Peskine	9cb08822a1	Minor clarification Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:02 +01:00
Gilles Peskine	80dae04f24	Make user_data fields private Add accessor functions. Add unit tests for the accessor functions. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Gilles Peskine	c63a1e0e15	Fix mbedtls_ssl_get_version() for TLSv1.3 Test it in ssl-opt.sh. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Gilles Peskine	e1a0c25f71	New function to access the TLS version from a context as an enum Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Gilles Peskine	915896f03c	Add accessor function from mbedtls_ssl_context to the configuration Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Gilles Peskine	69477b5706	Add a field for application data to TLS structures In structure types that are passed to user callbacks, add a field that the library won't ever care about. The application can use this field to either identify an instance of the structure with a handle, or store a pointer to extra data. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Manuel Pégourié-Gonnard	4fa604cc3b	Merge pull request #5511 from SiliconLabs/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0 feat: Update test_suite_psa_its to NOT use UID=0	2022-02-17 11:49:33 +01:00
Manuel Pégourié-Gonnard	3d1f8b9c00	Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO	2022-02-16 17:33:47 +01:00
Manuel Pégourié-Gonnard	e14b644f4d	Merge pull request #5456 from mpg/cleanup-ecdh-psa Cleanup PSA-based ECDHE in TLS 1.2	2022-02-15 09:09:07 +01:00
Ronald Cron	fb84e98fb4	Add change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-02-11 16:10:44 +01:00
Gilles Peskine	bebeae9428	Merge pull request #5504 from gstrauss/mbedtls_pem_get_der Add accessor to get der from mbedtls_pem_context	2022-02-10 23:56:57 +01:00
Glenn Strauss	a950938ff0	Add mbedtls_ssl_ticket_rotate for ticket rotation. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-09 14:33:15 -05:00
Glenn Strauss	72bd4e4d6a	Add accessor to get buf from mbedtls_pem_context Co-authored-by: Gilles Peskine <gilles.peskine@arm.com> Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-08 14:53:46 -05:00
pespacek	d62e906b1c	TEST: added psa_its_set expected failure test Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-02-08 15:19:26 +01:00
Manuel Pégourié-Gonnard	141be6cc7f	Fix missing check on server-chosen curve We had this check in the non-PSA case, but it was missing in the PSA case. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard	1ab2d6966c	Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs Resolve problems with reduced configs using USE_PSA_CRYPTO	2022-02-02 10:20:26 +01:00
Paul Elliott	a9f32fbb21	Merge pull request #5382 from lhuang04/tls13_f_export_keys Swap the client and server random for TLS 1.3 f_export_keys	2022-01-28 12:09:19 +00:00
lhuang04	a3890a3427	Swap the client and server random for TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: Signed-off-by: lhuang04 <lhuang04@fb.com>	2022-01-27 06:00:43 -08:00
Andrzej Kurek	76c185b0a3	Add a changelog entry regarding bugfixes Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-24 10:09:38 -05:00
Manuel Pégourié-Gonnard	fcca7cfa97	Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite Add accessors for ciphersuite info	2022-01-24 11:13:31 +01:00
Dave Rodgman	b032685543	Merge pull request #5309 from gilles-peskine-arm/pkparse-pkcs8-unencrypted-no-alloc mbedtls_pk_parse_key: don't allocate if not needed	2022-01-24 10:03:48 +00:00
Gilles Peskine	fe271b9c92	Merge pull request #5253 from AndrzejKurek/chacha-iv-len-16-fixes Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly	2022-01-21 21:46:08 +01:00
Andrzej Kurek	ad40bb7f3f	Add a changelog entry for forced MBEDTLS_PK_WRITE_C Describe why and when it is enabled automatically. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-19 12:34:48 -05:00
Andrzej Kurek	f2d4e275a8	Add a changelog entry for the ChaCha20 default behavior change Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-14 16:31:54 +01:00
Manuel Pégourié-Gonnard	73839e02a7	Merge pull request #5353 from gstrauss/mbedtls_ssl_config_defaults-repeat Reset dhm_P and dhm_G if config call repeated; avoid memory leak	2022-01-14 10:41:06 +01:00
Glenn Strauss	8f52690956	Add accessors for ciphersuite info Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-01-13 00:05:48 -05:00
Bence Szépkúti	08f34656cb	Return the same error in multipart and single shot AEAD psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or psa_aead_decrypt(). The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT in the case that the supplied algorithm is not an AEAD one. Also move these shared checks to a helper function, to reduce code duplication and ensure that the functions remain in sync. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2022-01-07 19:36:07 +01:00
Max Fillinger	8737ec2407	Add ChangeLog entry for md_info getter Signed-off-by: Max Fillinger <max@max-fillinger.net>	2021-12-28 16:53:40 +01:00
Glenn Strauss	cee11296aa	Reset dhm_P and dhm_G if config call repeated Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated to avoid leaking memory. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2021-12-20 20:24:56 -05:00
Archana	4a9e02632a	Review comments addressed * Updated the default argument to create less noise with argument passing. * Reworded ChangeLog to match MbedTLS documentation/ announcement requirements Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-19 13:37:37 +05:30
Archana	21b20c72d3	Add Changelog and update documentation Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-19 10:35:15 +05:30
Ronald Cron	831cf48abf	Assemble change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-15 09:02:38 +01:00
Ronald Cron	acf0df81f2	Add change log for #4842 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-15 09:02:02 +01:00
Ronald Cron	be252a0da9	Add change log for #4859 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-15 08:43:53 +01:00
Ronald Cron	7e1cb129e8	Add change log for #4514 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-15 08:41:32 +01:00
Ronald Cron	2a4344d1fa	Add change log for #4883 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-14 18:11:45 +01:00
Dave Rodgman	a53779dba4	Add missing changelog for ARIA (#4959 ) Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-12-14 18:11:45 +01:00
Manuel Pégourié-Gonnard	28e3bcf6e1	Fix misleading ChangeLog entry formatting. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-12-14 18:11:45 +01:00
Manuel Pégourié-Gonnard	4e511ede90	Double-free goes under security, not bugfix. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-12-14 18:11:45 +01:00
Ronald Cron	8188d19b0e	Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr	2021-12-14 10:58:18 +01:00
Gilles Peskine	32d2a58cc2	Merge pull request #5325 from gilles-peskine-arm/zeroize-tag-3.1 Zeroize expected MAC/tag intermediate variables	2021-12-13 19:09:30 +01:00
Gilles Peskine	a5c18512b9	Merge pull request #5155 from paul-elliott-arm/pcks12_fix Fixes for pkcs12 with NULL and/or zero length password	2021-12-13 14:52:36 +01:00
Gilles Peskine	36d33f37b6	Generalize MAC zeroization changelog entry Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 12:43:11 +01:00
Dave Rodgman	050ad4bb50	Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac Check HMAC return values	2021-12-13 10:51:27 +00:00
Gilles Peskine	ecf6bebb9c	Catch failures of md_hmac operations Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that their return values should be checked. Do check the return values in our code. We were already doing that everywhere for hash calculations, but not for HMAC calculations. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-11 15:00:57 +01:00
Gilles Peskine	d5ba50e239	Zeroize local MAC variables Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption, this is just good hygiene but probably not needed for security since the data protected by the MAC that could leak is about to be transmitted anyway. In DTLS decryption, this could be a security issue since an adversary could learn the MAC of data that they were trying to inject. At least with encrypt-then-MAC, the adversary could then easily inject a datagram with a corrected packet. TLS would still be safe since the receiver would close the connection after the bad MAC. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-11 14:59:45 +01:00

1 2 3 4 5 ...

697 commits