Commit graph

908 commits

Author SHA1 Message Date
Jerry Yu
6dd2e34848 Add changelog entry
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-08 14:56:31 +08:00
Gilles Peskine
15364ffb03
Merge pull request #5579 from SiliconLabs/erase_secret_before_free
Erase secrets in allocated memory before freeing said memory
2022-03-07 17:04:04 +01:00
Tom Cosgrove
70245bee01 Add ChangeLog entry for fix to mbedtls_md_process() test
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-04 16:48:49 +00:00
Andrzej Kurek
3475b26375 Add a changelog entry
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Gilles Peskine
d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters
Add function to get message digest info from context
2022-03-02 16:44:26 +01:00
Gilles Peskine
5459a15863
Merge pull request #5365 from Tachi107/msvc-utf-8
build(msvc): always assume source files are in UTF-8
2022-03-02 16:42:33 +01:00
Glenn Strauss
6989407261 Add accessor to retrieve SNI during handshake
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Glenn Strauss
36872dbd0b Provide means to reset handshake cert list
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null.  Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:48 -05:00
Glenn Strauss
2ed95279c0 Add server certificate selection callback
https://github.com/ARMmbed/mbedtls/issues/5430

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 17:31:49 -05:00
Steven Cooreman
4b94f10b93 Add changelog entry for zeroizing key buffers before freeing
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2022-02-25 16:53:11 +01:00
Andrzej Kurek
a0237f86d3 Add missing key destruction calls in ssl_write_client_key_exchange
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-25 04:36:40 -05:00
Andrea Pappacoda
9202909d07
build(msvc): always assume source files are in UTF-8
Fixes https://github.com/ARMmbed/mbedtls/issues/4205

Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>
2022-02-23 23:13:09 +01:00
Gilles Peskine
9cb08822a1 Minor clarification
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:02 +01:00
Gilles Peskine
80dae04f24 Make user_data fields private
Add accessor functions.

Add unit tests for the accessor functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
c63a1e0e15 Fix mbedtls_ssl_get_version() for TLSv1.3
Test it in ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
e1a0c25f71 New function to access the TLS version from a context as an enum
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
915896f03c Add accessor function from mbedtls_ssl_context to the configuration
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
69477b5706 Add a field for application data to TLS structures
In structure types that are passed to user callbacks, add a field that the
library won't ever care about. The application can use this field to either
identify an instance of the structure with a handle, or store a pointer to
extra data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Tom Cosgrove
f3ebd90a1c SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.

The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-02-21 08:37:26 +00:00
Manuel Pégourié-Gonnard
4fa604cc3b
Merge pull request #5511 from SiliconLabs/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0
feat: Update test_suite_psa_its to NOT use UID=0
2022-02-17 11:49:33 +01:00
Manuel Pégourié-Gonnard
3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
2022-02-16 17:33:47 +01:00
Manuel Pégourié-Gonnard
e14b644f4d
Merge pull request #5456 from mpg/cleanup-ecdh-psa
Cleanup PSA-based ECDHE in TLS 1.2
2022-02-15 09:09:07 +01:00
lhuang04
86cacac91a Port ALPN support for tls13 client from tls13-prototype
Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124).

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
2022-02-14 08:03:32 -08:00
Ronald Cron
fb84e98fb4 Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-11 16:10:44 +01:00
Gilles Peskine
bebeae9428
Merge pull request #5504 from gstrauss/mbedtls_pem_get_der
Add accessor to get der from mbedtls_pem_context
2022-02-10 23:56:57 +01:00
Glenn Strauss
a950938ff0 Add mbedtls_ssl_ticket_rotate for ticket rotation.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 14:33:15 -05:00
Glenn Strauss
72bd4e4d6a Add accessor to get buf from mbedtls_pem_context
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-08 14:53:46 -05:00
pespacek
d62e906b1c TEST: added psa_its_set expected failure test
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 15:19:26 +01:00
pespacek
7599a7744e X.509: use PSA for hashing under USE_PSA_CRYPTO
When MBEDTLS_USE_PSA_CRYPTO is enabled, use psa_hash_xxx rather than
mbedtls_md_xxx.

Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 11:27:42 +01:00
Manuel Pégourié-Gonnard
141be6cc7f Fix missing check on server-chosen curve
We had this check in the non-PSA case, but it was missing in the PSA
case.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs
Resolve problems with reduced configs using USE_PSA_CRYPTO
2022-02-02 10:20:26 +01:00
Paul Elliott
a9f32fbb21
Merge pull request #5382 from lhuang04/tls13_f_export_keys
Swap the client and server random for TLS 1.3 f_export_keys
2022-01-28 12:09:19 +00:00
lhuang04
a3890a3427 Swap the client and server random for TLS 1.3
Summary:

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
2022-01-27 06:00:43 -08:00
Andrzej Kurek
76c185b0a3 Add a changelog entry regarding bugfixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-24 10:09:38 -05:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite
Add accessors for ciphersuite info
2022-01-24 11:13:31 +01:00
Dave Rodgman
b032685543
Merge pull request #5309 from gilles-peskine-arm/pkparse-pkcs8-unencrypted-no-alloc
mbedtls_pk_parse_key: don't allocate if not needed
2022-01-24 10:03:48 +00:00
Gilles Peskine
fe271b9c92
Merge pull request #5253 from AndrzejKurek/chacha-iv-len-16-fixes
Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
2022-01-21 21:46:08 +01:00
Andrzej Kurek
ad40bb7f3f Add a changelog entry for forced MBEDTLS_PK_WRITE_C
Describe why and when it is enabled automatically.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:34:48 -05:00
Andrzej Kurek
f2d4e275a8 Add a changelog entry for the ChaCha20 default behavior change
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Manuel Pégourié-Gonnard
73839e02a7
Merge pull request #5353 from gstrauss/mbedtls_ssl_config_defaults-repeat
Reset dhm_P and dhm_G if config call repeated; avoid memory leak
2022-01-14 10:41:06 +01:00
Glenn Strauss
8f52690956 Add accessors for ciphersuite info
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-13 00:05:48 -05:00
Bence Szépkúti
08f34656cb Return the same error in multipart and single shot AEAD
psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning
PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing
PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or
psa_aead_decrypt().

The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT
in the case that the supplied algorithm is not an AEAD one.

Also move these shared checks to a helper function, to reduce code
duplication and ensure that the functions remain in sync.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-01-07 19:36:07 +01:00
Max Fillinger
8737ec2407 Add ChangeLog entry for md_info getter
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-12-28 16:53:40 +01:00
Glenn Strauss
cee11296aa Reset dhm_P and dhm_G if config call repeated
Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated
to avoid leaking memory.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2021-12-20 20:24:56 -05:00
Archana
4a9e02632a
Review comments addressed
* Updated the default argument to create less noise with argument
  passing.
* Reworded ChangeLog to match MbedTLS documentation/ announcement
  requirements

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-19 13:37:37 +05:30
Archana
21b20c72d3
Add Changelog and update documentation
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-19 10:35:15 +05:30
Ronald Cron
831cf48abf Assemble change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 09:02:38 +01:00
Ronald Cron
acf0df81f2 Add change log for #4842
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 09:02:02 +01:00
Ronald Cron
be252a0da9 Add change log for #4859
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 08:43:53 +01:00
Ronald Cron
7e1cb129e8 Add change log for #4514
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 08:41:32 +01:00
Ronald Cron
2a4344d1fa Add change log for #4883
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-14 18:11:45 +01:00
Dave Rodgman
a53779dba4 Add missing changelog for ARIA (#4959)
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-14 18:11:45 +01:00
Manuel Pégourié-Gonnard
28e3bcf6e1 Fix misleading ChangeLog entry formatting.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-12-14 18:11:45 +01:00
Manuel Pégourié-Gonnard
4e511ede90 Double-free goes under security, not bugfix.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-12-14 18:11:45 +01:00
Ronald Cron
8188d19b0e Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr 2021-12-14 10:58:18 +01:00
Gilles Peskine
32d2a58cc2
Merge pull request #5325 from gilles-peskine-arm/zeroize-tag-3.1
Zeroize expected MAC/tag intermediate variables
2021-12-13 19:09:30 +01:00
Gilles Peskine
a5c18512b9
Merge pull request #5155 from paul-elliott-arm/pcks12_fix
Fixes for pkcs12 with NULL and/or zero length password
2021-12-13 14:52:36 +01:00
Gilles Peskine
36d33f37b6 Generalize MAC zeroization changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 12:43:11 +01:00
Dave Rodgman
050ad4bb50
Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac
Check HMAC return values
2021-12-13 10:51:27 +00:00
Gilles Peskine
ecf6bebb9c Catch failures of md_hmac operations
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.

Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 15:00:57 +01:00
Gilles Peskine
d5ba50e239 Zeroize local MAC variables
Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption,
this is just good hygiene but probably not needed for security since the
data protected by the MAC that could leak is about to be transmitted anyway.
In DTLS decryption, this could be a security issue since an adversary could
learn the MAC of data that they were trying to inject. At least with
encrypt-then-MAC, the adversary could then easily inject a datagram with
a corrected packet. TLS would still be safe since the receiver would close
the connection after the bad MAC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 14:59:45 +01:00
Gilles Peskine
c11192fcb2
Merge pull request #5290 from minosgalanakis/development
Document platform architecture portability constraints
2021-12-10 21:13:11 +01:00
Gilles Peskine
0ca219575a mbedtls_pk_parse_key: don't allocate if not needed
mbedtls_pk_parse_key() makes a temporary copy of the key when it calls
pk_parse_key_pkcs8_encrypted_der(), because that function requires a
writable buffer. pk_parse_key_pkcs8_encrypted_der() always rejects an
empty password, so skip calling it in that case, which allows us to
skip the allocation as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-10 17:36:37 +01:00
Minos Galanakis
c10086e33e changelog: Addressed review comments #6
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2021-12-10 15:52:54 +00:00
Ronald Cron
6aeda5305c Add change log for TLS 1.3 MVP
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:48:12 +01:00
Gilles Peskine
d5b2a59826
Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm
PSA Multipart AEAD CCM Internal implementation and tests.
2021-12-09 14:49:42 +01:00
Manuel Pégourié-Gonnard
49c20954e4
Merge pull request #865 from davidhorstmann-arm/3.0-fix-session-copy-bug-chglog
Add changelog entry for session copy bugfix
2021-12-09 09:21:28 +01:00
David Horstmann
e217edf49c Add changelog entry for session copy bugfix
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-12-08 13:32:59 +00:00
Manuel Pégourié-Gonnard
5d9f42200f
Merge pull request #861 from ronald-cron-arm/fix-aead-nonce
psa: aead: Fix invalid output buffer usage in generate_nonce()
2021-12-08 13:30:21 +01:00
Manuel Pégourié-Gonnard
39c2aba920
Merge pull request #849 from ronald-cron-arm/fix-cipher-iv
Avoid using encryption output buffer to pass generated IV to PSA driver
2021-12-08 13:30:06 +01:00
Ronald Cron
0118627013 Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-07 09:28:36 +01:00
Ronald Cron
6fd156aa6b Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-07 09:21:38 +01:00
Gilles Peskine
aa1e9857a5 Add changelog entry for build error fixes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-06 20:58:47 +01:00
Gilles Peskine
1bbf6d645b
Merge pull request #5149 from mfil/feature/additional_cipher_info_getters
Additional cipher_info getters
2021-12-03 17:21:51 +01:00
Paul Elliott
117282f25e Delete unneccesary changelog entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-01 17:18:12 +00:00
Gilles Peskine
161d661d90
Merge pull request #5222 from paul-elliott-arm/fix_test_suite_ssl
Fix test_suite_ssl compilation errors with GCC11
2021-11-25 22:02:43 +01:00
Paul Elliott
62dc392ef8 Stop CMake out of source tests running on 16.04
Running the out of source CMake test on Ubuntu 16.04 using more than one
processor (as the CI does) can create a race condition whereby the build
fails to see a generated file, despite that file actually having been
generated. This problem appears to go away with 18.04 or newer, so make
the out of source tests not supported on Ubuntu 16.04

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:03:50 +00:00
Paul Elliott
472fd176a6 Fix Changelog
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-24 17:45:43 +00:00
Paul Elliott
21c8fe5c6e Fix compilation errors.
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-24 17:19:51 +00:00
Gabor Mezei
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module 2021-11-24 10:44:13 +01:00
Gilles Peskine
0c9f058504
Merge pull request #5213 from tom-cosgrove-arm/pr_4950
Fix GCM calculation with very long IV
2021-11-22 22:22:37 +01:00
Paul Elliott
0b7d5a88d9 Make changelog more specific
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-18 22:39:16 +00:00
Bence Szépkúti
6d48e20d4b Indicate nonce sizes invalid for ChaCha20-Poly1305
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 18:06:11 +01:00
Paul Elliott
853c0da8de Fix for pkcs12 with NULL or zero length password
Previously passing a NULL or zero length password into either
mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate
loop, and it was also possible to pass a NULL password, with a non-zero
length, which would cause memory corruption.
I have fixed these errors, and improved the documentation to reflect the
changes and further explain what is expected of the inputs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-11 19:26:37 +00:00
Max Fillinger
7568d1a238 Add Changelog entry for additional getters
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-11-10 15:12:04 +01:00
Manuel Pégourié-Gonnard
087f04783d
Merge pull request #5076 from mstarzyk-mobica/psa_ccm_no_tag
PSA CCM*-no-tag
2021-11-10 10:18:55 +01:00
Gilles Peskine
c756b5f9fa
Merge pull request #5126 from haampie/fix/DT_NEEDED_for_shared_libraries
DT_NEEDED for shared builds in makefile
2021-11-05 12:04:29 +01:00
Harmen Stoppels
3e636161ec Add changelog
Signed-off-by: Harmen Stoppels <harmenstoppels@gmail.com>
2021-11-05 09:32:05 +01:00
Gabor Mezei
77390dc8ec
Update changelog with the new public API
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-03 17:12:56 +01:00
Gilles Peskine
c323d4585f Note the change to PSA_ALG_IS_HASH_AND_SIGN in the changelog
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 15:51:20 +01:00
Mateusz Starzyk
5bc9bf7584 Add changelog entry for new PSA Crypto API macros.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-11-03 15:47:03 +01:00
Manuel Pégourié-Gonnard
4313d3ac87
Merge pull request #5010 from gilles-peskine-arm/psa-rsa-pss_any_salt
PSA: fix salt length for PSS verification
2021-10-29 16:36:36 +02:00
Manuel Pégourié-Gonnard
774b4422e2
Merge pull request #5116 from gilles-peskine-arm/remove-greentea-3.0
Remove on-target testing
2021-10-29 09:33:34 +02:00
Gilles Peskine
d025422c28 Remove on-target testing
It was unmaintained and untested, and the fear of breaking it was holding us
back. Resolves #4934.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-27 11:45:57 +02:00
Mateusz Starzyk
812ef6b379 Fix ccm*-no-tag changelog entry
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-27 11:26:47 +02:00
Gilles Peskine
66c9b84f93 Fix typo in documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:15:20 +02:00
Gilles Peskine
680747b868 Fix the build of sample programs without mbedtls_strerror
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
66884e6dae Base64 range-based constant-flow code: changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
4fa0725936
Merge pull request #5002 from mstarzyk-mobica/psa_output_buffer_limitation
Remove output buffer limitation for PSA with GCM.
2021-10-25 19:37:33 +02:00
Mateusz Starzyk
61a8b2daf2 Add changelog entry for CCM*-no-tag.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-22 13:52:42 +02:00
Gilles Peskine
6210320215
Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
2021-10-18 17:53:56 +02:00
Gilles Peskine
bf21c07923
Merge pull request #5072 from mprse/issue_5065
Use switch statement instead if-else in psa_aead_check_nonce_length() and psa_aead_set_lengths(). Fixes #5065
2021-10-18 17:51:50 +02:00
Gilles Peskine
7637ab0d8b
Merge pull request #5037 from mprse/issue_4551
Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
2021-10-18 10:39:21 +02:00
Przemyslaw Stekiel
316c4fa3ce Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-15 08:04:53 +02:00
Gilles Peskine
2bb5e9c973
Merge pull request #4760 from gilles-peskine-arm/ecb-alt-ret-3.0
Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
2021-10-14 12:11:20 +02:00
Przemyslaw Stekiel
ed61c5e8b0 Add change-log file (issue #5065)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-14 09:14:09 +02:00
openluopworld
151ccb2977 update changelog for #4884
Signed-off-by: openluopworld <wuhanluop@163.com>
2021-10-13 00:23:30 +08:00
openluopworld
506752299b add changelog file for #4950
Signed-off-by: openluopworld <wuhanluop@163.com>
2021-10-12 18:38:50 +08:00
Przemyslaw Stekiel
b576c7b779 Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-11 10:43:17 +02:00
Paul Elliott
f76dcb2efc Add Changelog.d entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-07 18:21:40 +01:00
Przemyslaw Stekiel
770153e836 Add change-log entry
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-07 11:12:41 +02:00
Gilles Peskine
b9b817e977 Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length
PSA_ALG_RSA_PSS algorithm now accepts only the same salt length for
verification that it produces when signing, as documented.

Fixes #4946.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 14:26:25 +02:00
Mateusz Starzyk
c48f43b44d Fix PSA AEAD GCM's update output buffer length verification.
Move GCM's update output buffer length verification
from PSA AEAD to the built-in implementation of the GCM.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-04 13:54:55 +02:00
Mateusz Starzyk
f28261fc14 Remove output buffer limitation for PSA with GCM.
The requirement of minimum 15 bytes for output buffer in
psa_aead_finish() and psa_aead_verify() does not apply
to the built-in implementation of the GCM.

Alternative implementations are expected to verify the
length of the provided output buffers and to return
the MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the
buffer length is too small.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-04 13:54:54 +02:00
Gilles Peskine
023aa11760
Merge pull request #4996 from mprse/mbedtls_cipher_setup_psa_ECB
Fix test gap: mbedtls_cipher_setup_psa() with ECB
2021-10-01 14:49:10 +02:00
Przemyslaw Stekiel
73142dfb98 Add change-log: fix-mbedtls_cipher_crypt-aes-ecb.txt
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-09-30 13:14:20 +02:00
Ronald Cron
cd51e76583
Merge pull request #4338 from paul-elliott-arm/psa-m-aead
Implement multipart PSA AEAD
2021-09-29 22:48:33 +02:00
Andrzej Kurek
5902cd64e2 Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
This option only gated an ability to set a callback,
but was deemed unnecessary as it was yet another define to
remember when writing tests, or test configurations. Fixes #4653.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 10:15:42 -04:00
gabor-mezei-arm
6565ea0739
Add changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 17:11:47 +02:00
Gilles Peskine
9a7d4c2734 New configuration option MBEDTLS_CHECK_RETURN_WARNING
MBEDTLS_CHECK_RETURN_TYPICAL defaults off, but is enabled if
MBEDTLS_CHECK_RETURN_WARNING is enabled at compile time.
(MBEDTLS_CHECK_RETURN_CRITICAL is always enabled.)

The default is off so that a plausible program that builds with one version
of Mbed TLS in the default configuration will still build under the next
version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 19:15:56 +02:00
Gilles Peskine
ea59237370 Move changelog entry to the appropriate directory
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 19:15:56 +02:00
Gilles Peskine
aafb21f320
Merge pull request #4968 from davidhorstmann-arm/fix-aarch64-asm-constraints
Fix aarch64 assembly for bignum multiplication
2021-09-27 09:01:15 +02:00
David Horstmann
7500a0e1ea Combine changelog entries for muladdc assembly fix
Combine the changelog entries for the memory constraints fix on
aarch64 and amd64, since these are essentially fixing the same
issue.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-09-24 15:18:44 +01:00
Paul Elliott
71b0567c87 Merge remote-tracking branch 'upstream/development' into psa-m-aead-merge
Also fiixed the following merge problems:

crypto_struct.h   : Added MBEDTLS_PRIVATE to psa_aead_operation_s
                    members (merge conflict)
psa_crypto_aead.c : Added ciphertext_length to mbedtls_gcm_finish
                    call (change of API during development)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-24 11:18:13 +01:00
joseph
6113af68c5 Fix test code to can be built on alpine
Signed-off-by: joseph <joseph@jc-lab.net>
2021-09-24 09:21:29 +09:00
David Horstmann
11c81df707 Fix aarch64 assembly for bignum multiplication
Add memory constraints to the aarch64 inline assembly in MULADDC_STOP.
This fixes an issue where Clang 12 and 13 were generating
non-functional code on aarch64 platforms. See #4962, #4943
for further details.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-09-22 18:31:35 +01:00
Gilles Peskine
f0f2294f57
Merge pull request #4708 from mstarzyk-mobica/ccm_chunked
Ccm chunked - enable multipart CCM in PSA
2021-09-21 13:46:52 +02:00
Gilles Peskine
5b1df10470 Update the list of issues fixed
This had actually been reported multiple times.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-15 17:07:21 +02:00
Gilles Peskine
d337fbc4cb x86_64 MULADDC assembly: add missing constraints about memory
MULADDC_CORE reads from (%%rsi) and writes to (%%rdi). This fragment is
repeated up to 16 times, and %%rsi and %%rdi are s and d on entry
respectively. Hence the complete asm statement reads 16 64-bit words
from memory starting at s, and writes 16 64-bit words starting at d.

Without any declaration of modified memory, Clang 12 and Clang 13 generated
non-working code for mbedtls_mpi_mod_exp. The constraints make the unit
tests pass with Clang 12.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-15 15:51:43 +02:00
Gilles Peskine
1716f32864 psa_cipher_update_ecb: remove parameter output_size
This parameter was set but not used, which was pointless. Clang 14 detects
this and legitimately complains.

Remove the parameter. This is an internal function, only called once. The
caller already has a sufficient check on the output buffer size which
applies in more cases, so there is no real gain in robustness in adding the
same check inside the internal function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-13 09:46:41 +02:00
Mateusz Starzyk
cbefb6ba4d Merge branch 'development' into ccm_chunked
Conflicts:
	library/ccm.c

Conflict resolved by re-applying the MBEDTLS_BYTE_0 macro.
Conflict resolved by ignoring the MBEDTLS_PUT_UINT16_BE macro
used in development branch on the 'b' buffer, because the 'b'
buffer is removed in current branch.
2021-08-24 15:14:23 +02:00
Mateusz Starzyk
3879c345ec Fix typo in the changelog for chunked CCM.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-23 10:56:06 +02:00
Gilles Peskine
7dd2f504b3 Allow configuring MBEDTLS_TLS_EXT_CID at compile time
The numerical identifier of the CID extension hasn't been settled yet
and different implementations use values from different drafts. Allow
configuring the value at compile time.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-12 10:31:01 +02:00
Mateusz Starzyk
de7a83da0d Add changelog for chunked CCM implementation.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Gilles Peskine
69813477b0
Merge pull request #4758 from paul-elliott-arm/fix_cipher_output_size
Fix divide by zero if macro used with wrong key type
2021-07-30 18:56:18 +02:00
Dave Rodgman
677c6c4cac
Merge pull request #4801 from hanno-arm/ssl_session_exported_private
Explicitly mark fields as private via MBEDTLS_PRIVATE(...)
2021-07-30 14:39:07 +01:00
Manuel Pégourié-Gonnard
06672ef771
Merge pull request #4776 from gilles-peskine-arm/generate_psa_tests-robutness-202107
Fix bugs around generate_psa_tests.py invocation from tests/Makefile
2021-07-29 09:58:19 +02:00
Gilles Peskine
3b9bea0757
Merge pull request #4750 from yutotakano/fix-reserved-identifier-clash
Replace reserved identifier clashes with suitable replacements
2021-07-22 16:20:56 +02:00
Hanno Becker
5d26efdea3 Add ChangeLog entry
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-07-22 11:37:05 +01:00
Paul Elliott
64df5f88c5 Add Changelog entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-14 12:39:54 +01:00
Archana
554e64e689
Add a changelog for Armmbed#4626
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-14 16:12:22 +05:30
Yuto Takano
ff58686e88 Add ChangeLog entry for reserved identifier replacments
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-14 10:25:57 +01:00
Gilles Peskine
8b427c851e Use python3 when building on non-Windows for Windows
The makefiles look for python3 on Unix-like systems where python is often
Python 2. This uses sh code so it doesn't work on Windows. On Windows, the
makefiles just assume that python is Python 3.

The code was incorrectly deciding not to try python3 based on WINDOWS_BUILD,
which indicates that the build is *for* Windows. Switch to checking WINDOWS,
which indicates that the build is *on* Windows.

Fix #4774

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 18:26:08 +02:00
Dave Rodgman
bb2eece7cf Create aggregated ChangeLog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 23:09:51 +01:00
Dave Rodgman
b1d1c2af73 Fix filename on Changelog item
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 22:51:28 +01:00
Dave Rodgman
34d8cd2892 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-3.0.0rc0-pr 2021-06-30 22:51:02 +01:00
Dave Rodgman
bd3bfbf5c2
Merge pull request #4737 from daverodgman/migration-guide 2021-06-30 21:31:53 +01:00
Dave Rodgman
9f5774f56d
Merge pull request #4739 from gabor-mezei-arm/3258_fp30_implement_one-shot_MAC_and_cipher
Implement one-shot cipher
2021-06-30 17:04:23 +01:00
Dave Rodgman
0a7ff4a4e2
Merge pull request #4741 from gabor-mezei-arm/3267_fp30_sign_verify_key_policies
Key policy extension for PSA_KEY_USAGE_SIGN/VERIFY_HASH
2021-06-30 14:50:57 +01:00
Gilles Peskine
a481052407 Add migration guide and changelog entry for MBEDTLS_PRIVATE
We forgot those in #4511.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-30 11:06:40 +01:00
Dave Rodgman
dc1a3b2d70
Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0
Cleanup SSL error code space
2021-06-30 09:02:55 +01:00
gabor-mezei-arm
01e99083a5
Fix changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:00 +02:00
gabor-mezei-arm
9ca3ad7329
Add changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:48:59 +02:00
gabor-mezei-arm
52176f794a
Fix changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:07:00 +02:00
gabor-mezei-arm
6740c9de77
Add changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:59 +02:00
Dave Rodgman
4b60e0742b Improve Changelog wording
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 14:40:02 +01:00
Dave Rodgman
858894056d Improve changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 09:43:55 +01:00
Dave Rodgman
43fcb8d7c1 Address review feedback
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 08:57:19 +01:00
Ronald Cron
8682faeb09
Merge pull request #4694 from gilles-peskine-arm/out_size-3.0
Add output size parameter to signature functions
2021-06-29 09:43:17 +02:00
Bence Szépkúti
1b2a8836c4 Correct documentation references to Mbed TLS
Use the correct formatting of the product name in the documentation.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 10:37:19 +01:00
Bence Szépkúti
60c863411c Remove references to MBEDTLS_USER_CONFIG_VERSION
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
36da4ccc51 Update changelog and migration guide
This reflect changes to the config version symbols.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
8d9132f43c Fix typo
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
90b79ab342 Add migration guide and changelog
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Dave Rodgman
10bda58b49
Merge pull request #4259 from CJKay/cmake-config
Add CMake package config file
2021-06-25 20:32:13 +01:00
Janos Follath
cdfd73aa7f Add ChangeLog entry
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-25 13:43:59 +01:00
Ronald Cron
3698fa1043
Merge pull request #4673 from gilles-peskine-arm/psa_crypto_spm-from_platform_h
Fix and test the MBEDTLS_PSA_CRYPTO_SPM build
2021-06-25 09:01:08 +02:00
Gilles Peskine
f00f152444 Add output size parameter to signature functions
The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable()
now take an extra parameter indicating the size of the output buffer for the
signature.

No change to RSA because for RSA, the output size is trivial to calculate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-25 00:46:22 +02:00
Gilles Peskine
fedd52ca19
Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation
Require matching hashlen in RSA functions: implementation
2021-06-24 10:28:20 +02:00
Gilles Peskine
f06b92d724
Merge pull request #4567 from mstarzyk-mobica/gcm_ad
Enable multiple calls to mbedtls_gcm_update_ad
2021-06-23 19:36:23 +02:00
Ronald Cron
4f7cc1bb63
Merge pull request #4713 from gilles-peskine-arm/psa-storage-format-test-lifetimes-3.0
PSA storage format: test lifetimes
Almost straightforward of #4392 thus merging with only one approval.
2021-06-23 15:22:03 +02:00
Janos Follath
aa5938edb3
Merge pull request #4703 from gilles-peskine-arm/mpi_montmul-null-3.0
Fix several bugs with the value 0 in bignum
2021-06-23 13:40:14 +01:00
Gilles Peskine
6687cd07f3 Refuse to destroy read-only keys
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:44:35 +02:00
Gilles Peskine
87bc91c13b Forbid creating a read-only key
The persistence level PSA_KEY_PERSISTENCE_READ_ONLY can now only be used
as intended, for keys that cannot be modified through normal use of the API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
c9d86a05ce
Merge pull request #4665 from yanesca/issue-3990-fix_psa_verify_with_alt
Fix PSA RSA PSS verify with ALT implementations
2021-06-23 11:47:38 +02:00
Paul Elliott
2007d70a5a Improve changelog
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-23 09:59:14 +01:00
Manuel Pégourié-Gonnard
92f387777d Merge branch 'development' into development-restricted
* development: (66 commits)
  Document the return type change in the migration guide
  Fix return type of example key export callbacks
  Add change log
  psa: mac: Add driver dispatch tests for psa_mac_verify
  psa: mac: Add driver delegation support for psa_mac_verify()
  psa: mac: Introduce psa_mac_compute_internal
  psa: mac: Add driver dispatch tests for psa_mac_compute
  psa: mac: Improve MAC finalization code
  psa: mac: Add driver delegation support for psa_mac_compute()
  psa: mac: Add MAC compute builtin implementation
  psa: mac: Improve implementation of psa_mac_finalize_alg_and_key_validation()
  psa: mac: Split psa_mac_setup()
  psa: mac: Re-organize psa_mac_setup() internal function
  Move export callback and context to the end of SSL context
  Improve ChangeLog wording for key export
  Remove return value from key export callback
  Make key export callback and context connection-specific
  Remove all occurrences of TLS < 1.2 PRF identifier
  Remote key export identifier used for TLS < 1.2.
  Add missing documentation for key export callback parameters
  ...
2021-06-23 09:04:42 +02:00
Gilles Peskine
e9bc857327
Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export
Implement modified key export API for Mbed TLS 3.0
2021-06-22 18:52:37 +02:00
Gilles Peskine
9dbbc297a3 PK signature function: require exact hash length
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 18:39:41 +02:00
Gilles Peskine
34bfa15b21 Changelog entry for the mbedtls_mpi_read_xxx changes
mbedtls_mpi_read_binary{,_le} (in https://github.com/ARMmbed/mbedtls/pull/4276)
and mbedtls_mpi_read_string (in https://github.com/ARMmbed/mbedtls/pull/4644)
changed their behavior on an empty input from constructing an MPI object with
one limb to not allocating a limb. In principle, this change should be
transparent to applications, however it caused a bug in the library and it does
affect the value when writing back out, so list the change in the changelog.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
27253bc885 mbedtls_mpi_gcd: fix the case B==0
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:44:05 +02:00
Gilles Peskine
3008dde386 Changelog for the fix to mbedtls_mpi_exp_mod(A=0)
In Mbed TLS 2.26.0, the bug was hard to trigger, since all methods for
parsing a bignum (mbedtls_mpi_read_xxx functions) constructed an mbedtls_mpi
object with at least one limb.

In the development branch, after the commit
"New internal function mbedtls_mpi_resize_clear", this bug could be
triggered by a TLS server, by passing invalid custom Diffie-Hellman
parameters with G=0 transmitted as a 0-length byte string.

Since the behavior change in mbedtls_mpi_read_binary and
mbedtls_mpi_read_binary_le (constructing 0 limbs instead of 1 when passed
empty input) turned out to have consequences despite being in principle an
internal detail, mention it in the changelog.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:44:05 +02:00
Manuel Pégourié-Gonnard
e7885e5441 RSA: Require hashlen to match md_alg when applicable
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-22 12:29:27 +02:00
Gilles Peskine
36ff66c4b4
Merge pull request #4316 from gabor-mezei-arm/3258_implement_one-shot_MAC
Implement one-shot MAC
2021-06-22 12:18:25 +02:00
Manuel Pégourié-Gonnard
3e7ddb2bb6
Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0
Update the default hash and curve selection for X.509 and TLS
2021-06-22 12:08:37 +02:00
Manuel Pégourié-Gonnard
508d3a5824
Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext
Remove truncated HMAC extension
2021-06-22 11:53:10 +02:00
Manuel Pégourié-Gonnard
8aed60bdfb Merge branch 'development' into development-restricted
* development:
  Reword changelog - Test Resource Leak
  Fix improper spacing
  Update changelog formatting - Missing Free Context
  Update changlog formatting - Missing Free Context
  Update changelog formatting - Missing Free Context
  Changelog entry for Free Context in test_suite_aes fix
  Free context in at the end of aes_crypt_xts_size()
2021-06-22 10:36:06 +02:00
Dave Rodgman
8f2b66a39a
Merge pull request #4676 from JoeSubbiani/MissingContextFree-test_suite_aes.function
Add missing free context in at the end of aes_crypt_xts_size()
2021-06-22 09:24:08 +01:00
Manuel Pégourié-Gonnard
21efe44af3 Merge branch 'development' into development-restricted
* development: (236 commits)
  Changing the key length to 32 bytes in one of the PSA cipher setup tests
  Removal of RC4 certs and fixes to docs and tests
  Fix fd range for select on Windows
  Refactor file descriptor checks into a common function
  Removing global variable and moving variant function comment block
  Fix typo in doc'n of session resumption API
  Code review fixes
  Fix warning in some configurations
  Fix cmake build of fuzz_privkey
  Fix async support in ssl_server2
  Improve ChangeLog and migration guide entries
  Use a proper DRBG in programs
  Use the dedicated dummy_random in fuzzing programs
  Fix cmake build of programs
  Add ChangeLog and migration guide entries
  Simplify internal code
  Remove "internal RNG" code from ECP
  Remove config option MBEDTLS_ECP_NO_INTERNAL_RNG
  Add RNG params to private key parsing
  Add RNG parameter to check_pair functions
  ...
2021-06-22 10:20:48 +02:00
Manuel Pégourié-Gonnard
da1eab3c3f
Merge pull request #828 from mpg/rsa-lookup-restricted
Use constant-time look-up in modular exponentiation
2021-06-22 09:33:20 +02:00
Manuel Pégourié-Gonnard
ffafae4f51
Merge pull request #4687 from gilles-peskine-arm/winsock-fd-range-3.0
Fix net_sockets regression on Windows
2021-06-22 09:29:23 +02:00
Manuel Pégourié-Gonnard
a805d57261
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-22 09:27:41 +02:00
Joe Subbiani
08b5ab2b81 Reword changelog - Test Resource Leak
- “Fix an issue where X happens” → ”Fix X“
  the extra words are just a distraction.
- “resource” → “a resource”
- “where resource is never freed” has a name: it's a resource leak
- “when running one particular test suite” → “in a test suite”

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-06-21 16:50:51 +01:00
Janos Follath
3dd3ff0096 Add ChangeLog entry
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-21 10:39:36 +01:00
Ronald Cron
4d91bcd413 Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-21 09:58:10 +02:00
Gilles Peskine
a5dd7bded8 Fix fd range for select on Windows
Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with
MBEDTLS_ERR_NET_POLL_FAILED on Windows: they were testing that the file
descriptor is in range for fd_set, but on Windows socket descriptors are not
limited to a small range. Fixes #4465.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-20 23:14:36 +02:00
Joe Subbiani
e6ef5febfb Update changelog formatting - Missing Free Context
Missing trailing full stop added to the end of the fixed issue number

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-06-18 18:54:08 +01:00
Hanno Becker
1e1c23d768 Improve ChangeLog wording for key export
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Hanno Becker
7e6c178b6d Make key export callback and context connection-specific
Fixes #2188

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Hanno Becker
5a234e8718 Add ChangeLog entry
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Joe Subbiani
dc5660c4c0 Update changlog formatting - Missing Free Context
Trailing white space causing `check_files.py` to fail

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-06-18 17:40:54 +01:00
Manuel Pégourié-Gonnard
ae35830295
Merge pull request #4661 from mpg/make-blinding-mandatory
Make blinding mandatory
2021-06-18 18:32:13 +02:00
Dave Rodgman
8c8166a7f1
Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test
Move part of timing module out of the library
2021-06-18 16:35:58 +01:00
Joe Subbiani
487b4ae426 Update changelog formatting - Missing Free Context
The original formatting was in dos and the changelog
assembler would fail. The length of the description was
too long horizontally. This has been updated.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-06-18 15:37:21 +01:00
Joe Subbiani
26e8608fcb Changelog entry for Free Context in test_suite_aes fix
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-06-18 12:01:54 +01:00
Thomas Daubney
379227cc59 Modifies ChangeLog and Migration Guide
Entries in ChangeLog and Migration guide files
have been merged to cover both the removal of
MBEDTLS_SSL_TRUNCATED_HMAC and
MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-18 10:46:12 +01:00
Thomas Daubney
a42bf29b2c Modifies ChangeLog entry
Corrects wording in ChangeLog entry as
requested in review.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-18 09:13:53 +01:00
Gilles Peskine
b26696bafb Simplify mbedtls_debug_print_mpi and fix the case of empty bignums
Rewrite mbedtls_debug_print_mpi to be simpler and smaller. Leverage
mbedtls_mpi_bitlen() instead of manually looking for the leading
zeros.

Fix #4608: the old code made an invalid memory dereference when
X->n==0 (freshly initialized bignum with the value 0).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:29 +02:00
Gilles Peskine
b1940a76ad In TLS, order curves by resource usage, not size
TLS used to prefer larger curves, under the idea that a larger curve has a
higher security strength and is therefore harder to attack. However, brute
force attacks are not a practical concern, so this was not particularly
meaningful. If a curve is considered secure enough to be allowed, then we
might as well use it.

So order curves by resource usage. The exact definition of what this means
is purposefully left open. It may include criteria such as performance and
memory usage. Risk of side channels could be a factor as well, although it
didn't affect the current choice.

The current list happens to exactly correspond to the numbers reported by
one run of the benchmark program for "full handshake/s" on my machine.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:29 +02:00
Gilles Peskine
5752e599b3 Reduce the default ECP window size
MBEDTLS_ECP_WINDOW_SIZE is a compromise between memory usage (growing based
on the value) and performance (faster with larger values). There are
disminishing returns as the value grows larger. Based on Manuel's benchmarks
recorded in https://github.com/ARMmbed/mbedtls/issues/4127, 4 is a good
compromise point, with larger values bringing little advantage. So reduce
the default from 6 to 4.

Document the default value as in optimized for performance mostly, but don't
document the specific value, so we may change it later or make it
platform-dependent.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:29 +02:00
Gilles Peskine
3758fd6b79 Changelog entry and migration guide for hash and curve profile upgrades
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:14 +02:00
Gilles Peskine
e96c5854d0 Move the inclusion of crypto_spe.h to psa/crypto_platform.h
This makes it easier to ensure that crypto_spe.h is included everywhere it
needs to be, and that it's included early enough to do its job (it must be
included before any mention of psa_xxx() functions with external linkage,
because it defines macros to rename these functions).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 11:43:58 +02:00
Gilles Peskine
532327b429
Merge pull request #4576 from gilles-peskine-arm/psa_key_derivation-bad_workflow-20210527
PSA key derivation bad-workflow tests
2021-06-17 09:55:39 +02:00
Manuel Pégourié-Gonnard
8707259318 Improve ChangeLog and migration guide entries
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:41:00 +02:00
Manuel Pégourié-Gonnard
e6e51aab55 Add ChangeLog and migration guide entries
Merge part of the RSA entries into this one, as I think it's easier for
users to have all similar changes in one place regardless of whether
they were introduce in the same PR or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Thomas Daubney
22ecf49e9a Adds ChangeLog entry
Commit adds ChangeLog entry for removal of
MBEDTLS_SSL_TRUNCATED_HMAC.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-16 16:26:59 +01:00
Mateusz Starzyk
c1ec0b8959 Add changelog entry for chunked associated data in GCM.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-16 14:34:09 +02:00
TRodziewicz
15a7b73708 Documentation rewording
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 11:22:53 +02:00
TRodziewicz
8f91c721d3 Code review follow-up corrections
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:45 +02:00
TRodziewicz
7ff652ae53 Addition of ChangeLog and migration guide entry files.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:39 +02:00
Gilles Peskine
17575dcb03
Merge pull request #4629 from TRodziewicz/rename_functions_whose_deprecated_variants_have_been_removd
Rename the _ret() functions
2021-06-15 20:32:07 +02:00
TRodziewicz
9c90226df1 Addition of the migration guide and change log files
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-15 15:49:20 +02:00
Manuel Pégourié-Gonnard
8cad2e22fc
Merge pull request #4595 from gilles-peskine-arm/alt-dummy-headers-3.0
Lighten and test constraints on context types in alternative implementations
2021-06-15 12:12:46 +02:00
TRodziewicz
28a4a963fc Corrections to the docs wording and changes to aux scripts
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-15 00:18:32 +02:00
Gilles Peskine
f35c42bdb9 Document the remaining constraints on ALT context types
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:14:28 +02:00
Gilles Peskine
cd07e22048 New function mbedtls_ecjpake_set_point_format
Use this instead of accessing the field directly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:12:37 +02:00
Gilles Peskine
71acc6e8d9 New function mbedtls_dhm_get_value to copy a field of a DHM context
Reduce the need to break the DHM abstraction by accessing the context directly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:12:37 +02:00
Gilles Peskine
487bbf6805 DHM: new functions to query the length of the modulus
Add two functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() to
query the length of the modulus in bytes or bits.

Remove the len field: the cost of calling mbedtls_dhm_get_len() each time
it's needed is negligible, and this improves the abstraction of the DHM
module.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:12:37 +02:00
Gilles Peskine
a1b44dd808 Changelog entry for MBEDTLS_ECP_MAX_BITS automatic determination
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:10:37 +02:00
TRodziewicz
3946f79cab Correction according to code review (function and param. names change
and docs rewording)

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-14 13:46:21 +02:00
TRodziewicz
8476f2f30a Turn _SSL_SRV_RESPECT_CLIENT_PREFERENCE config option to a runtime option
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-14 11:56:20 +02:00
TRodziewicz
1fcd72e93c change log and migr. guide fixes and _DEPRECATED_REMOVED removed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-14 11:16:06 +02:00
Gilles Peskine
b1edaec18f Fix missing state check for tls12_prf output
Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive
about missing inputs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-11 22:41:46 +02:00
Ronald Cron
57864faf84
Merge pull request #4634 from Patater/mbed-can-do-timing
config: Allow Mbed to implement TIMING_C
2021-06-11 09:14:13 +02:00
Gilles Peskine
02b76b7d18
Merge pull request #4619 from TRodziewicz/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options
Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code
2021-06-10 17:43:36 +02:00
Manuel Pégourié-Gonnard
8323244ca3 Add ChangeLog entry about RSA side channel.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-10 13:30:07 +02:00
Jaeden Amero
197496af69 config: Allow Mbed to implement TIMING_C
Mbed OS now provides POSIX-like time functions, although not alarm() nor
signal(). It is possible to implement MBEDTLS_TIMING_ALT on Mbed OS, so
we should not artificially prevent this in check-config. Remove the the
check that prevents implementing MBEDTLS_TIMING_ALT on Mbed OS.

Note that this limitation originally was added in the following commit,
although there isn't much context around why the restriction was
imposed: 63e7ebaaa1 ("Add material for generating yotta module"). In
2015, Mbed OS was quite a different thing: no RTOS, no threads, just an
asynchronous event loop model. I'd suppose the asynchronous event loop
model made it difficult before to implement MBEDTLS_TIMING_C on Mbed OS,
but that is no longer the case.

Fixes #4633

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2021-06-09 13:47:27 +01:00
TRodziewicz
b8367380b1 Addition of the migration guide
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-09 13:31:42 +02:00
TRodziewicz
3ecb92e680 Remove _X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-09 13:28:16 +02:00
TRodziewicz
1e66642d68 Addition of change log and migration guide files.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-09 11:25:28 +02:00
Ronald Cron
6fe1bc3f24 Add change log and migration guide
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-08 14:11:19 +02:00
Manuel Pégourié-Gonnard
caa0e93f08
Merge pull request #4617 from daverodgman/cmake-version
Document minimum tool versions for 3.0
2021-06-08 11:38:03 +02:00
Manuel Pégourié-Gonnard
16fdab79a5
Merge pull request #4382 from hanno-arm/max_record_payload_api
Remove MFL query API and add API for maximum plaintext size of incoming records
2021-06-08 11:07:27 +02:00
Manuel Pégourié-Gonnard
dacd044938
Merge pull request #4516 from TRodziewicz/Remove__CHECK_PARAMS_option
Remove MBEDTLS_CHECK_PARAMS option
2021-06-08 09:30:48 +02:00
Gilles Peskine
8d4e32b888
Merge pull request #4522 from mpg/fix-ssl-cf-hmac-alt-dev
Fix misuse of MD API in SSL constant-flow HMAC
2021-06-07 20:53:33 +02:00
TRodziewicz
0730cd5d9e Merge branch 'development' into Remove__CHECK_PARAMS_option 2021-06-07 15:41:49 +02:00
TRodziewicz
442fdc22ea Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-07 13:52:23 +02:00
Manuel Pégourié-Gonnard
13a9776676 Editorial improvements
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-07 12:00:04 +02:00
Manuel Pégourié-Gonnard
3b5a7c198c Update ChangeLog and migration guide
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-07 11:13:34 +02:00
Dave Rodgman
f21e4621f8 Changelog entry for updated tool versions
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-07 09:18:50 +01:00