David Horstmann
b6ff8a2c4b
Add ChangeLog entry for string-to-OID parsing
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-04-26 12:10:36 +01:00
Przemek Stekiel
6cec5e9d9e
Add changelog entry (PSA initialization in sample programs)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-24 08:03:30 +02:00
Gilles Peskine
935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip
...
x509 SAN IP parsing
2023-04-21 22:00:58 +02:00
Ronald Cron
f54762e498
Merge pull request #7415 from Harshal5/fix/declaration_of_mbedtls_ecdsa_sign_det_restartable_function
...
ecdsa: fix `-missing-prototypes` warning when `MBEDTLS_ECDSA_SIGN_ALT` is defined
2023-04-17 15:41:25 +02:00
harshal.patil
8c77644906
ecdsa: fix -missing-prototypes
warning when MBEDTLS_ECDSA_SIGN_ALT
is defined
...
- In `mbedtls/v3.4.0`, ECDSA restartable sign and verify functions (`ecdsa.c`) were made public.
- But the `mbedtls_ecdsa_sign_det_restartable` function prototype was declared in the file `ecdsa.h`,
only when `MBEDTLS_ECDSA_SIGN_ALT` is not defined.
Signed-off-by: harshal.patil <harshal.patil@espressif.com>
2023-04-17 12:53:00 +05:30
Eugene K
3208b0b391
add IP SAN tests changes per mbedTLS standards
...
Signed-off-by: Eugene K <eugene.kobyakov@netfoundry.io>
2023-04-11 08:29:42 -04:00
Gilles Peskine
7c1c7ce90e
Merge pull request #7401 from AndrzejKurek/md-guards-missing
...
Add missing md.h includes
2023-04-11 09:32:17 +02:00
Ronald Cron
4d31496294
Update TLS 1.3 documentation and add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Andrzej Kurek
468a99ed0b
Add a changelog entry
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-06 03:04:15 -04:00
toth92g
d96027acd2
Correcting documentation issues:
...
- Changelog entry is Feature instead of API Change
- Correcting whitespaces around braces
- Also adding defensive mechanism to x509_get_subject_key_id
to avoid malfunction in case of trailing garbage
Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
toth92g
27f9e7815c
Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields
...
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates
Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
Manuel Pégourié-Gonnard
86d5d4bf31
Merge pull request #7103 from valeriosetti/issue6622
...
Some MAX_SIZE macros are too small when PSA ECC is accelerated
2023-04-03 16:23:27 +02:00
Valerio Setti
3a3a756431
adding missing newline at the end of changelog file
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-03 10:55:29 +02:00
Valerio Setti
0a7ff791a6
add Changelog
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-03 09:18:41 +02:00
Dave Rodgman
b8f5ba826b
Merge pull request #6891 from yuhaoth/pr/add-milliseconds-platform-function
...
Add milliseconds platform time function
2023-03-31 11:47:37 +01:00
Andrzej Kurek
9fa1d25aeb
Add changelog entry for directoryname SAN
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:38:47 -04:00
Paul Elliott
d01a3bca05
Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback
...
Mbed TLS 3.4.0
2023-03-27 18:09:49 +01:00
Manuel Pégourié-Gonnard
a71594538f
Add a ChangeLog entry for driver-only hashes
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:44:59 +01:00
Przemek Stekiel
ebfeb172ee
Add change log entry (j-pake user/peer accept any values)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 13:37:18 +01:00
Paul Elliott
dbe435cda0
Assemble Changelog for 3.4.0 release
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-23 10:46:10 +00:00
Tom Cosgrove
4903139bc4
Add security entry to ChangeLog for AES-NI
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-22 17:43:40 +00:00
Tom Cosgrove
a9c58584be
Add security entry to ChangeLog for AES-CE
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-22 17:42:17 +00:00
Paul Elliott
e214827347
Add TLS1.2 Opaque ECJPAKE changelog entry
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-22 15:03:32 +00:00
Valerio Setti
89029e7366
changelog: fix description for ECDH changes
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
8427b56d71
added changelog for accelerated ECDH changes
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Paul Elliott
1b5957165a
Add Changelog for PSA to Mbed TLS error translation unification
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-21 16:38:31 +00:00
Tom Cosgrove
c4d759b697
Update AESCE changelog entry
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-21 16:31:18 +00:00
Tom Cosgrove
dcc0ee1a1e
Update changelog entry, splitting into two sections
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-21 15:52:20 +00:00
Jerry Yu
8d3fa9bd7b
Add changelog entry for #6932 and #7203
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-21 15:52:08 +00:00
Paul Elliott
3201f56952
Rename misnamed changelog entries
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-21 15:46:33 +00:00
Paul Elliott
f1eb5e2a04
Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-21 15:35:17 +00:00
Dave Rodgman
3543806026
Merge pull request #7190 from yanrayw/6197_rsa_get_padding_hashID
...
RSA: provide interface to retrieve padding mode and hash_id
2023-03-20 18:34:53 +00:00
Dave Rodgman
d3b6e92967
Merge pull request #997 from gilles-peskine-arm/aesni-intrinsics
...
Implement AESNI with intrinsics
2023-03-20 18:20:51 +00:00
Manuel Pégourié-Gonnard
e9a60224fd
Add ChangeLog entry for driver-only EC J-PAKE
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-20 10:03:55 +01:00
Yanray Wang
b46ccf235c
fix line length of ChangeLog
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-20 12:41:10 +08:00
Dave Rodgman
f992e6fe38
Changelog for AESCE support
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-17 17:52:38 +00:00
Dave Rodgman
8a7ed6951d
Changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 18:58:11 +08:00
Paul Elliott
9f02a4177b
Merge pull request #7009 from mprse/csr_write_san
...
Added ability to include the SubjectAltName extension to a CSR - v.2
2023-03-17 10:07:27 +00:00
Gilles Peskine
74b4223c81
Announce the expanded AESNI support
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 17:50:15 +01:00
Dave Rodgman
680dbd46ae
Merge pull request #7270 from DemiMarie/oid-fix
...
Fix segfault in mbedtls_oid_get_numeric_string
2023-03-16 12:21:36 +00:00
Demi Marie Obenour
889534a4d2
Fix segfault in mbedtls_oid_get_numeric_string
...
When passed an empty OID, mbedtls_oid_get_numeric_string would read one
byte from the zero-sized buffer and return an error code that depends on
its value. This is demonstrated by the test suite changes, which
check that an OID with length zero and an invalid buffer pointer does
not cause Mbed TLS to segfault.
Also check that second and subsequent subidentifiers are terminated, and
add a test case for that. Furthermore, stop relying on integer division
by 40, use the same loop for both the first and subsequent
subidentifiers, and add additional tests.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-03-16 01:06:41 -04:00
Gilles Peskine
2a44ac245f
Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api
...
ssl_cache: Add cache entry removal api
2023-03-15 15:38:06 +01:00
Janos Follath
0086f8626a
Add changelog entry
...
PR7083 silently fixed a security vulnerability in public, this commit
adds a changelog entry for it.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-15 13:31:48 +00:00
Dave Rodgman
a94c90d30d
Merge pull request #7282 from gilles-peskine-arm/changelog-6567-psa_key_derivation_abort-no-other_secret
...
Add changelog entry for a bug in non-PAKE code fixed during PAKE work
2023-03-15 09:27:33 +00:00
Manuel Pégourié-Gonnard
18336dace2
Merge pull request #7196 from mprse/ecjpake-driver-dispatch-peer-user
...
EC J-PAKE: partial fix for role vs user+peer
2023-03-15 09:37:30 +01:00
Pengyu Lv
db47f2fbd4
Add changelog entry for new API
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-15 15:01:36 +08:00
Gilles Peskine
51b2868f3c
Add changelog entry for a bug in non-PAKE code fixed during PAKE work
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-14 21:41:54 +01:00
Gilles Peskine
215ecd0439
Merge pull request #7252 from daverodgman/enable_pkcs7
...
Enable PKCS 7
2023-03-14 10:39:50 +01:00
Paul Elliott
e4622a3436
Merge remote-tracking branch 'development/development' into development-restricted
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-13 17:49:32 +00:00
Przemek Stekiel
a11c1d141e
Reword change log entry
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-13 16:21:40 +01:00
Dave Rodgman
756b028511
Merge pull request #7171 from daverodgman/pr5527
...
Fix undefined behavior in ssl_read if buf parameter is NULL
2023-03-13 10:46:29 +00:00
Jerry Yu
3373ccaa18
Update changelog
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-13 11:39:43 +08:00
Przemek Stekiel
8b429ba414
Add change log entry (EC j-pake driver dispatch)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
9cc1786e46
Add chenage log entry for j-pake user/peer partial fix
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:20 +01:00
Dave Rodgman
957cc36be9
Improve wording; use PKCS #7 not PKCS7
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
3fe2abf306
Apply suggestions from code review
...
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
d12b592bc1
Changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Manuel Pégourié-Gonnard
c2495f78e6
Add a ChangeLog entry for driver-only ECDSA
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:16 +01:00
Przemek Stekiel
89e268dfb9
Add change log entry (SubjectAltName extension in CSR)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-09 14:04:17 +01:00
Dave Rodgman
4693fd9e9e
Merge pull request #7173 from daverodgman/zeroize-platform
...
Use platform-provided secure zeroization
2023-03-06 09:16:12 +00:00
Pol Henarejos
f61d6c0a2b
Merge branch 'development' into sha3
2023-03-04 00:03:06 +01:00
Dave Rodgman
1f39a62ce6
Merge pull request #7151 from gilles-peskine-arm/psa-headers-alt
...
Allow alternative names for overridable PSA headers
2023-03-03 12:37:51 +00:00
Jerry Yu
8049346989
Add change log entry for mbedtls_ms_time
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-03 11:19:07 +08:00
Gilles Peskine
cc29bfd92a
Bug fixes from the split of ssl_handle_hs_message_post_handshake
...
The split of ssl_handle_hs_message_post_handshake() into
ssl_tls12_handle_hs_message_post_handshake() and
ssl_tls13_handle_hs_message_post_handshake() fixed some user-visible bugs.
Add a changelog entry for those bugs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-01 19:49:58 +01:00
Dave Rodgman
dd4427cc5b
Merge pull request #7169 from AndrzejKurek/mpi-window-size
...
Reduce the default MBEDTLS_ECP_WINDOW_SIZE value from 6 to 2
2023-02-27 17:12:38 +00:00
Paul Elliott
ac2251dad1
Merge pull request #7076 from mprse/parse_RFC822_name
...
Add parsing of x509 RFC822 name + test
2023-02-27 14:16:13 +00:00
Dave Rodgman
bf0597f804
Changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 17:45:41 +00:00
Dave Rodgman
fd8929cfd1
Improve changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 15:57:30 +00:00
Ashley Duncan
88240e769f
Added changelog entry.
...
Signed-off-by: Ashley Duncan <ashley.duncan@evnex.com>
2023-02-24 15:57:30 +00:00
Andrzej Kurek
86f30ff626
Reduce the default MBEDTLS_ECP_WINDOW_SIZE value to 2
...
As tested in https://github.com/Mbed-TLS/mbedtls/issues/6790 ,
after introducing side-channel counter-measures to bignum,
the performance of RSA decryption in correlation to the
MBEDTLS_ECP_WINDOW_SIZE has changed.
The default value of 2 has been chosen as it provides best
or close-to-best results for tests on Cortex-M4 and Intel i7.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-24 07:51:21 -05:00
Paul Elliott
a3b625b0a1
Merge pull request #7098 from gilles-peskine-arm/retval-non-empty
...
Pacify Clang 15 about empty \retval
2023-02-24 09:10:53 +00:00
Gilles Peskine
b1176f2583
Allow alternative names for overridden PSA headers
...
Integrators of Mbed TLS may override the header files
"psa/crypto_platform.h" and "psa/crypto_struct.h" by overwriting the files
or by placing alternative versions earlier in the include file search path.
These two methods are sometimes inconvenient, so allow a third method which
doesn't require overwriting files or having a precise order for the include
path: integrators can now specify alternative names for the headers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-22 22:07:28 +01:00
Gilles Peskine
ffb92b0789
Merge pull request #7105 from davidhorstmann-arm/fix-oid-printing-bug
...
Fix bugs in OID to string conversion
2023-02-21 23:16:44 +01:00
Gilles Peskine
250a5ac4cb
Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle
...
Implement PSA interruptible sign/verify hash
2023-02-21 15:13:34 +01:00
Ronald Cron
d89360b87b
Fix and improve documentation, comments and logs
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-02-21 14:57:25 +01:00
Przemek Stekiel
d7820b7026
Add change log entry: SAN rfc822Name
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-20 15:09:50 +01:00
Ronald Cron
675d97d42e
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-02-20 11:42:19 +01:00
Manuel Pégourié-Gonnard
718eb4f190
Merge pull request #7025 from AndrzejKurek/uri_san
...
Add the uniformResourceIdentifier subtype for the subjectAltName
2023-02-20 11:29:59 +01:00
Paul Elliott
e04e15b766
Add Changelog entry
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
David Horstmann
21b8387929
Add ChangeLog for OID-to-string fixes
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-15 13:07:49 +00:00
Gilles Peskine
4386cf188d
Changelog entry for pacifying clang -Wdocumentation about \retval
...
Fixes #6960
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-14 19:26:56 +01:00
Paul Elliott
1748de160a
Fix IAR Warnings
...
IAR was warning that conditional execution could bypass initialisation of
variables, although those same variables were not used uninitialised.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-13 15:35:35 +00:00
Andrzej Kurek
3e8f65a7e2
Add a changelog entry for URI SAN parsing
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-13 10:21:20 -05:00
Gilles Peskine
928593f732
Merge pull request #7041 from gilles-peskine-arm/pk_ext-pss_options-public
...
Make the fields of mbedtls_pk_rsassa_pss_options public
2023-02-10 15:08:06 +01:00
Gilles Peskine
b8531c4b0b
Merge pull request #6882 from AndrzejKurek/x509_san_parsing_testing-dev
...
X.509: Fix bug in SAN parsing and enhance negative testing
2023-02-10 15:05:32 +01:00
Manuel Pégourié-Gonnard
cf1c16af6e
Merge pull request #6925 from gilles-peskine-arm/coding-style-doc
...
Switch to the new coding style: documentation
2023-02-10 10:05:27 +01:00
Pol Henarejos
4e747337ee
Merge branch 'development' into sha3
...
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-02-07 19:55:31 +01:00
Hanno Becker
dc0e8b92f8
Add a ChangeLog entry
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:10:29 -05:00
Gilles Peskine
4c77601832
Merge pull request #6975 from davidhorstmann-arm/c-build-helper-improvements
...
Minor improvements to `c_build_helper.py`
2023-02-07 10:25:59 +01:00
Dave Rodgman
94c9c96c94
Merge pull request #6998 from aditya-deshpande-arm/fix-example-programs-usage
...
Fix incorrect dispatch to USAGE in example programs, which causes uninitialized memory to be used
2023-02-06 09:53:50 +00:00
Gilles Peskine
0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3
...
Parsing v3 extensions from a CSR - v.2
2023-02-03 16:41:11 +01:00
Gilles Peskine
34c43a871f
Make the fields of mbedtls_pk_rsassa_pss_options public
...
This makes it possible to verify RSA PSS signatures with the pk module,
which was inadvertently broken since Mbed TLS 3.0. Fixes #7040 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-02 23:06:37 +01:00
Aditya Deshpande
3b18a29c13
Amend changelog entry
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-02-02 09:06:00 +00:00
David Horstmann
a43e332fe4
Fix near-tautological repetition in ChangeLog
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-01 13:39:57 +00:00
Gilles Peskine
a193986aab
Merge pull request #6942 from ucko/2023a-bignum
...
mbedtls_mpi_sub_abs: Skip memcpy when redundant (#6701 ).
2023-02-01 11:36:25 +01:00
Aaron M. Ucko
a2b674f9a7
Simplify ChangeLog entry for mbedtls_mpi_sub_abs fix.
...
Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>
2023-01-31 15:31:18 -05:00
Aditya Deshpande
d05aa0fc60
Add changelog entry
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 17:22:07 +00:00
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843
...
Improve X.509 cert writing serial number management
2023-01-30 13:08:57 +01:00
David Horstmann
6fcc77cf5e
Add ChangeLog for c_build_helper improvements
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-27 19:53:49 +00:00
Przemek Stekiel
3022370896
Add changelog entry for V3 extensions in CSR
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-27 16:06:08 +01:00
Manuel Pégourié-Gonnard
169d9e6eb4
Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215
...
Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS
2023-01-27 10:05:00 +01:00
Valerio Setti
af4815c6a4
x509: replace/fix name of new function for setting serial
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-26 17:43:09 +01:00
Dave Rodgman
fd09b31011
Add Changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 11:41:43 +00:00
Gilles Peskine
bb3814c7a8
Reject key agreement chained with PSA_ALG_TLS12_ECJPAKE_TO_PMS
...
The key derivation algorithm PSA_ALG_TLS12_ECJPAKE_TO_PMS cannot be
used on a shared secret from a key agreement since its input must be
an ECC public key. Reject this properly.
This is tested by test_suite_psa_crypto_op_fail.generated.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:23 +01:00
Gilles Peskine
ecaa7ca507
Add missing supported algorithm to psa/crypto_config.h
...
The following shell command lists features that seem to be supported, but
are missing from include/psa/crypto_config.h:
```
for x in $(grep -ho -Ew '(PSA_WANT|MBEDTLS_PSA_BUILTIN)_\w+_\w+' library/psa_crypto*.c | sed 's/^MBEDTLS_PSA_BUILTIN/PSA_WANT/' | sort -u); do grep -qw $x include/psa/crypto_config.h || echo $x; done
```
This looks for PSA_WANT_<kind>_<thing> macros that gate a part of the
library, as well as their MBEDTLS_PSA_BUILTIN_<kind>_<thing> counterparts.
This is not necessarily a complete list of identifiers that must appear
in the config file, since a few features are not gated.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:18 +01:00
Aaron M. Ucko
af67d2c1cf
mbedtls_mpi_sub_abs: Skip memcpy when redundant ( #6701 ).
...
In some contexts, the output pointer may equal the first input
pointer, in which case copying is not only superfluous but results in
"Source and destination overlap in memcpy" errors from Valgrind (as I
observed in the context of ecp_double_jac) and a diagnostic message
from TrustInSoft Analyzer (as Pascal Cuoq reported in the context of
other ECP functions called by cert-app with a suitable certificate).
Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>
2023-01-17 11:52:22 -05:00
Gilles Peskine
12f4122068
Announce coding style change in the changelog
...
It doesn't affect users, but it affects some other external consumers of the
library.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-13 12:04:14 +01:00
Valerio Setti
791bbe629d
programs: improved cert_write serial management
...
Now it can accept serial both as decimal and hex number (only one format
at a time, of course, not simultaneously).
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
ea19d2db73
changelog: fixed typos
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
903b6aa87d
Changelog: list changes in x509write_crt module
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Dave Rodgman
05bdb13be3
Update README and add changelog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-11 18:56:11 +00:00
Ronald Cron
83c5ad4873
Merge pull request #6787 from yuhaoth/pr/workaround-gnutls_anti_replay_fail
...
TLS 1.3: EarlyData: Workaround anti replay fail from GnuTLS
2023-01-11 09:05:36 +01:00
Gilles Peskine
f9c8d76db6
Merge pull request #6893 from tom-daubney-arm/modify_generate_errors_script
...
Make generate_errors.pl handle directory names containing spaces when opening files
2023-01-10 22:09:58 +01:00
Dave Rodgman
bbbd803c2e
Add Changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-10 10:08:12 +00:00
Thomas Daubney
1efe4a874d
Add ChangeLog entry
...
Add ChangeLog entry documenting bugfix.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-01-10 09:35:39 +00:00
Jerry Yu
3e60cada5d
Improve comment and changlog
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-10 14:58:08 +08:00
Jerry Yu
99e902f479
Add changlog entry.
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-07 20:20:35 +08:00
Manuel Pégourié-Gonnard
7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702
...
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
2023-01-03 09:36:58 +01:00
Valerio Setti
62e1ebbbc7
changelog: fix text error
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-28 13:28:42 +01:00
Valerio Setti
fe6c19b69c
added changelog file for PR #6784
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-22 15:05:27 +01:00
Manuel Pégourié-Gonnard
2510dd41bf
Merge pull request #6282 from gstrauss/sw_derive_y
...
mbedtls_ecp_point_read_binary from compressed fmt
2022-12-22 10:20:31 +01:00
Dave Rodgman
2038da9266
Merge pull request #6826 from daverodgman/fix_gettimeofday
...
Fix gettimeofday overflow
2022-12-20 16:01:53 +00:00
Dave Rodgman
327b69c8a2
Add Changelog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-20 13:16:34 +00:00
Gilles Peskine
d1dd41f3fc
Merge pull request #6723 from mpg/restartable-vs-use-psa
...
Document ECP_RESTARTABLE and make it compatible with USE_PSA
2022-12-15 19:47:44 +01:00
Dave Rodgman
01f6e61781
Merge pull request #986 from Mbed-TLS/merge-back-3.3.0-3
...
Merge back 3.3.0 3
2022-12-14 19:18:05 +00:00
Manuel Pégourié-Gonnard
ebf322ddf6
Merge pull request #6629 from concatime/cmake-config-dir
...
Install CMake files in MbedTLS dir
2022-12-14 10:30:52 +01:00
Manuel Pégourié-Gonnard
a9ac61203b
Merge pull request #6666 from daverodgman/fast_unaligned
...
Fast unaligned memory access macros
2022-12-12 12:18:17 +01:00
Dave Rodgman
852191e0b5
Improve Changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-09 14:24:33 +00:00
Manuel Pégourié-Gonnard
67bad73e87
Add a ChangeLog entry for the ECDSA deterministic change
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:34 +01:00
Dave Rodgman
69591e9207
Assemble changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-08 14:59:54 +00:00
Dave Rodgman
a5b2c52885
Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-3.3.0rc0-pr
2022-12-08 14:10:59 +00:00
Dave Rodgman
b74aa5a224
Add Changelog for Arm compile fix
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-08 13:43:08 +00:00
Dave Rodgman
98be95563d
Merge pull request #6689 from gilles-peskine-arm/changelog-20221129-pre-3.3
...
Changelog improvements for 3.3
2022-12-06 13:37:24 +00:00
Gilles Peskine
77d3057c6d
More grammar fixes
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-06 11:25:09 +01:00
Dave Rodgman
acbb6dc364
Merge remote-tracking branch 'origin/development' into merge-dev
2022-12-05 10:59:23 +00:00
Issam E. Maghni
760f3a0a48
Install CMake files in MbedTLS dir
...
Right now, CMake files are installed in <prefix>/cmake. That being said,
it gets easily bloated, and the standard is to use a directory with the
same name as the project.
I discovered this issue with this "bug":
https://github.com/termux/termux-packages/issues/12416
The issue's author claimed that MbedTLS's files were not installed in
the lib directory. But the patch applied by termux team broke CMake's
search of MbedTLS config files. So I wanted to upstream the real fix
here instead.
Here are some examples of projects using directories:
- https://github.com/xiph/flac/blob/1.4.2/CMakeLists.txt#L239
- https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.15.2/CMakeLists.txt#L675
- https://github.com/catchorg/Catch2/blob/v3.2.0/CMakeLists.txt#L62
- https://github.com/capnproto/capnproto/blob/v0.10.2/c++/CMakeLists.txt#L162
Signed-off-by: Issam E. Maghni <issam.e.maghni@mailbox.org>
2022-12-04 03:00:38 +00:00
Gilles Peskine
cf0074b2c8
More wording improvements
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:52 +01:00
Gilles Peskine
afb15206b5
Wording clarification
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:52 +01:00
Gilles Peskine
f3cc9d925f
Improve "codegen 1.1" entry
...
"version 1.1 of #5137 " is not meaningful to users, only as an internal
project milestone. Explain what this means from a user's point of view.
Announce the requirement for jsonschema in the proper section, which is
"Requirement changes". Mention jinja2 and basic.requirements.txt which
had not previously been explicitly mentioned in the changelog.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:52 +01:00
Gilles Peskine
723bee67b2
Wrap lines to 79 columns max
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:52 +01:00
Gilles Peskine
5ba1697e8a
Put behavior change in the correct category
...
"Changes" is for miscellaneous stuff that doesn't affect backward
compatibility.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:52 +01:00
Gilles Peskine
6593c7e1cb
Clarify PSS sigalg entry
...
If my understanding is correct (to be confirmed in review), this is a new
feature which was not particularly desired on its own but was the simplest
way to fix an interoperability issue in TLS 1.2 caused accidentally by
the work on TLS 1.3.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:52 +01:00
Gilles Peskine
29a56a1251
Clarify ASN.1 entry named data free functions
...
Mention the name of the new functions in the "Features" entry. Clarify what
they're for (there's no structure called mbedtls_x509_named_data, it's
mbedtls_asn1_named_data, but that name isn't so important here since we've
mentioned the names of the functions).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:52 +01:00
Gilles Peskine
6d069afe6b
Clarify that these two entries are about CMake
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:52 +01:00
Gilles Peskine
20c1f03dd5
Improve wording, punctuation, etc.
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 19:56:47 +01:00
Dave Rodgman
bc5f03dabc
Disable PKCS7 by default; improve docs
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-01 18:32:23 +00:00
Paul Elliott
266f79c136
Merge pull request #6426 from aditya-deshpande-arm/driver-wrapper-key-agreement
...
Add driver dispatch layer for raw key agreement, along with test call for transparent drivers.
2022-12-01 11:40:52 +00:00
Dave Rodgman
7f62f36f82
Add changelog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-01 09:44:31 +00:00
Aditya Deshpande
5484e96117
Add changelog entry
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-11-30 15:56:42 +00:00
Gilles Peskine
787c79dc1a
Remove changelog entry for an internal change
...
We removed internal code left over after removing a feature in Mbed TLS 3.0.
The removal of the internal code is not user-visible.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-29 22:27:03 +01:00
Gilles Peskine
d622c7de56
Changelog entry files must have a .txt extension
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-29 22:18:05 +01:00
Manuel Pégourié-Gonnard
37d41c79b8
Add ChangeLog entry for DTLS Connection ID
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-29 10:20:15 +01:00
Andrzej Kurek
a6ab9d8b12
Add a changelog entry explaining usage of PSA in TLS 1.2 EC J-PAKE
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-11-28 03:55:27 -05:00
Gilles Peskine
898db6b8e5
Move ssl_debug_helpers_generated to the correct library
...
This is a private interface only, so it's an ABI change but not an API change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-26 14:15:32 +01:00
Dave Rodgman
bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0
...
Fix NULL+0 undefined behavior in PSA crypto ECB
2022-11-25 17:07:46 +00:00
Bence Szépkúti
6e85673e8d
Merge pull request #3431 from naynajain/development-pkcs7
...
PKCS7 Parser - RFC 2315
2022-11-25 15:55:46 +01:00
Dave Rodgman
f1419dbbe8
Merge pull request #6381 from tom-cosgrove-arm/pr2164
...
mbedtls: fix possible false success in mbedtls_cipher_check_tag()
2022-11-25 10:55:10 +00:00
Bence Szépkúti
12269e27b1
Add changelog for PKCS7 parser
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-11-25 05:51:40 +01:00
Manuel Pégourié-Gonnard
fecc6b2fe4
Minor tune-up to ChangeLog & documentation
...
- fix a recurring typo
- use clearer names
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-24 09:40:12 +01:00
Gilles Peskine
42649d9270
Fix NULL+0 undefined behavior in ECB encryption and decryption
...
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-23 14:16:52 +01:00
Manuel Pégourié-Gonnard
3518fb11d0
Improve ChangeLog entry for driver-only hashes
...
- avoid long unstructured paragraph with long messy sentences
- de-emphasize "no longer depends on MD" and emphasize "can work in
some driver-only builds" instead - that's what users are interested in
(building without MD is just the current way to accomplish that, but
that will change in the future)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-23 13:23:28 +01:00
Manuel Pégourié-Gonnard
660b396e41
Merge pull request #975 from yanesca/issue-946
...
Fix RSA side channel
2022-11-23 10:30:35 +01:00
Janos Follath
33480a372b
Changelog: expand conference acronym for clarity
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:11 +00:00
Janos Follath
74369b2497
Add paper title to Changelog
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
b3608afe29
Add ChangeLog entry
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Manuel Pégourié-Gonnard
18a3856a03
Document another limitation of driver-only hashes
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-22 11:59:55 +01:00
Gilles Peskine
339406daf9
Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub
...
Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
2022-11-21 19:51:58 +01:00
Dave Rodgman
9e1836cc16
Merge pull request #6593 from Mbed-TLS/fix_tls12_sent_sigalgs
...
Fix TLS1.2 signature algorithms list entry getting overwritten by length.
2022-11-21 10:09:57 +00:00
Paul Elliott
96a0fd951f
Fix signature algorithms list entry getting overwritten by length.
...
Fix bug whereby the supported signature algorithm list sent by the
server in the certificate request would not leave enough space for the
length to be written, and thus the first element would get overwritten,
leaving two random bytes in the last entry.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Ronald Cron
5dc7999946
Simplify the change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-17 14:51:52 +01:00
Tom Cosgrove
0f0b548519
Limit ChangeLog entry to 80 characters
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-16 14:23:51 +00:00
Ronald Cron
9a1396bfcc
Add ChangeLog
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-16 11:04:48 +01:00
Gilles Peskine
af601f9751
Fix undefined behavior with the most negative mbedtls_mpi_sint
...
When x is the most negative value of a two's complement type,
`(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x`
has well-defined behavior and does what was intended.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 23:02:14 +01:00
Gilles Peskine
db14a9d180
Fix NULL+0 in addition 0 + 0
...
Fix undefined behavior (typically harmless in practice) of
mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() when
both operands are 0 and the left operand is represented with 0 limbs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 23:00:21 +01:00
Gilles Peskine
806c9588ef
Changelog entry for the negative zero from add/sub
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 20:36:18 +01:00
Gilles Peskine
32605b24be
Merge pull request #6559 from ihsinme/patch-1
...
dh_genprime: Fix issue where the error code returned by mbedtls_mpi_write_file() is incorrectly reported on failure
2022-11-15 12:38:41 +01:00
Aditya Deshpande
bd2bfa92bd
Add Changelog entry
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-11-10 15:30:12 +00:00
Gilles Peskine
4a480ac5a1
Merge pull request #6265 from Kabbah/x509-info-hwmodulename-hex
...
`x509_info_subject_alt_name`: Render HardwareModuleName as hex
2022-11-08 17:11:07 +01:00
Gilles Peskine
42d75f2daf
Merge pull request #6013 from gstrauss/asn1-type-free
...
Shared code to free x509 structs like mbedtls_x509_named_data
2022-11-08 12:20:20 +01:00
Glenn Strauss
82ba274c01
Deprecate mbedtls_asn1_free_named_data()
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-07 15:42:44 -05:00
Gilles Peskine
bf249accc7
Merge pull request #6498 from yuhaoth/pr/fix-session-resumption-fail-when-hostname-is-not-localhost
...
BUG: Fix session resumption fail when hostname is not localhost
2022-11-07 17:33:38 +01:00
Gilles Peskine
34c09469f3
Merge pull request #5396 from SiliconLabs/codegen_1.1
...
Driver dispatch Codegen 1.1
2022-11-07 15:27:41 +01:00
Asfandyar Orakzai
9b656d3c80
removed stray whitespaces from change logs
...
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-03 11:39:36 +01:00
Asfandyar Orakzai
65cd8a4a23
fixed formating issues in psa_crypto_code_gen_1_1.txt
...
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-03 11:16:40 +01:00
Asfandyar Orakzai
4f63ac4358
fixed changelog formating
...
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-03 10:18:05 +01:00
Asfandyar Orakzai
ee2b637d03
Fixed change log issue
...
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-02 21:50:27 +01:00
Dave Rodgman
5875f5f96b
Add Changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-01 16:28:03 +00:00
Dave Rodgman
e8734d8a55
Apply suggestions from code review
...
Two spelling fixes (changelog & a comment)
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-31 14:30:24 +00:00
Dave Rodgman
55fd0b9fc1
Merge pull request #6121 from daverodgman/pr277
...
cert_write - add a way to set extended key usages - rebase
2022-10-31 13:27:49 +00:00
Dave Rodgman
1a22bef116
Merge pull request #6190 from daverodgman/invalid-ecdsa-pubkey
...
Improve ECDSA verify validation
2022-10-31 09:37:26 +00:00
Jerry Yu
12f5c6b2bc
Add changelog entry
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-30 17:57:06 +08:00
Glenn Strauss
a4b4041219
Shared code to free x509 structs
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-10-28 12:51:35 -04:00
Dave Rodgman
b3166f4b2f
Update Changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-28 11:39:04 +01:00
Dave Rodgman
d7dfc0922e
Update Changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-28 11:38:05 +01:00
Dave Rodgman
169ae4f528
Add Changelog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-28 11:24:29 +01:00
Ronald Cron
04e2133f45
Merge pull request #6482 from ronald-cron-arm/tls13-misc
...
TLS 1.3: Update documentation for the coming release and misc
2022-10-28 11:09:03 +02:00
Dave Rodgman
ce48c92c6c
Credit Cryptofuzz in the changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-27 20:37:23 +01:00
Dave Rodgman
5d13e5e568
Improve changelog for ECDSA verify fix
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-27 20:34:21 +01:00
Ronald Cron
85b9e09525
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-26 15:18:37 +02:00
Ronald Cron
c9176a03a7
Merge pull request #6410 from gilles-peskine-arm/psa-pkparse-pkwrite-3.2
...
PSA with RSA requires PK_WRITE and PK_PARSE
2022-10-26 14:57:36 +02:00
Ronald Cron
4f7feca0dc
Merge pull request #6391 from davidhorstmann-arm/fix-x509-get-name-cleanup
...
The Open CI ran successfully thus I think we can ignore the internal CI.
2022-10-26 14:27:54 +02:00
Gilles Peskine
8874cd570e
Merge pull request #4826 from RcColes/development
...
Add LMS implementation
2022-10-14 18:33:01 +02:00
Manuel Pégourié-Gonnard
b3c30907d6
Merge pull request #6383 from mprse/aead_driver_test
...
Enable testing of AEAD drivers with libtestdriver1
2022-10-14 11:11:01 +02:00
Raef Coles
2ad6e611f0
Update LMS/LMOTS documentation
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:20 +01:00
Raef Coles
8ff6df538c
Add LMS implementation
...
Also an LM-OTS implementation as one is required for LMS.
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:15 +01:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
...
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
Pol Henarejos
c9754c3ec1
Merge branch 'Mbed-TLS:development' into sha3
2022-10-13 08:28:13 +02:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types
...
Test TLS 1.2 builds with each encryption type
2022-10-12 12:45:50 +02:00
Przemek Stekiel
ea37bb2403
Add changelog entry
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-12 11:17:41 +02:00
Gilles Peskine
fcee740b83
Automatically enable PK_PARSE for RSA in PSA
...
PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost
anything with them (import, get attributes, export public from private, any
cryptographic operations). Force it on, for symmetry with what we're doing
for MBEDTLS_PK_WRITE_C. Fixes #6409 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:15:24 +02:00
Gilles Peskine
fd94304f9d
PSA RSA needs pk_write
...
The PSA crypto code needs mbedtls_pk_write_key_der() and
mbedtls_pk_write_pubkey() when using RSA without drivers. We were already
forcing MBEDTLS_PK_WRITE_C when MBEDTLS_USE_PSA_CRYPTO is enabled. Do so
also when MBEDTLS_PSA_CRYPTO_C is enabled as well as MBEDTLS_RSA_C, even
without MBEDTLS_USE_PSA_CRYPTO. Fixes #6408 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:09:12 +02:00
Przemek Stekiel
1f02c6c25e
Reword change log entry
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-10 13:30:52 +02:00
David Horstmann
05bb2c5d0e
Add ChangeLog entry for memory leak fix
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-05 12:09:18 +01:00
Przemek Stekiel
e32cd44490
Add changelog entry: tls 1.2 builds with single encryption type
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-05 09:46:35 +02:00
Glenn Strauss
2ff77119df
mbedtls_ecp_point_read_binary from compressed fmt
...
mbedtls_ecp_point_read_binary from MBEDTLS_ECP_PF_COMPRESSED format
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-10-03 05:43:27 -04:00
Tom Cosgrove
51a0163828
Add ChangeLog entry
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-30 18:10:58 +01:00
Victor Barpp Gomes
00a02b1468
Add Changelog entry
...
Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>
2022-09-29 13:52:55 -03:00
Manuel Pégourié-Gonnard
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2
...
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2
...
Ad-hoc KDF for EC J-PAKE in TLS 1.2
2022-09-28 09:47:32 +02:00
Ronald Cron
cba39a386f
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-27 19:10:39 +02:00
Andrzej Kurek
f13925c022
Add a changelog entry for ECJPAKE to PMS KDF
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-27 05:16:10 -04:00
Gilles Peskine
8c2d236117
Merge pull request #6188 from N3xed/fix/windows-different-drives-build-error
...
Copy files instead of hard-linking on Windows
2022-09-23 17:03:50 +02:00
Manuel Pégourié-Gonnard
c998e43eb4
Add ChangeLog entry about driver-only hashes.
...
(The first entry will need editing if support for ENTROPY_C is sorted out
before the next release.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Gilles Peskine
d6355caa8f
Include platform.h unconditionally: fixes undefined mbedtls_setbuf
...
Now that mbedtls/platform.h is included unconditionally, there are no more
configurations where mbedtls_setbuf was accidentally left out of the manual
definitions when MBEDTLS_PLATFORM_C is disabled. Fixes #6118 , #6196 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:50 +02:00
Neil Armstrong
19bb9913c2
Update changelog entry for new PSA PAKE feature
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
bb28c56796
Add changelog entry for new PSA PAKE feature
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Dave Rodgman
5a28142410
Merge pull request #6189 from Kxuan/fix-ctr_drbg-uninit
...
ctr_drbg: fix free uninitialized aes context
2022-08-24 14:58:44 +01:00
Dave Rodgman
d106308c83
Changelog for ECDSA verify fix
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-19 11:16:37 +01:00
Dave Rodgman
273efeb0eb
Add Changelog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-12 11:02:03 +01:00
kXuan
9ac6b28e27
ctr_drbg: remove mbedtls_aes_init call from mbedtls_ctr_drbg_seed
...
Since 11e9310
add mbedtls_aes_init call in mbedtls_ctr_drbg_init, it
should not init aes_ctx again in mbedtls_ctr_drbg_seed.
Signed-off-by: kXuan <kxuanobj@gmail.com>
2022-08-11 16:38:45 +08:00
Dominik Gschwind
c6d16362f3
Copy files instead of hard-linking on Windows
...
Fixes an issue on Windows where when source and build directory are on different drives hard-linking
to files or directory fails as it doesn't work across filesystem boundaries. Note that symlinking is also
not possible because it requires administrator privileges on Windows.
The solution copies the files using the built-in cmake `configure_file(src dest COPYONLY)` command.
As this command only operates on files, if a directory is specified the files will be globbed recursively
and through symlinks.
Signed-off-by: Dominik Gschwind <dominik.gschwind99@gmail.com>
2022-08-10 16:27:14 +02:00
Dave Rodgman
f421d45869
Merge pull request #6139 from AdityaHPatwardhan/fix/build_error_due_to_missing_prototype
...
Fix build error due to missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled
2022-08-09 11:27:42 +01:00
Dave Rodgman
384f1e61f7
Merge pull request #5950 from savent404/development
...
cmake: IAR support option( MBEDTLS_FATAL_WARNINGS)
2022-08-09 10:52:31 +01:00
Dave Rodgman
953ce3962f
Merge pull request #5971 from yuhaoth/pr/add-rsa-pss-rsae-for-tls12
...
Add rsa pss rsae for tls12
2022-08-09 10:21:45 +01:00
Gilles Peskine
b3edc1576c
Merge pull request #2602 from edsiper/crt-symlink
...
x509_crt: handle properly broken links when looking for certificates
2022-08-03 13:05:29 +02:00
Gilles Peskine
7e1ee0f04b
Merge pull request #6114 from mman/development
...
Use double quotes to include private header file psa_crypto_cipher.h
2022-08-03 13:04:57 +02:00
Martin Man
4741e0b56c
Use double quotes to include private header file psa_crypto_cipher.h
...
Signed-off-by: Martin Man <mman@martinman.net>
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
2022-08-02 12:44:35 +02:00
Aditya Patwardhan
3096f331ee
Fix missing prototype warning when MBEDTLS_DEPRECATED_REMOVED
is
...
enabled
Added the changelog.d entry
Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-08-02 11:15:18 +05:30
savent
5d8adab983
cmake: IAR support option( MBEDTLS_FATAL_WARNINGS)
...
IAR toolchain makes some warning, forcing 'warning as error' is not for sure.
Signed-off-by: savent <savent_gate@outlook.com>
2022-08-02 03:23:02 +00:00
Dave Rodgman
919ff15ecf
Merge pull request #4686 from Kazuyuki-Kimura/patch_#2020
...
Fixed a bug that the little-endian Microblaze does not work when MBEDTLS_HAVE_ASM is defined
2022-07-29 17:08:11 +01:00
Jerry Yu
eec4f03c60
fix typo and changelog entry issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Jerry Yu
72a858517b
add changelog entry
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Dave Rodgman
257319a33e
Merge pull request #6133 from tom-cosgrove-arm/extend-query_compile_time_config-to-psa_want
...
Extend query_compile_time_config to PSA_WANT_xxx macros
2022-07-28 13:01:09 +01:00
Thomas Daubney
69576274cc
Add ChangeLog entry
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-07-26 16:13:23 +01:00
Tom Cosgrove
ff3c6c1a1a
Add parsing of psa/crypto_config.h for PSA_WANT_xxx to query_compile_time_config
...
Fixes #6131
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-25 12:19:35 +01:00
Dave Rodgman
a948f0588c
Merge pull request #1986 from jacmet/bn_mul-fix-x86-pic-compilation-for-gcc-4
...
bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5
2022-07-21 17:34:48 +01:00
Dave Rodgman
ecc1031dbf
Merge pull request #6086 from paul-elliott-arm/fix_cmake_no_gen_files
...
Fix linking of generated files in cmake
2022-07-20 16:13:42 +01:00
Dave Rodgman
7085aa42ee
Merge pull request #5896 from wernerlewis/aes_shallow_copy
...
Refactor AES context to be shallow-copyable
2022-07-20 15:16:37 +01:00
Dave Rodgman
c95cb6d6e5
Add Changelog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-07-20 14:37:08 +01:00
Paul Elliott
582f72bf3b
Fix linking of generated files in cmake
...
If generation of files is turned off, and a file is missing, when
building in tree with cmake, you can end up with the generated file
being turned into a symlink to itself. This will also break any future
attempt at building with make. Fix this by testing if the file exists
prior to attempting to link it.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-19 17:23:30 +01:00