yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
19513 commits 1 branch 0 tags 94 MiB
Commit graph

741 commits

Author SHA1 Message Date
TRodziewicz
15a7b73708 Documentation rewording 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-16 11:22:53 +02:00
TRodziewicz
8f91c721d3 Code review follow-up corrections 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-16 10:34:45 +02:00
TRodziewicz
7ff652ae53 Addition of ChangeLog and migration guide entry files. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-16 10:34:39 +02:00
Gilles Peskine
17575dcb03
Merge pull request #4629 from TRodziewicz/rename_functions_whose_deprecated_variants_have_been_removd 
Rename the _ret() functions
 2021-06-15 20:32:07 +02:00
TRodziewicz
9c90226df1 Addition of the migration guide and change log files 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-15 15:49:20 +02:00
Manuel Pégourié-Gonnard
8cad2e22fc
Merge pull request #4595 from gilles-peskine-arm/alt-dummy-headers-3.0 
Lighten and test constraints on context types in alternative implementations
 2021-06-15 12:12:46 +02:00
TRodziewicz
28a4a963fc Corrections to the docs wording and changes to aux scripts 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-15 00:18:32 +02:00
Gilles Peskine
f35c42bdb9 Document the remaining constraints on ALT context types 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:14:28 +02:00
Gilles Peskine
cd07e22048 New function mbedtls_ecjpake_set_point_format 
Use this instead of accessing the field directly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:12:37 +02:00
Gilles Peskine
71acc6e8d9 New function mbedtls_dhm_get_value to copy a field of a DHM context 
Reduce the need to break the DHM abstraction by accessing the context directly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:12:37 +02:00
Gilles Peskine
487bbf6805 DHM: new functions to query the length of the modulus 
Add two functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() to
query the length of the modulus in bytes or bits.

Remove the len field: the cost of calling mbedtls_dhm_get_len() each time
it's needed is negligible, and this improves the abstraction of the DHM
module.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:12:37 +02:00
Gilles Peskine
a1b44dd808 Changelog entry for MBEDTLS_ECP_MAX_BITS automatic determination 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-15 00:10:37 +02:00
TRodziewicz
3946f79cab Correction according to code review (function and param. names change 
and docs rewording)

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-14 13:46:21 +02:00
TRodziewicz
8476f2f30a Turn _SSL_SRV_RESPECT_CLIENT_PREFERENCE config option to a runtime option 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-14 11:56:20 +02:00
TRodziewicz
1fcd72e93c change log and migr. guide fixes and _DEPRECATED_REMOVED removed 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-14 11:16:06 +02:00
Gilles Peskine
b1edaec18f Fix missing state check for tls12_prf output 
Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive
about missing inputs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-11 22:41:46 +02:00
Ronald Cron
57864faf84
Merge pull request #4634 from Patater/mbed-can-do-timing 
config: Allow Mbed to implement TIMING_C
 2021-06-11 09:14:13 +02:00
Gilles Peskine
02b76b7d18
Merge pull request #4619 from TRodziewicz/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options 
Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code
 2021-06-10 17:43:36 +02:00
Manuel Pégourié-Gonnard
8323244ca3 Add ChangeLog entry about RSA side channel. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-10 13:30:07 +02:00
Jaeden Amero
197496af69 config: Allow Mbed to implement TIMING_C 
Mbed OS now provides POSIX-like time functions, although not alarm() nor
signal(). It is possible to implement MBEDTLS_TIMING_ALT on Mbed OS, so
we should not artificially prevent this in check-config. Remove the the
check that prevents implementing MBEDTLS_TIMING_ALT on Mbed OS.

Note that this limitation originally was added in the following commit,
although there isn't much context around why the restriction was
imposed: 63e7ebaaa1 ("Add material for generating yotta module"). In
2015, Mbed OS was quite a different thing: no RTOS, no threads, just an
asynchronous event loop model. I'd suppose the asynchronous event loop
model made it difficult before to implement MBEDTLS_TIMING_C on Mbed OS,
but that is no longer the case.

Fixes #4633

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
 2021-06-09 13:47:27 +01:00
TRodziewicz
b8367380b1 Addition of the migration guide 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 13:31:42 +02:00
TRodziewicz
3ecb92e680 Remove _X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 13:28:16 +02:00
TRodziewicz
1e66642d68 Addition of change log and migration guide files. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-09 11:25:28 +02:00
Ronald Cron
6fe1bc3f24 Add change log and migration guide 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:19 +02:00
Manuel Pégourié-Gonnard
caa0e93f08
Merge pull request #4617 from daverodgman/cmake-version 
Document minimum tool versions for 3.0
 2021-06-08 11:38:03 +02:00
Manuel Pégourié-Gonnard
16fdab79a5
Merge pull request #4382 from hanno-arm/max_record_payload_api 
Remove MFL query API and add API for maximum plaintext size of incoming records
 2021-06-08 11:07:27 +02:00
Manuel Pégourié-Gonnard
dacd044938
Merge pull request #4516 from TRodziewicz/Remove__CHECK_PARAMS_option 
Remove MBEDTLS_CHECK_PARAMS option
 2021-06-08 09:30:48 +02:00
Gilles Peskine
8d4e32b888
Merge pull request #4522 from mpg/fix-ssl-cf-hmac-alt-dev 
Fix misuse of MD API in SSL constant-flow HMAC
 2021-06-07 20:53:33 +02:00
TRodziewicz
0730cd5d9e Merge branch 'development' into Remove__CHECK_PARAMS_option 2021-06-07 15:41:49 +02:00
TRodziewicz
442fdc22ea Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-07 13:52:23 +02:00
Manuel Pégourié-Gonnard
13a9776676 Editorial improvements 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-07 12:00:04 +02:00
Manuel Pégourié-Gonnard
3b5a7c198c Update ChangeLog and migration guide 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-07 11:13:34 +02:00
Dave Rodgman
f21e4621f8 Changelog entry for updated tool versions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-07 09:18:50 +01:00
Chris Kay
d259e347e6 Add CMake package config file 
This change enables automatic detection and consumption of Mbed TLS
library targets from within other CMake projects. By generating an
`MbedTLSConfig.cmake` file, consuming projects receive a more complete
view of these targets, allowing them to be used as dependencies which
properly inherit the transitive dependencies of the libraries.

This is fairly fragile, as it seems Mbed TLS's libraries do not appear
to properly model their dependencies on other targets, including
third-party dependencies. It is, however, sufficient for building and
linking the compiled Mbed TLS libraries when there are no third-party
dependencies involved. Further work is needed for more complex
use-cases, but this will likely meet the needs of most projects.

Resolves #298. Probably useful for #2857.

Signed-off-by: Chris Kay <chris.kay@arm.com>
 2021-06-04 16:02:48 +01:00
Gilles Peskine
5b0589e9ab Fix non-constant-time comparison in mbedtls_mpi_random 
Calling mbedtls_mpi_cmp_int reveals the number of leading zero limbs
to an adversary who is capable of very fine-grained timing
measurements. This is very little information, but could be practical
with secp521r1 (1/512 chance of the leading limb being 0) if the
adversary can measure the precise timing of a large number of
signature operations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-04 14:47:24 +02:00
Manuel Pégourié-Gonnard
0c1a42a147
Merge pull request #4611 from gilles-peskine-arm/random-range-uniformity-3.0 
Fix non-uniform random generation in a range
 2021-06-04 10:43:15 +02:00
Manuel Pégourié-Gonnard
f9f9cc217c
Merge pull request #4579 from tom-daubney-arm/rm_ecdh_legacy_context_config_option 
Remove `MBEDTLS_ECDH_LEGACY_CONTEXT` config option
 2021-06-04 10:02:59 +02:00
Gilles Peskine
9367f4b1d9 Add changelog entry for non-uniform MPI random generation 
Fix #4245.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
fdc58c1e8b Changelog entry for adding mbedtls_mpi_random() 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Manuel Pégourié-Gonnard
84191eab06
Merge pull request #4315 from Kxuan/feat-pre-compute-tls 
Static initialize comb table
 2021-06-03 11:41:54 +02:00
kXuan
782c2b9f36
fix comment, ChangeLog & migration-guide for MBEDTLS_ECP_FIXED_POINT_OPTIM 
Signed-off-by: kXuan <kxuanobj@gmail.com>
 2021-06-03 15:47:40 +08:00
Thomas Daubney
adb93d732f Adds ChangeLog entry 
Commit adds required ChangeLog entry.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-06-02 13:45:57 +01:00
Manuel Pégourié-Gonnard
1b1327cc0d
Merge pull request #4581 from TRodziewicz/remove_supp_for_extensions_in_pre-v3_X.509_certs 
Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option
 2021-06-02 13:48:03 +02:00
Manuel Pégourié-Gonnard
df77624ab5
Merge pull request #4490 from TRodziewicz/Combine__SSL_<CID-TLS1_3>_PADDING_GRANULARITY_options 
Combine _SSL_<CID-TLS1_3>_PADDING_GRANULARITY options
 2021-06-02 13:47:48 +02:00
Manuel Pégourié-Gonnard
1b3b27cbb0
Merge pull request #4587 from TRodziewicz/remove_3DES_ciphersuites 
Remove 3DES ciphersuites
 2021-06-02 11:01:42 +02:00
Paul Elliott
b2ce2ed6d8 Merge remote-tracking branch 'upstream/development' into psa-m-aead 
Conflicts:
* None
 2021-06-01 17:13:19 +01:00
Gilles Peskine
fe3069b7f1
Merge pull request #4585 from mpg/cipher-aead-delayed 
Clarify multi-part AEAD calling sequence in Cipher module
 2021-06-01 12:04:19 +02:00
TRodziewicz
f059e74a22 Re-wording ChangeLog and reverting overzealous removal from config.h 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-01 11:17:07 +02:00
Manuel Pégourié-Gonnard
c01b87b820 Fix some typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-01 09:40:53 +02:00
kXuan
22fc906d57
Add ChangeLog and migration guide for MBEDTLS_ECP_FIXED_POINT_OPTIM 
Signed-off-by: kXuan <kxuanobj@gmail.com>
 2021-06-01 14:01:59 +08:00
Manuel Pégourié-Gonnard
6d84e917bb
Merge pull request #4568 from creiter32/to_upstream/csr_critical_extensions 
Expose flag for critical extensions
 2021-05-31 12:46:59 +02:00
Manuel Pégourié-Gonnard
ee57ebe553 Add ChangeLog and migration guide entries 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-31 12:25:01 +02:00
TRodziewicz
3670e387dc Remove 3DES ciphersuites 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-31 12:11:53 +02:00
Manuel Pégourié-Gonnard
daae68d9b2
Merge pull request #4565 from mpg/fixup-changelog-4495-4286 
Fix the "rm (D)TLS 1.0 1.1" ChangeLog entry
 2021-05-31 11:37:04 +02:00
Ronald Cron
ea62d2f391
Merge pull request #4369 from hanno-arm/relax_psk_config 
Implement relaxed semantics for static PSK configuration in Mbed TLS 3.0
 2021-05-31 10:03:56 +02:00
TRodziewicz
dee975af7d Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option 
Remove define

Add ChangeLog file and migration guide entry

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-28 15:27:01 +02:00
Hanno Becker
934ab00f77 Minor improvement of ChangeLog wording 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-28 09:52:54 +01:00
Hanno Becker
196739b478 Change wording in documentation of PSK configuration 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-28 05:33:14 +01:00
TRodziewicz
062f353804 Changes after code review 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-27 17:34:14 +02:00
TRodziewicz
caf2ae04b8 ChangeLog and migration guide added. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-27 17:33:51 +02:00
Christoph Reiter
95273f4b07 Expose flag for critical extensions 
Enables creating X.509 CSRs with critical extensions.

Signed-off-by: Christoph Reiter <christoph.reiter@infineon.com>
 2021-05-27 14:27:43 +02:00
Ronald Cron
142c205ffc
Merge pull request #4513 from Patater/psa-without-genprime-fix 
psa: Support RSA signature without MBEDTLS_GENPRIME
 2021-05-27 14:19:24 +02:00
TRodziewicz
5c251c6a5e Add the ChangeLog file 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-26 13:36:40 +02:00
TRodziewicz
5e3c398de2 A small change in ChangeLog just to restart Travis build 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-26 13:19:14 +02:00
TRodziewicz
e8dd7097c3 Combine MBEDTLS_SSL_<CID-TLS1_3>_PADDING_GRANULARITY options 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-26 13:19:08 +02:00
Manuel Pégourié-Gonnard
c87a07de90 Fix the "rm (D)TLS 1.0 1.1" ChangeLog entry 
- Removing MBEDTLS_SSL_RECORD_CHECKING has nothing to do with TLS 1.0,
TLS 1.1 and DTLS 1.0. It has been included here as a consequence of an
unfortunate typo in the description of 4286. Actually, this macro was
removed independently and we already have a ChangeLog entry about it:
ChangeLog.d/issue4361.txt

- While at it, remove the word "deprecated": these macros and functions
had not been documented as deprecated in any version of the library
before being removed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-26 10:38:59 +02:00
Gilles Peskine
b7abba28e3
Merge pull request #4515 from tom-daubney-arm/remove_rsa_mode_params_2 
Remove rsa mode params part 2
 2021-05-25 20:36:33 +02:00
Gilles Peskine
8a5304d446
Merge pull request #4553 from gilles-peskine-arm/aria_alt-3.0 
Fix ARIA_ALT header and self-test and CAMELLIA_ALT self-test
 2021-05-25 20:32:40 +02:00
Thomas Daubney
731b952b69 Additional corrections to ChangeLog 
Commit makes further corrections to the
wording in the ChangeLog entry.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-05-25 16:26:24 +01:00
Thomas Daubney
6f966112c7 Corrections to ChangeLog and Migration guide 
Corrections to address wording of ChangeLog
and Migration guide.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-05-25 15:00:19 +01:00
Gilles Peskine
0e1f05d34b Changelog entry for the ARIA_ALT and CAMELLIA_ALT fixes 
Fix ARMmbed/mbed-os#14694

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-25 15:33:14 +02:00
TRodziewicz
9d1ce40898 Additional corrections 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 14:07:17 +02:00
TRodziewicz
4ca18aae38 Corrections after the code review 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 13:38:00 +02:00
TRodziewicz
d807060e0a Addition of migration guide and corrections to the ChangeLog file 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:50:51 +02:00
TRodziewicz
28126050f2 Removal of constants and functions and a new ChangeLog file 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:48:12 +02:00
Thomas Daubney
2fbbe1d2fe Corrections to ChangeLog and Migration guide 
This commit fixes typos and re-words
the migration guide. It also adds
the issue number to the ChangeLog.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-05-24 10:53:57 +01:00
Hanno Becker
fb1add76fd Don't use markdown formatting in ChangeLog 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-23 06:03:55 +01:00
Hanno Becker
24628b69be Add ChangeLog entry 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-23 06:03:55 +01:00
Paul Elliott
c40bc1e406 Fix Changelog typo 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:58:12 +01:00
Paul Elliott
741beb1147 Improve Changelog 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:48:30 +01:00
Thomas Daubney
62b0d1dbc8 Adds ChangeLog and Migration guide entry 
Commit adds relevant entry to the
ChangeLog and to the
Migration guide.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-05-21 17:05:12 +01:00
Ronald Cron
f823722af4
Merge pull request #4532 from gilles-peskine-arm/host_test-int32-3.0 
Fix build error in host_test.function when int32_t is not int
 2021-05-21 16:02:28 +02:00
Janos Follath
7fc487c4d6
Merge pull request #4347 from hanno-arm/ssl_session_cache_3_0 
Add session ID as an explicit parameter to SSL session cache API
 2021-05-21 09:28:55 +01:00
Manuel Pégourié-Gonnard
59c4412767
Merge pull request #4497 from netfoundry/fix-mingw-build-development 
Use proper formatting macros when using MinGW provided stdio
 2021-05-21 10:03:26 +02:00
Ronald Cron
ca72287583
Merge pull request #4304 from mstarzyk-mobica/convert_NO_SHA384_to_positive 
Modify config option for SHA384.
 2021-05-21 08:04:33 +02:00
Jaeden Amero
424fa93efd psa: Support RSA signature without MBEDTLS_GENPRIME 
On space-constrained platforms, it is a useful configuration to be able
to import/export and perform RSA key pair operations, but to exclude RSA
key generation, potentially saving flash space. It is not possible to
express this with the PSA_WANT_ configuration system at the present
time. However, in previous versions of Mbed TLS (v2.24.0 and earlier) it
was possible to configure a software PSA implementation which was
capable of making RSA signatures but not capable of generating RSA keys.
To do this, one unset MBEDTLS_GENPRIME.

Since the addition of MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR, this
expressivity was lost. Expressing that you wanted to work with RSA key
pairs forced you to include the ability to generate key pairs as well.

Change psa_crypto_rsa.c to only call mbedtls_rsa_gen_key() if
MBEDTLS_GENPRIME is also set. This restores the configuration behavior
present in Mbed TLS v2.24.0 and earlier versions.

It left as a future exercise to add the ability to PSA to be able to
express a desire for a software or accelerator configuration that
includes RSA key pair operations, like signature, but excludes key pair
generation.

Without this change, linker errors will occur when attempts to call,
which doesn't exist when MBEDTLS_GENPRIME is unset.
    psa_crypto_rsa.c.obj: in function `rsa_generate_key':
    psa_crypto_rsa.c:320: undefined reference to `mbedtls_rsa_gen_key'

Fixes #4512

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
 2021-05-20 17:08:59 +01:00
Gilles Peskine
e913174c8a
Merge pull request #4543 from gilles-peskine-arm/undefined-reference-3.0 
Fix missing compilation guard around psa_crypto_driver_wrappers.c
 2021-05-20 17:20:31 +02:00
Ronald Cron
49fef37ebf
Merge pull request #4342 from gilles-peskine-arm/gcm-update-any-length 
GCM: allow arbitrary lengths for update
Only the ABI-API-checking job failed and this is expected thus good to go.
 2021-05-20 15:08:55 +02:00
Mateusz Starzyk
17011a3185 Merge branch 'development' into convert_NO_SHA384_to_positive 
Conflicts:
	library/version_features.c
	programs/test/query_config.c

Files were removed in development branch and modified by current branch.
Conflicts fixes by removing them.
 2021-05-20 14:18:12 +02:00
Gilles Peskine
eb30b0cc39 Merge remote-tracking branch 'upstream-public/development' into no-generated-files-3.0 
Conflicts: generated files that are removed in this branch and have
changed in development. Resolved by keeping the files removed.
 2021-05-20 10:40:48 +02:00
Gilles Peskine
383339c1f1 Changelog entry for the requirement to generate source files 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-20 10:37:22 +02:00
Manuel Pégourié-Gonnard
729fa5be88
Merge pull request #4450 from mstarzyk-mobica/remove_null_entropy 
Remove MBEDTLS_TEST_NULL_ENTROPY config option.
 2021-05-20 09:19:55 +02:00
Gilles Peskine
1905a24488 Fix missing compilation guard around psa_crypto_driver_wrappers.c 
Fix #4411.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-19 21:06:01 +02:00
Manuel Pégourié-Gonnard
2213871654
Merge pull request #4489 from TRodziewicz/Remove__SSL_RECORD_CHECKING 
Remove  ssl record checking
 2021-05-19 13:57:51 +02:00
Ronald Cron
0e3ec27598
Merge pull request #4506 from gilles-peskine-arm/array-parameters-to-pointers-sha512 
Change sha256 and sha512 output type from an array to a pointer
 2021-05-19 12:37:17 +02:00
Mateusz Starzyk
d9a4c73c99 Add changelog entries for MBEDTLS_SHA224_C and MBEDTLS_SHA384_C. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-05-19 12:36:24 +02:00
Gilles Peskine
f09a66dd78
Merge pull request #4526 from gilles-peskine-arm/pr_4510-changelog 
Add changelog entry for #4510
 2021-05-19 11:58:03 +02:00
Mateusz Starzyk
86ead6aba3 Add changelog entries for SHA1 and SHA384 ciphersuites bugfixes. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-05-19 11:56:06 +02:00
Manuel Pégourié-Gonnard
5ca21db813 Fix misuse of MD API in SSL constant-flow HMAC 
The sequence of calls starts-update-starts-update-finish is not a
guaranteed valid way to abort an operation and start a new one. Our
software implementation just happens to support it, but alt
implementations may very well not support it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-19 10:33:40 +02:00
Gilles Peskine
a7a4306adf Fix build error when int32_t is not int 
Fix a pointer mismatch when int32_t is not int, for example on Cortex-M where
in32_t is long int. Fix #4530

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-18 16:43:43 +02:00
Gilles Peskine
e7e958b1f1
Merge pull request #4393 from gilles-peskine-arm/generate-tests-python3-make-2.x 
Use Python 3 instead of Python 2 to generate test files
 2021-05-18 13:30:36 +02:00
Hanno Becker
ea620864ac Fix formatting of changelog entry 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-18 08:36:36 +01:00
Hanno Becker
217715d32b Add ChangeLog entry 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-18 05:28:53 +01:00
Gilles Peskine
3eac612650 Add changelog entry for #4510 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-17 22:18:35 +02:00
Ronald Cron
fdcde47f36
Merge pull request #4458 from davidhorstmann-arm/remove-max-content-len 
Remove MBEDTLS_SSL_MAX_CONTENT_LEN option
 2021-05-17 16:36:04 +02:00
Manuel Pégourié-Gonnard
5605911fd3
Merge pull request #4447 from hanno-arm/ssl_config_cleanup 
Avoid and remove some SSL error codes for Mbed TLS 3.0
 2021-05-17 10:55:17 +02:00
Hanno Becker
9067148918 Add ChangeLog entry 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 20:13:57 +01:00
Paul Elliott
7bc45ebf13 Add Changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-14 19:03:26 +01:00
Hanno Becker
59b97bbe06 Fixup glitch in ChangeLog entry 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 17:12:15 +01:00
Hanno Becker
a808ec3f0d Add ChangeLog entry 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 17:10:15 +01:00
TRodziewicz
95f8f22c27 Migration guide added and ChangeLog clarified 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-14 14:07:51 +02:00
Gilles Peskine
d7b3d92476 Change sha256 output type from an array to a pointer 
The output parameter of mbedtls_sha256_finish_ret and mbedtls_sha256_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-224 hash into a
28-byte buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-13 00:46:29 +02:00
Gilles Peskine
e02e02f203 Change sha512 output type from an array to a pointer 
The output parameter of mbedtls_sha512_finish_ret and mbedtls_sha512_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-384 hash into a
48-byte buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-13 00:32:45 +02:00
eugene
b46d1a74f9 fix changelog entry 
Signed-off-by: eugene <eugene.kobyakov@netfoundry.io>
 2021-05-12 14:36:24 -04:00
eugene
e42a50da04 use proper formatting macros when using MinGW provided stdio 
add changelog entry

Signed-off-by: eugene <eugene.kobyakov@netfoundry.io>
 2021-05-12 12:59:30 -04:00
Ronald Cron
7dbcc3c794
Merge pull request #4470 from d3zd3z/fix-posix-define 
Check if feature macro is defined before define it
 2021-05-12 15:47:12 +02:00
TRodziewicz
102c89ed65 Remove the MBEDTLS_SSL_RECORD_CHECKING option 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-12 13:28:59 +02:00
David Brown
803d3e4c70 Add changelog for posix definition 
Signed-off-by: David Brown <david.brown@linaro.org>
 2021-05-11 12:44:40 -06:00
Mateusz Starzyk
72f60dfcc1 Remove MBEDTLS_TEST_NULL_ENTROPY config option. 
Building the library without entropy sources negates any and all security
provided by the library.
This option was originally requested a relatively long time ago and it
does not provide any tangible benefit for users any more.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-05-11 13:15:19 +02:00
David Horstmann
95d516f319 Remove MBEDTLS_SSL_MAX_CONTENT_LEN option 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-05-10 17:02:48 +01:00
Gilles Peskine
015109b066 Changelog entry for the removal of config-psa-crypto.h in 3.0 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-10 10:36:37 +02:00
Manuel Pégourié-Gonnard
b548cda1cf
Merge pull request #4397 from TRodziewicz/change_config_h_defaults 
Four config.h defaults have been changed.
 2021-05-07 12:42:39 +02:00
Manuel Pégourié-Gonnard
dd57b2f240
Merge pull request #4445 from TRodziewicz/remove_deprecated_things_-_remainder 
Remove deprecated functions and constants.
 2021-05-07 10:05:30 +02:00
Gilles Peskine
e0de27729e Changelog entry for no longer explicitly invoking python2 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-06 11:35:18 +02:00
TRodziewicz
c1c479fbe9 Fllow-up of the review: ChangeLog expansion, mmigration guides added and comments fixed 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-06 00:53:22 +02:00
Gilles Peskine
275b9b2ef4
Merge pull request #4402 from mpg/migration-guide-3.0 
Migration guide for 3.0
 2021-05-05 14:30:39 +02:00
Ronald Cron
98d00d06a0
Merge pull request #4426 from ronald-cron-arm/remove-enable-weak-ciphersuites 
Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option
 2021-05-04 17:20:36 +02:00
Ronald Cron
d5d04962ef Add change log and migration guide 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-05-04 15:59:10 +02:00
Manuel Pégourié-Gonnard
759f551010 Add a missing ChangeLog entry 
Was missed in https://github.com/ARMmbed/mbedtls/pull/4324

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-04 11:35:08 +02:00
Gilles Peskine
59d97a16d6
Merge pull request #4437 from gilles-peskine-arm/aes2crypt-removal-2.x 
Remove the sample program aescrypt2
 2021-04-30 11:15:22 +02:00
TRodziewicz
85dfc4de20 Applying current changes 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-30 00:07:04 +02:00
TRodziewicz
18efb73743 Remove deprecated functions and constants. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-29 23:12:19 +02:00
Ronald Cron
1a85d3b122
Merge pull request #4146 from stevew817/allow_skipping_3des_cmac_when_alt 
Allow CMAC self-test to skip tests for unsupported primitives (2)
 2021-04-29 16:04:39 +02:00
Gilles Peskine
85f023b007
Merge pull request #3950 from gilles-peskine-arm/dhm_min_bitlen-bits 
Enforce dhm_min_bitlen exactly
 2021-04-29 14:55:30 +02:00
Dave Rodgman
c86f330aed
Merge pull request #3777 from hanno-arm/x509-info-optimization_rebased 
Reduce ROM usage due to X.509 info
 2021-04-28 17:31:55 +01:00
Gilles Peskine
e67665ca20
Merge pull request #4006 from chris-jones-arm/development 
Add macro to check error code additions/combinations
 2021-04-28 16:47:29 +02:00
Tomasz Rodziewicz
e66f49c3ce
Merge branch 'development_3.0' into change_config_h_defaults 2021-04-28 16:37:27 +02:00
Gilles Peskine
98b3cd6b23 Remove the sample program aescrypt2 
The sample program aescrypt2 shows bad practice: hand-rolled CBC
implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key
stretching, no algorithm agility. The new sample program pbcrypt does
the same thing, but better. So remove aescrypt2.

Fix #1906

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-28 15:57:30 +02:00
Gilles Peskine
2c8041d6df
Merge pull request #4433 from bensze01/psa_aead_output_size 
[development] PSA: Update AEAD output buffer macros to PSA API version 1.0
 2021-04-28 13:30:40 +02:00
Bence Szépkúti
da95ef9ae0 Remove PSA AEAD output size compatibility macros 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-04-28 10:01:20 +02:00
Ronald Cron
3e7481e6a2
Merge pull request #4219 from stevew817/fix_missing_parenthesis 
Add missing parenthesis when MBEDTLS_ECP_NORMALIZE_MXZ_ALT is declared

@mpg comment has been addressed thus this can be merged.
 2021-04-28 08:35:00 +02:00
Hanno Becker
54dcf5e6c9 Add ChangeLog entry 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-27 17:20:56 +01:00
Dave Rodgman
0c37b4f826 Improve changelog entry for #4217 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-27 17:01:24 +01:00
Bence Szépkúti
58d8518eb1 Update changelog 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-04-27 04:41:43 +02:00
Dave Rodgman
12f93f4fc2
Merge pull request #4407 from ARMmbed/dev3_signoffs 
Merge development_3.0 into development
 2021-04-26 19:48:16 +01:00
TRodziewicz
87bfa20f1c Removing trailing space from ChangeLog file 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-26 20:08:53 +02:00
Dave Rodgman
10ba553c2e Update Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-26 16:23:22 +01:00
Dave Rodgman
ddb8ea6847 Fix Changelog entry 
Rename a Changelog.d file, so that it gets picked up as expected by
scripts/assemble_changelog.py.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-26 16:23:21 +01:00
Dave Rodgman
a00e8502c9 Documentation updates for Mbed TLS 3.0 
Update documentation to reflect the branch changes.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-26 16:23:21 +01:00
TRodziewicz
ede3085563 Add ChangeLog file and fix comment in config.h 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-26 15:44:25 +02:00
Ronald Cron
b5939e814e
Merge pull request #4160 from stevew817/feature/driver_builtin_keys 
Add implementation for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS

Merging as it has been ready for four days now and I prefer not having to go through other rebases especially given the coming change of scope of development (3.0 rather than 2.2x).
 2021-04-23 09:40:31 +02:00
Steven Cooreman
894b9c4635 Add documentation for change in CMAC self-test behaviour 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-04-23 08:19:43 +02:00
Tomasz Rodziewicz
9a97a13d3e
Merge branch 'development_3.0' into remove_depr_error_codes 2021-04-22 12:53:15 +02:00
Manuel Pégourié-Gonnard
f6b677ea98
Merge pull request #4349 from mpg/apply-4334-3.0 
Apply 4334 to development-3.0
 2021-04-22 12:42:40 +02:00
Tomasz Rodziewicz
7bdbc45275
Update issue4283.txt 
Corrections in the ChangeLog file after a review.
 2021-04-21 16:50:15 +02:00
Tomasz Rodziewicz
d6c246f5bf
Merge branch 'development_3.0' into remove_depr_error_codes 2021-04-21 12:31:43 +02:00
Mateusz Starzyk
f9c7b3eb11 Remove PKCS#11 library wrapper. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-04-21 11:05:00 +02:00
Manuel Pégourié-Gonnard
1cc91e7475
Merge pull request #4366 from gilles-peskine-arm/development_3.0-merge_2.x-20210419 
Merge development 2.x into 3.0 (Apr 19)
 2021-04-19 13:08:48 +02:00
Manuel Pégourié-Gonnard
16529bd439
Merge pull request #4344 from TRodziewicz/remove_deprecated_things_in_crypto_compat_h 
Remove deprecated things from crypto_compat.h and dependent tests.
 2021-04-19 10:55:21 +02:00
Gilles Peskine
ee259130e4 Merge branch 'development' into development_3.0 
Conflicts:
* visualc/VS2010/mbedTLS.vcxproj: resolved by re-generating the file
  with scripts/generate_visualc_files.pl.
 2021-04-19 10:51:59 +02:00
Manuel Pégourié-Gonnard
0bbb38c67e
Merge pull request #4199 from TRodziewicz/mul_shortcut_fix 
Fix ECDSA failing when the hash is all-bits-zero
 2021-04-19 09:54:12 +02:00
Mateusz Starzyk
bf4c4f9cd5 Reword changelog entry for removal of SHA-1 
from the default TLS configuration.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-04-16 18:39:10 +02:00
Mateusz Starzyk
a58625f90d Remove optional SHA-1 in the default TLS configuration. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-04-16 18:39:10 +02:00
Mateusz Starzyk
a17fb8eac8 Fix line lenghts in changelog entry for removal of old TLS features. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-04-16 10:32:17 +02:00
Gilles Peskine
295fc13ef3 Split mbedtls_gcm_update_ad out of mbedtls_gcm_starts 
The GCM interface now has separate functions to start the operation
and to pass the associated data.

This is in preparation for allowing the associated data to be passed
in chunks with repeatated calls to mbedtls_gcm_update_ad().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-15 21:34:33 +02:00
Gilles Peskine
a56c448636 Add output length parameters to mbedtls_gcm_update 
Alternative implementations of GCM may delay the output of partial
blocks from mbedtls_gcm_update(). Add an output length parameter to
mbedtls_gcm_update() to allow such implementations to delay the output
of partial blocks. With the software implementation, there is no such
delay.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-15 21:34:33 +02:00
Gilles Peskine
9461e45a17 Add output parameter to mbedtls_gcm_finish 
Alternative implementations of GCM may delay the output of partial
blocks from mbedtls_gcm_update(). Add an output parameter to
mbedtls_gcm_finish() to allow such implementations to pass the final
partial block back to the caller. With the software implementation,
this final output is always empty.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-15 18:41:38 +02:00
Gilles Peskine
441907ec30 Remove alignment requirement for mbedtls_gcm_update: documentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-15 18:41:38 +02:00
Bence Szépkúti
8072db2fcb Add changelog 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-04-15 17:32:16 +02:00
Steven Cooreman
5be864f645 Add changelog for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-04-15 15:06:52 +02:00
Mateusz Starzyk
c301bd56f0 Merge branch 'development_3.0' into drop_old_tls_options 2021-04-15 13:55:20 +02:00
Mateusz Starzyk
4222682672 Uniformize ChangeLog entries. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-04-15 13:34:04 +02:00
TRodziewicz
720b659ea1 Changelog added 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-15 12:35:05 +02:00
Manuel Pégourié-Gonnard
247745ffc4 Revert "Changelog added" 
This reverts commit 0961e3db49.

This was merged by mistake in development instead of development_3.0.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-04-15 12:27:04 +02:00
Chris Jones
fdb588b3a7 Fix an incorrect error code addition in pk_parse_key_pkcs8_unencrypted_der 
An incorrect error code addition was spotted by the new invasive testing
infrastructure whereby pk_get_pk_alg will always return a high level
error or zero and pk_parse_key_pkcs8_unencrypted_der will try to add
another high level error, resulting in a garbage error code.

Apply the same fix from ae3741e8a to fix the bug.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
 2021-04-15 11:19:56 +01:00
Manuel Pégourié-Gonnard
c039514559
Merge pull request #4334 from TRodziewicz/origin/remove_old_func_from_hashing 
Remove deprecated things from hashing modules
 2021-04-15 10:13:32 +02:00
TRodziewicz
06fe88e672 Changelog added. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-13 23:22:25 +02:00
TRodziewicz
29fd277f36 New line added at the end of the Changelog file. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-13 18:13:02 +02:00
TRodziewicz
53423c097e Changelog added 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-13 16:27:43 +02:00
TRodziewicz
0961e3db49 Changelog added 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-12 17:19:43 +02:00
Gilles Peskine
8f28c24b4a Explain the problem in more concrete terms 
Don't try to make the reader guess what a “negative zero” might mean.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-09 20:20:26 +02:00
Gilles Peskine
fd4fab0b24 mbedtls_mpi_read_string("-0") no longer produces a "negative zero" 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-09 17:13:15 +02:00
TRodziewicz
40de3c99c0 Fix Changelog, add separate test functions for hash of all-zero bits 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-07 19:16:18 +02:00
Dave Rodgman
bd069163be Fix line lengths in changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-07 16:38:31 +01:00
Dave Rodgman
73e3e2cb1a Merge remote-tracking branch 'origin/development' into development_new 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

Conflicts:
        include/mbedtls/check_config.h: nearby edits
	library/entropy.c: nearby edits
	programs/random/gen_random_havege.c: modification vs. removal
	programs/ssl/ssl_test_lib.h: nearby edits
	programs/test/cpp_dummy_build.cpp: nearby edits
	visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
            regenerated with scripts/generate_visualc_files.pl
 2021-04-07 16:31:09 +01:00
Gilles Peskine
7bc6a3749c
Merge pull request #3183 from meuter/development 
RSA PSS signature generation with the option to specify the salt length
 2021-04-06 21:36:06 +02:00
TRodziewicz
5feb6702dd Fix the Changelog and extend tests to cover the hash of all-bits zero 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-04-06 19:56:42 +02:00
Gilles Peskine
889828d0b4
Merge pull request #4279 from ronald-cron-arm/fix-invalid-id-error-code 
Fix error code when creating/registering a key with invalid id
 2021-04-06 18:46:30 +02:00
Ronald Cron
602f986511 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-04-01 14:55:04 +02:00
Gilles Peskine
e8a2fc8461 Enforce dhm_min_bitlen exactly, not just the byte size 
In a TLS client, enforce the Diffie-Hellman minimum parameter size
set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
minimum size was rounded down to the nearest multiple of 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-01 14:20:03 +02:00
Ronald Cron
2af9641a7d
Merge pull request #4198 from maulik-arm/maulik-arm/fix-4162 
PSA Update return code for non-existing key in various key operations
 2021-04-01 13:27:31 +02:00
Maulik Patel
f41be14269 Add Change log entry for bug fix. 
Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
 2021-04-01 10:01:32 +01:00
Gilles Peskine
bf792e0a82
Merge pull request #3616 from militant-daos/bug_3175 
Fix premature fopen() call in mbedtls_entropy_write_seed_file
 2021-03-30 17:33:08 +02:00
Steven Cooreman
a71e369f2d Add changelog entry for #4217 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-29 15:46:55 +02:00
Manuel Pégourié-Gonnard
4dfb83c0d7
Merge pull request #4164 from chris-jones-arm/move-internal-headers 
Unify internal headers in library/
 2021-03-29 11:18:54 +02:00
Chris Jones
8d2bc90b4e Add changelog entry for alt implementors 
Files available for use by alt implementations have been moved and renamed
so alt implementators should be told about the changes specific to them.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
 2021-03-19 15:17:23 +00:00
Chris Jones
d02f4c2e44 Reword move_internal_headers changelog entry 
Reword the changelog entry to tailor it for users of the library as
opposed to developers of the library.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
 2021-03-19 15:15:18 +00:00
TRodziewicz
782a7eab14 ecjpake_zkp_read() now returns ...BAD_INPUT_DATA when r len == 0 and test follows that 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-03-17 11:36:31 +01:00
Mateusz Starzyk
1aec64642c Remove certs module from mbedtls. 
Certs will be used only by tests and programs.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 15:51:25 +01:00
Mateusz Starzyk
e204dbf272 Drop support for MBEDTLS_SSL_HW_RECORD_ACCEL. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:49:54 +01:00
Mateusz Starzyk
7e37338dda Drop single-DES ciphersuites. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:49:54 +01:00
Mateusz Starzyk
5224e29f0e Drop support for RC4 TLS ciphersuites. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:49:54 +01:00
Mateusz Starzyk
a3a9984a5d Drop support for TLS record-level compression. 
Remove option MBEDTLS_ZLIB_SUPPORT.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:49:51 +01:00
Mateusz Starzyk
2012ed7560 Drop support for compatibility with our own previous buggy implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT). 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:19:09 +01:00
Mateusz Starzyk
06b07fb839 Drop support for SSLv3. 
Remove options: MBEDTLS_SSL_MINOR_VERSION_0 and
MBEDTLS_SSL_PROTO_SSL3).

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:19:05 +01:00
Ryan LaPointe
59244e87e1 Actually use the READ_TIMEOUT_MS in the sample DTLS client and server 
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
 2021-03-15 16:43:08 -04:00
Mateusz Starzyk
9e9ca1a738 Drop support for parsing SSLv2 ClientHello. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-15 11:40:28 +01:00
Dave Rodgman
e483a77c85
Merge pull request #816 from ARMmbed/development 
Merge recent commits from development into 2.26.0-rc
 2021-03-12 16:55:26 +00:00
Chris Jones
ca38fabf0c Add move_internal_headers changelog 
Signed-off-by: Chris Jones <christopher.jones@arm.com>
 2021-03-12 09:57:26 +00:00
Paul Elliott
9907e2c334 Improve wording of ChangeLog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-03-10 17:14:10 +00:00
Paul Elliott
3949065aef Fix incorrect case in changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-03-10 17:00:32 +00:00
Paul Elliott
6f21e11265 Add Changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-03-10 17:00:32 +00:00
paul-elliott-arm
0135516d55
Merge pull request #4203 from paul-elliott-arm/memsan_fix_build 
Fix memsan build with Clang 11
 2021-03-09 16:31:31 +00:00
Dave Rodgman
74755e484c Update Changelog for 2.26.0 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-03-08 18:35:44 +00:00
Dave Rodgman
b4fe1053e4 Add missing changelog entry 
Add missing changelog entry for 3698: Mark basic constraints critical
as appropriate.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-03-08 18:34:24 +00:00
Dave Rodgman
2d83ac100d Add a missing changelog entry 
Add a missing changelog entry for #3996: Allow loading external wrapped
keys.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-03-08 18:34:16 +00:00
Dave Rodgman
5cce6a24d0 Merge branch 'development-restricted' into mbedtls-2.26.0-rc 2021-03-08 17:01:24 +00:00
Gilles Peskine
e252868be4
Merge pull request #4067 from stevew817/feature/allow_multilength_aead 
Add support for key policies (MAC & AEAD)
 2021-03-08 15:04:17 +01:00
Paul Elliott
fb91a48616 Fix memsan build with clang 11 
Memsan build was reporting a false positive use of uninitialised memory
in x509_crt.c on a struct filled by an _stat function call. According to
the man pages, the element reported has to be filled in by the call, so
to be safe, and keep memsan happy, zero the struct first.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-03-05 14:24:03 +00:00
TRodziewicz
9edff740e1 Fix EC J-PAKE failing when the payload is all-bits-zero 
Fix function mbedtls_ecp_mul_shortcuts() to skip multiplication when m
is 0 and simply assignt 0 to R. Additionally fix ecjpake_zkp_read() to
return MBEDTLS_ERR_ECP_INVALID_KEY when the above condintion is met.

Fix #1792

Signed-off-by: TRodziewicz <rodziewicz@gmail.com>
 2021-03-04 18:19:48 +01:00
Paul Elliott
a5dce14291 Fixup changelog formatting 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-03-04 14:24:57 +00:00
Mateusz Starzyk
7d48b28218 Remove 1.3 to 2.0 transition helpers files. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-03 11:00:34 +01:00
Steven Cooreman
7de9e2db1f Language / verbiage fixes 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-01 16:03:39 +01:00
Steven Cooreman
5d81481a1c Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.data
 2021-03-01 16:00:31 +01:00
Steven Cooreman
caad49316b rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-01 16:00:31 +01:00
Steven Cooreman
ee18b1f5a4 Style and language updates after review 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-01 16:00:31 +01:00
Steven Cooreman
b3ce8156ce Add support for minimum-tag-length AEAD and MAC policies 
Includes tests.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.function
 2021-03-01 16:00:31 +01:00
Gilles Peskine
ddf4374879 Fix stack buffer overflow in net functions with large file descriptor 
Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout() when given a file descriptor that is beyond
FD_SETSIZE. The bug was due to not checking that the file descriptor
is within the range of an fd_set object.

Fix #4169

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-25 15:56:48 +01:00
Paul Elliott
b4e4bfdd00 Add Changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-02-25 10:47:56 +00:00
Gilles Peskine
b15832160b Make entropy double-free work 
Although the library documentation does not guarantee that calling
mbedtls_entropy_free() twice works, it's a plausible assumption and it's
natural to write code that frees an object twice. While this is uncommon for
an entropy context, which is usually a global variable, it came up in our
own unit tests (random_twice tests in test_suite_random).

Announce this in the same changelog entry as for RSA because it's the same
bug in the two modules.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-23 11:27:03 +01:00
Gilles Peskine
4337a9cb18 Document mutex usage for RSA 
The mutex is now initialized iff ver != 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-22 19:24:03 +01:00
Gilles Peskine
1226ecef01 Changelog entry for RSA mutex usage fix 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-22 19:24:03 +01:00
Gilles Peskine
71edf749e1 Changelog entry for DRBG mutex usage fix 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-22 19:24:03 +01:00
Dave Rodgman
d6ee36ed04
Merge pull request #4110 from gilles-peskine-arm/psa-external-random-in-mbedtls 
Expose the PSA RNG in mbedtls
 2021-02-22 14:47:29 +00:00
Gilles Peskine
d548d964db Clarify where mbedtls_psa_get_random might be useful 
Also fix some typos.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-16 15:46:06 +01:00
Gilles Peskine
e3ed802138 Expose mbedtls_psa_get_random() 
Expose whatever RNG the PSA subsystem uses to applications using the
mbedtls_xxx API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-16 15:39:48 +01:00
Gilles Peskine
bb86d0c61c
Merge pull request #3995 from stevew817/feature/psa_configurable_static_ram_usage 
Allow tweaking PSA_KEY_SLOT_COUNT
 2021-02-16 12:52:24 +01:00
Manuel Pégourié-Gonnard
baf4fc8c87
Merge pull request #4115 from mstarzyk-mobica/const_changelog 
Add changelog for applying missing const attributes to the API.
 2021-02-16 10:46:17 +01:00
Manuel Pégourié-Gonnard
495ef98b24
Merge pull request #3976 from devnexen/fbsd_dfly_upd 
Implements getrandom's wrapper for handful of BSD.
 2021-02-16 09:41:55 +01:00
Steven Cooreman
863470a5f9 Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-02-15 14:26:44 +01:00
David Carlier
4971c3fce7 Changelog entry. 
Signed-off-by: David Carlier <devnexen@gmail.com>
 2021-02-15 13:13:13 +00:00
Steven Cooreman
7976574f82 Allow tweaking PSA_KEY_SLOT_COUNT 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-02-15 13:58:27 +01:00
Gilles Peskine
59ad77032f
Merge pull request #4131 from paul-elliott-arm/fix_crypto_leak 
Fix memory leak in error case in psa_crypto
 2021-02-15 11:38:13 +01:00
Ronald Cron
5cd00d28bf
Merge pull request #4092 from ronald-cron-arm/psa-crypto-client 
Psa crypto client
 2021-02-15 10:46:35 +01:00
Paul Elliott
d17062e6bf Correct english in changelog. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-02-12 14:48:16 +00:00
Mateusz Starzyk
b22a31f805 Add changelog for applying missing const attributes to the API. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-02-11 17:13:12 +01:00
Mateusz Starzyk
0fdcc8eee9 Remove Havege module. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-02-11 14:17:07 +01:00
Bence Szépkúti
a63b20d28b Rename AEAD tag length macros 
This brings them in line with PSA Crypto API 1.0.0

PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
PSA_ALG_AEAD_WITH_TAG_LENGTH         -> PSA_ALG_AEAD_WITH_SHORTENED_TAG

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-02-11 11:39:31 +01:00
Paul Elliott
da3e7db495 Fix memory leak in error case in psa_crypto 
In psa_generate_derived_key_internal() an error case was returning
directly rather than jumping to the exit label, which meant that an
allocated buffer would not be free'd.

Found via coverity.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-02-09 19:03:47 +00:00
Ronald Cron
07907ae84e Add change log entry 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-02-09 15:36:14 +01:00
Gilles Peskine
2fa6b5f503 ECC import: more useful choice of INVALID_ARGUMENT vs NOT_SUPPORTED 
Attempting to create an ECC key with a curve specification that is not
valid can plausibly fail with PSA_ERROR_INVALID_ARGUMENT ("this is not
a curve specification at all") or PSA_ERROR_NOT_SUPPORTED ("this may
be a curve specification, but not one I support"). The choice of error
is somewhat subjective.

Before this commit, due to happenstance in the implementation, an
attempt to use a curve that is declared in the PSA API but not
implemented in Mbed TLS returned PSA_ERROR_INVALID_ARGUMENT, whereas
an attempt to use a curve that Mbed TLS supports but for which support
was disabled at compile-time returned PSA_ERROR_NOT_SUPPORTED. This
inconsistency made it difficult to write negative tests that could
work whether the curve is implemented via Mbed TLS code or via a
driver.

After this commit, any attempt to use parameters that are not
recognized fails with NOT_SUPPORTED, whether a curve with the
specified size might plausibly exist or not, because "might plausibly
exist" is not something Mbed TLS can determine.

To keep returning INVALID_ARGUMENT when importing an ECC key with an
explicit "bits" attribute that is inconsistent with the size of the
key material, this commit changes the way mbedtls_ecc_group_of_psa()
works: it now works on a size in bits rather than bytes, with an extra
flag indicating whether the bit-size must be exact or not.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-08 18:43:26 +01:00
Janos Follath
6a32ad83e3
Merge pull request #4094 from d-otte/development 
wrong RSA_PRV_DER_MAX_BYTES for odd MBEDTLS_MPI_MAX_SIZE
 2021-02-02 16:15:07 +00:00
Daniel Otte
da43d78017 adjusting Changelog entry for PR #4094 
Signed-off-by: Daniel Otte <d.otte@wut.de>
 2021-02-02 12:38:26 +01:00
Daniel Otte
21cbe4a494 adding entry file to ChangeLog.d for PR4094 
Signed-off-by: Daniel Otte <d.otte@wut.de>
 2021-02-01 18:47:22 +01:00
Gilles Peskine
c8a9177110 mbedtls_mpi_sub_abs: fix buffer overflow in error case 
Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
|A| - |B| where |B| is larger than |A| and has more limbs (so the
function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE).

Fix #4042

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-02-01 17:28:03 +01:00
Gilles Peskine
53943ca434
Merge pull request #3992 from stevew817/feature/ecp_no_fallback 
Add a flag for disabling software fallback in ecp.c
 2021-01-29 16:08:51 +01:00
Ronald Cron
318515b384
Merge pull request #3984 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size_renames 
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0
 2021-01-29 09:31:59 +01:00
gabor-mezei-arm
47278ee8f8
Add changelog entry 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-01-21 14:03:57 +01:00
Steven Cooreman
6226a12acc Documentation update for MBEDTLS_ECP_NO_FALLBACK 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-01-21 13:58:31 +01:00
Cédric Meuter
ff3db6a5cf Removed trailing whitespace 
Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
 2021-01-10 15:40:33 +01:00
Cédric Meuter
ad27fb03b5 Added changelog entry 
Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
 2021-01-10 13:33:14 +01:00
Steven Cooreman
97b4984657 Add a flag for disabling fallback in ecp.c 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-01-08 16:43:43 +01:00
Gilles Peskine
ae3741e8a4 Fix an incorrect error code if RSA private operation glitched 
mbedtls_rsa_private() could return the sum of two RSA error codes
instead of a valid error code in some rare circumstances:

* If rsa_prepare_blinding() returned  MBEDTLS_ERR_RSA_RNG_FAILED
  (indicating a misbehaving or misconfigured RNG).
* If the comparison with the public value failed (typically indicating
  a glitch attack).

Make sure not to add two high-level error codes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-01-06 18:22:40 +01:00
Gilles Peskine
a51e1dbe76
Merge pull request #3895 from gilles-peskine-arm/psa-external-random 
Alternative random generator support for PSA
 2021-01-06 17:09:11 +01:00
Manuel Pégourié-Gonnard
75fdd0640f
Merge pull request #3973 from stroebeljc/development 
Fixed seed variable concatenation pointer.
 2021-01-06 10:07:52 +01:00
stroebeljc
03ee3834a0 Updated change description as suggested by @gilles-peskine-arm. 
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
 2021-01-05 11:28:30 -06:00
Gilles Peskine
73d783244f
Merge pull request #3969 from frestr/bugfix/psa_close_key_leak 
PSA Crypto: Don't skip key data removal when SE driver is not in use
 2021-01-05 16:55:52 +01:00
stroebeljc
e67ba98581 Fixed verb tense in change log. 
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
 2021-01-04 18:19:29 -06:00
stroebeljc
2b50d78972 Fixed incorrect change log formatting. 
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
 2021-01-04 18:17:35 -06:00
stroebeljc
d4de1b5d4e Updated per comments from @gilles-peskine-arm. 
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
 2021-01-04 18:14:32 -06:00
ENT\stroej1
6a5f10cdc7 Added ChangeLog entry for related issue. 
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
 2020-12-24 12:39:13 -06:00
Fredrik Strupe
462aa575a4 PSA Crypto: Don't skip key data removal when SE driver is not in use 
Closing a wrapped key with the new SE driver interface while
MBEDTLS_PSA_CRYPTO_SE_C is also enabled leads to the key material not
being freed, even though an old SE driver is not in use, leading to a
memory leak. This is because a wrapped key is also considered external.

This commit extends the check for skipping by checking whether an
old-style SE driver is registered with the provided slot, in addition to
checking whether the key is external.

Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
 2020-12-17 11:05:36 +01:00
Bence Szépkúti
0bd9d226bc Add Changelog entry 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2020-12-16 15:02:50 +01:00
Janos Follath
7ac5fd1861 Assemble ChangeLog 
Executed scripts/assemble_changelog.py.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2020-12-09 15:03:46 +00:00
Janos Follath
248900d9b9 Fix Changelog format 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2020-12-09 15:03:03 +00:00
Janos Follath
debe71988f Add missing ChangeLog entries 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2020-12-09 15:02:45 +00:00
Janos Follath
a946dcf8b2 Merge branch 'development-restricted' into mbedtls-2.25.0r0-pr 2020-12-08 20:59:45 +00:00
Gilles Peskine
6d5c7bc69a
Merge pull request #3898 from paul-elliott-arm/fix_pem_write 
Remove Extraneous bytes from buffer post pem write
 2020-12-08 12:31:40 +01:00
Gilles Peskine
2b759626a9
Merge pull request #3948 from bensze01/update_psa_values 
Update the values of PSA Crypto API macros to version 1.0.0
 2020-12-08 11:03:33 +01:00
Bence Szépkúti
6879f42be4 Add changelog 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2020-12-08 00:24:41 +01:00
Paul Elliott
557b8d663a Remove Extraneous bytes from buffer post pem write 
In order to remove large buffers from the stack, the der data is written
into the same buffer that the pem is eventually written into, however
although the pem data is zero terminated, there is now data left in the
buffer after the zero termination, which can cause
mbedtls_x509_crt_parse to fail to parse the same buffer if passed back
in. Patches also applied to mbedtls_pk_write_pubkey_pem, and
mbedtls_pk_write_key_pem, which use similar methods of writing der data
to the same buffer, and tests modified to hopefully catch any future
regression on this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2020-12-07 17:29:42 +00:00
Ronald Cron
771090659e
Merge pull request #3393 from geecrypt/development 
Support set *_drbg reseed interval before seed
 2020-12-07 14:29:52 +01:00
Gilles Peskine
22a191199d NIST_KW in cipher: credit the reporter 
This issue was found by Guido Vranken's Cryptofuzz running on the
OSS-Fuzz platform.

Fix #3665

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-07 14:26:07 +01:00
Janos Follath
3aae5d4ed7
Merge pull request #781 from mpg/cipher-auth-crypt-restricted 
Fix buffer overflow with NIST-KW in cipher layer
 2020-12-07 12:58:36 +00:00
Janos Follath
7973e2b358
Merge pull request #772 from chris-jones-arm/development-restricted 
Fix Diffie-Hellman large key size DoS
 2020-12-07 09:28:55 +00:00
Gilles Peskine
e410bf7320 Add changelog entry for the memory management fixes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-12-06 22:32:02 +01:00
gacquroff
1bfeb8a837 Add changelog entry file for bugfix 2927 
Signed-off-by: gacquroff <gavina352@gmail.com>
 2020-12-03 12:28:25 -08:00
Chris Jones
add9948784 Fix whitespace in changelog entry 
Extra whitespace and a missing newline at end of file was causing an error with
`check_files.py`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
 2020-12-03 15:45:29 +00:00
Manuel Pégourié-Gonnard
6df90523e1 Add ChangeLog entries for auth_crypt changes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2020-12-03 13:00:58 +01:00
Gilles Peskine
227366b4b0 Merge branch 'development' into development-restricted 2020-12-03 12:39:44 +01:00
Gilles Peskine
54a6f23393
Merge pull request #3930 from ccvca/fix_missing_argument 
Fix: Add missing arguments to debug message.
 2020-12-03 12:29:03 +01:00
Gilles Peskine
a282984c3d
Merge pull request #773 from paul-elliott-arm/discrepancy_cert 
Add missing tag check to signature check on certificate load
 2020-12-03 12:19:39 +01:00
Manuel Pégourié-Gonnard
489c058b52 Merge branch 'development' into development-restricted 
* development: (488 commits)
  Fix removal of deprecated PSA constants
  Use GitHub-compatible table formatting
  Remove psa header files in uninstall part
  Change function casting in `ssl_calc_finished_tls_sha384`
  Fix GCC warning in `ssl_calc_finished_tls_sha384`
  Add changelog entry file to `ChangeLog.d`
  Fix GCC warning in `ssl_calc_finished_tls_sha384`
  Fix GCC warning about `test_snprintf`
  Fix mismatched function parameters (prototype/definition)
  Fix build failure on gcc-11
  Copyediting
  Clarifications around key import
  Fix copypasta
  A variable is unused in some configurations
  Rename test_driver_keygen to test_driver_key_management
  Move "internal use" sentence attached to the wrong function
  Added changelog
  Plug in the entry point for public key export through driver
  tests: psa: Reset key attributes where needed
  Improve/fix documentation
  ...
 2020-12-03 09:59:42 +01:00
Chris Jones
16187a21be Add ChangeLog entry for modular exponentiation size limit 
Signed-off-by: Chris Jones <christopher.jones@arm.com>
 2020-12-02 15:25:27 +00:00
Christian von Arnim
883d304785
Fix: Add missing arguments to debug message. 
Signed-off-by: Christian von Arnim <christian.von-arnim@isw.uni-stuttgart.de>
 2020-12-02 10:13:02 +01:00
Paul Elliott
ca17ebfbc0 Add tag check to cert algorithm check 
Add missing tag check for algorithm parameters when comparing the
signature in the description part of the cert against the actual
signature whilst loading a certificate. This was found by a
certificate (created by fuzzing) that openssl would not verify, but
mbedtls would.

Regression test added (one of the client certs modified accordingly)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2020-11-26 16:34:16 +00:00
Gilles Peskine
436400eec3 Handle random generator failure in mbedtls_mpi_fill_random() 
Discuss the impact in a changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-11-25 17:30:46 +01:00
Rodrigo Dias Correa
683028a2f7 Add changelog entry file to ChangeLog.d 
Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
 2020-11-25 01:13:12 -03:00
Gilles Peskine
68cc434c11 PSA support for HMAC_DRBG: changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-11-23 17:42:54 +01:00
Gilles Peskine
9aaa3e164a
Merge pull request #3786 from stevew817/feature/generate_pubkey_in_driver 
Add export_public_key entry point for drivers
 2020-11-23 11:54:53 +01:00