TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-07 21:07:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,081 Commits 179 Branches 280 Tags
2478b3499f1e33b53e72ed2995604e78e7e80b21
Commit Graph

537 Commits

Author SHA1 Message Date
Gilles Peskine
cb492102bf Merge pull request #6380 from Kabbah/backport2.28-x509-info-hwmodulename-hex 
[Backport 2.28] `x509_info_subject_alt_name`: Render HardwareModuleName as hex
 2022-11-08 17:11:09 +01:00
Dave Rodgman
febe14e6e0 Add Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 16:28:20 +00:00
Dave Rodgman
0bbe75838e Merge pull request #6191 from daverodgman/invalid-ecdsa-pubkey-backport-2.28 
Improve ECDSA verify validation - 2.28 backport
 2022-10-31 09:37:38 +00:00
Dave Rodgman
23b79b6c9c Credit Cryptofuzz in the changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-27 20:36:47 +01:00
Dave Rodgman
a66e7edf09 Improve changelog for ECDSA verify fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-27 20:34:59 +01:00
Ronald Cron
2e0a11556e Merge pull request #6483 from gilles-peskine-arm/psa-pkparse-pkwrite-2.28 
Backport 2.28: PSA with RSA requires PK_WRITE and PK_PARSE
 2022-10-26 14:57:41 +02:00
Ronald Cron
c527796ecb Merge pull request #6392 from davidhorstmann-arm/2.28-fix-x509-get-name-cleanup 
[Backport 2.28] Fix `mbedtls_x509_get_name()` cleanup
 2022-10-26 14:28:04 +02:00
Gilles Peskine
8fb928f642 Fix PSA+RSA dependencies on PK 
The PSA code needs pk_parse as well as pk_write for RSA keys. Fix #6409.
This is independent of PKCS#1v1.5 support. Fix #6408.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-25 20:32:02 +02:00
Manuel Pégourié-Gonnard
3495ca309b Merge pull request #6415 from mprse/aead_driver_test_2_28_backport 
2.28 backport: Enable testing of AEAD drivers with libtestdriver1
 2022-10-14 11:11:06 +02:00
Gilles Peskine
279188f3f3 Merge pull request #6396 from gilles-peskine-arm/platform.h-unconditional-2.28 
Backport 2.28: Include platform.h unconditionally
 2022-10-13 10:19:25 +02:00
Przemek Stekiel
65caa16973 Add changelog entry 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-13 08:06:47 +02:00
Przemek Stekiel
1834a2e985 Reword change log entry 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-10 14:03:16 +02:00
Gilles Peskine
0b7229d8c4 Include platform.h unconditionally: fixes undefined mbedtls_setbuf 
Now that mbedtls/platform.h is included unconditionally, there are no more
configurations where mbedtls_setbuf was accidentally left out of the manual
definitions when MBEDTLS_PLATFORM_C is disabled. Fixes #6118, #6196.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-07 15:52:58 +02:00
Przemek Stekiel
0a48eaebc6 Add changelog entry: tls 1.2 builds with single encryption type 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-06 12:18:27 +02:00
David Horstmann
854be05949 Add ChangeLog entry for memory leak fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-05 12:59:37 +01:00
Victor Barpp Gomes
78d343ec5c Add Changelog entry 
Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>
 2022-09-30 09:32:27 -03:00
Dave Rodgman
78508c496c Changelog for ECDSA verify fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-23 10:42:33 +01:00
savent
a37f5c1da3 cmake: IAR support option( MBEDTLS_FATAL_WARNINGS) 
IAR toolchain makes some warning, forcing 'warning as error' is not for sure.

Signed-off-by: savent <savent_gate@outlook.com>
 2022-08-09 10:54:13 +01:00
Gilles Peskine
f222b8e041 Merge pull request #6161 from daverodgman/backport-cert-symlink 
Backport 2.28: x509_crt: handle properly broken links when looking for certificates
 2022-08-03 13:05:31 +02:00
Gilles Peskine
ddc3845782 Merge pull request #6168 from mman/mbedtls-2.28 
Use double quotes to include private header file psa_crypto_cipher.h
 2022-08-03 13:05:00 +02:00
Martin Man
43dedd8afe Use double quotes to include private header file psa_crypto_cipher.h 
Signed-off-by: Martin Man <mman@martinman.net>
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
 2022-08-02 13:36:18 +02:00
Dave Rodgman
626b37859c Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-29 14:27:52 +01:00
Dave Rodgman
7d4a8da1b7 Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-29 11:34:26 +01:00
Tom Cosgrove
accd50d4cd Add a ChangeLog entry 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-07-19 09:02:47 +01:00
Dave Rodgman
6743ec492e Assemble Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-11 10:43:37 +01:00
Dave Rodgman
b51e0c7e56 Add correct .txt extension to Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-11 10:43:32 +01:00
Dave Rodgman
df275c4227 Merge remote-tracking branch 'restricted/mbedtls-2.28-restricted' into mbedtls-2.28.1rc0-pr 2022-07-11 10:42:55 +01:00
Andrzej Kurek
135afdca1e Changelog rewording 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 06:48:48 -04:00
Andrzej Kurek
33b731f637 Improve changelog wording 
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 06:43:18 -04:00
Andrzej Kurek
78c63511ae Add a changelog entry for the session resumption + CID bug 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 06:43:09 -04:00
Paul Elliott
06986de4ea Merge pull request #6066 from AndrzejKurek/fix-some-resource-leaks-2-28 
Fix `mbedtls_pk_parse_public_key` resource leaks
 2022-07-05 23:12:11 +01:00
Andrzej Kurek
cd5e671b5a Add a changelog entry for pkparse bugs 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-05 10:32:38 -04:00
Ronald Cron
0ae1c1c49c Merge pull request #5991 from gilles-peskine-arm/asn1write-0-fix-2.28 
Backport 2.28: Improve ASN.1 write tests
 2022-06-30 15:42:31 +02:00
Paul Elliott
24ed2caaff Fix the wrong variable being used for TLS record size checks 
Fix an issue whereby a variable was used to check the size of incoming
TLS records against the configured maximum prior to it being set to the
right value.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-06-30 12:37:15 +01:00
Dave Rodgman
eee5c8ac23 Merge pull request #5982 from gilles-peskine-arm/selftest-calloc-pointer-comparison-fix-2.28 
Backport 2.28: Remove largely useless bit of test log to silence GCC 12
 2022-06-29 15:25:00 +01:00
Gilles Peskine
bb34feea0d Fix bug whereby 0 was written as 0200 rather than 020100 
0200 is not just non-DER, it's completely invalid, since there has to be a
sign bit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-29 11:04:48 +02:00
Gilles Peskine
06c5e929ba Merge pull request #5863 from wernerlewis/csr_subject_comma_2.28 
[Backport 2.28] Fix output of commas and other special characters in X509 DN values
 2022-06-28 21:00:47 +02:00
Gilles Peskine
83f54aad6a Changelog: minor copyediting 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-28 00:05:58 +02:00
Gilles Peskine
cd1608914f Changelog: clarify a cmake-related entry as being about cmake 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-28 00:05:50 +02:00
Gilles Peskine
8960d0585b Changelog: mention bug id in bugfix entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-28 00:05:50 +02:00
Gilles Peskine
06900034cb Changelog: remove bugfix entry that's actually a robustness improvement 
If the key agreement or the public key export in
ssl_write_client_key_exchange() fails, the handshake enters a failed state.
The only valid thing you can do in a failed handshake is to abort it, which
calls mbedtls_ssl_handshake_free(), which destroys ecdh_psa_privey. While
it's good hygiene to destroy the key in the function that creates it, it
would have been cleaned up a little later in the normal course of things
anyway, so there wasn't an actual bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-28 00:05:49 +02:00
Gilles Peskine
dc7e34ca2e Clarify potential ambiguity in changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 14:48:44 +02:00
Gilles Peskine
c9529f9649 Fix null pointer dereference in mpi_mod_int(0, 2) 
Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or
mbedtls_mpi_write_string() in base 2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 14:48:44 +02:00
Dave Rodgman
4118092105 Merge pull request #5825 from polhenarejos/mbedtls-2.28 
Backport 2.28: Fix for order value for curve448
 2022-06-27 13:47:31 +01:00
Gilles Peskine
52396ef622 Remove largely useless bit of test log to silence GCC 12 
GCC 12 emits a warning because it thinks `buffer1` is used after having been
freed. The code is correct C because we're only using the value of
`(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for
anything useful: it doesn't really matter if an alloc-free-alloc sequence
returns the same address twice. So don't print that bit of information, and
this way we don't need to save the old address.

Fixes #5974.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 14:30:48 +02:00
Werner Lewis
2ee1e2dd22 Replace parsing with outputting 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 10:03:10 +01:00
Manuel Pégourié-Gonnard
8641102bc1 Fix impact evaluation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:04:31 +02:00
Manuel Pégourié-Gonnard
37e5999ac3 Fix potential buffer overread with USE_PSA 
Using opaque keys for static ECDH is not supported in this branch (will
be introduced in 3.2). In case we reach that point, error out cleanly
instead of miscasting a pointer. Since opaque keys were introduced,
mbedtls_pk_can_do() was no longer a precise enough check.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:04:31 +02:00
Andrzej Kurek
6b4f062cde Fix incorrect changelog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-17 07:37:36 -04:00
Andrzej Kurek
a39170bbed Add a changelog entry for the cookie parsing bounds bug 
Co-authored-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-17 07:36:50 -04:00