mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-08 13:27:19 +02:00

Author	SHA1	Message	Date
David Horstmann	5d094d35ad	Add ChangeLog entry for code style script Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-12-06 17:02:35 +00:00
Gilles Peskine	01bf631159	Fix NULL+0 undefined behavior in ECB encryption and decryption psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to a null pointer when the cipher does not use an IV. This is undefined behavior, although it works as naively expected on most platforms. This can cause a crash with modern Clang+ASan (depending on compiler optimizations). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-23 17:23:44 +01:00
Gilles Peskine	b358e46c8e	Merge pull request #6618 from gilles-peskine-arm/mpi_sint-min-ub-2.28 Backport 2.28: Fix undefined behavior in bignum: NULL+0 and -most-negative-sint	2022-11-21 19:52:03 +01:00
Gilles Peskine	de1629aff9	Fix undefined behavior with the most negative mbedtls_mpi_sint When x is the most negative value of a two's complement type, `(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x` has well-defined behavior and does what was intended. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-17 11:03:46 +01:00
Gilles Peskine	103cf59e46	Fix NULL+0 in addition 0 + 0 Fix undefined behavior (typically harmless in practice) of mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() when both operands are 0 and the left operand is represented with 0 limbs. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-17 11:03:46 +01:00
Janos Follath	e530b5b4c4	Merge pull request #6579 from gilles-peskine-arm/negative-zero-from-add-2.28 Backport 2.28: Fix negative zero from bignum add/subtract	2022-11-16 14:06:04 +00:00
Aditya Deshpande	f22f73ef4e	Fix issue in dh_genprime.c where the error code returned by mbedtls_mpi_write_file() is incorrectly reported on failure Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2022-11-10 15:33:11 +00:00
Gilles Peskine	195e1c8107	Changelog entry for the negative zero from add/sub Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-10 15:15:25 +01:00
Gilles Peskine	cb492102bf	Merge pull request #6380 from Kabbah/backport2.28-x509-info-hwmodulename-hex [Backport 2.28] `x509_info_subject_alt_name`: Render HardwareModuleName as hex	2022-11-08 17:11:09 +01:00
Dave Rodgman	febe14e6e0	Add Changelog Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-01 16:28:20 +00:00
Dave Rodgman	0bbe75838e	Merge pull request #6191 from daverodgman/invalid-ecdsa-pubkey-backport-2.28 Improve ECDSA verify validation - 2.28 backport	2022-10-31 09:37:38 +00:00
Dave Rodgman	23b79b6c9c	Credit Cryptofuzz in the changelog Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-10-27 20:36:47 +01:00
Dave Rodgman	a66e7edf09	Improve changelog for ECDSA verify fix Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-10-27 20:34:59 +01:00
Ronald Cron	2e0a11556e	Merge pull request #6483 from gilles-peskine-arm/psa-pkparse-pkwrite-2.28 Backport 2.28: PSA with RSA requires PK_WRITE and PK_PARSE	2022-10-26 14:57:41 +02:00
Ronald Cron	c527796ecb	Merge pull request #6392 from davidhorstmann-arm/2.28-fix-x509-get-name-cleanup [Backport 2.28] Fix `mbedtls_x509_get_name()` cleanup	2022-10-26 14:28:04 +02:00
Gilles Peskine	8fb928f642	Fix PSA+RSA dependencies on PK The PSA code needs pk_parse as well as pk_write for RSA keys. Fix #6409. This is independent of PKCS#1v1.5 support. Fix #6408. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-25 20:32:02 +02:00
Manuel Pégourié-Gonnard	3495ca309b	Merge pull request #6415 from mprse/aead_driver_test_2_28_backport 2.28 backport: Enable testing of AEAD drivers with libtestdriver1	2022-10-14 11:11:06 +02:00
Gilles Peskine	279188f3f3	Merge pull request #6396 from gilles-peskine-arm/platform.h-unconditional-2.28 Backport 2.28: Include platform.h unconditionally	2022-10-13 10:19:25 +02:00
Przemek Stekiel	65caa16973	Add changelog entry Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-13 08:06:47 +02:00
Przemek Stekiel	1834a2e985	Reword change log entry Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-10 14:03:16 +02:00
Gilles Peskine	0b7229d8c4	Include platform.h unconditionally: fixes undefined mbedtls_setbuf Now that mbedtls/platform.h is included unconditionally, there are no more configurations where mbedtls_setbuf was accidentally left out of the manual definitions when MBEDTLS_PLATFORM_C is disabled. Fixes #6118, #6196. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-07 15:52:58 +02:00
Przemek Stekiel	0a48eaebc6	Add changelog entry: tls 1.2 builds with single encryption type Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-06 12:18:27 +02:00
David Horstmann	854be05949	Add ChangeLog entry for memory leak fix Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-05 12:59:37 +01:00
Victor Barpp Gomes	78d343ec5c	Add Changelog entry Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>	2022-09-30 09:32:27 -03:00
Dave Rodgman	78508c496c	Changelog for ECDSA verify fix Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-09-23 10:42:33 +01:00
savent	a37f5c1da3	cmake: IAR support option( MBEDTLS_FATAL_WARNINGS) IAR toolchain makes some warning, forcing 'warning as error' is not for sure. Signed-off-by: savent <savent_gate@outlook.com>	2022-08-09 10:54:13 +01:00
Gilles Peskine	f222b8e041	Merge pull request #6161 from daverodgman/backport-cert-symlink Backport 2.28: x509_crt: handle properly broken links when looking for certificates	2022-08-03 13:05:31 +02:00
Gilles Peskine	ddc3845782	Merge pull request #6168 from mman/mbedtls-2.28 Use double quotes to include private header file psa_crypto_cipher.h	2022-08-03 13:05:00 +02:00
Martin Man	43dedd8afe	Use double quotes to include private header file psa_crypto_cipher.h Signed-off-by: Martin Man <mman@martinman.net> Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>	2022-08-02 13:36:18 +02:00
Dave Rodgman	626b37859c	Add Changelog entry Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-29 14:27:52 +01:00
Dave Rodgman	7d4a8da1b7	Add Changelog entry Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-29 11:34:26 +01:00
Tom Cosgrove	accd50d4cd	Add a ChangeLog entry Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-07-19 09:02:47 +01:00
Dave Rodgman	6743ec492e	Assemble Changelog Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-11 10:43:37 +01:00
Dave Rodgman	b51e0c7e56	Add correct .txt extension to Changelog entry Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-11 10:43:32 +01:00
Dave Rodgman	df275c4227	Merge remote-tracking branch 'restricted/mbedtls-2.28-restricted' into mbedtls-2.28.1rc0-pr	2022-07-11 10:42:55 +01:00
Andrzej Kurek	135afdca1e	Changelog rewording Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-06 06:48:48 -04:00
Andrzej Kurek	33b731f637	Improve changelog wording Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-06 06:43:18 -04:00
Andrzej Kurek	78c63511ae	Add a changelog entry for the session resumption + CID bug Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-06 06:43:09 -04:00
Paul Elliott	06986de4ea	Merge pull request #6066 from AndrzejKurek/fix-some-resource-leaks-2-28 Fix `mbedtls_pk_parse_public_key` resource leaks	2022-07-05 23:12:11 +01:00
Andrzej Kurek	cd5e671b5a	Add a changelog entry for pkparse bugs Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-05 10:32:38 -04:00
Ronald Cron	0ae1c1c49c	Merge pull request #5991 from gilles-peskine-arm/asn1write-0-fix-2.28 Backport 2.28: Improve ASN.1 write tests	2022-06-30 15:42:31 +02:00
Paul Elliott	24ed2caaff	Fix the wrong variable being used for TLS record size checks Fix an issue whereby a variable was used to check the size of incoming TLS records against the configured maximum prior to it being set to the right value. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-06-30 12:37:15 +01:00
Dave Rodgman	eee5c8ac23	Merge pull request #5982 from gilles-peskine-arm/selftest-calloc-pointer-comparison-fix-2.28 Backport 2.28: Remove largely useless bit of test log to silence GCC 12	2022-06-29 15:25:00 +01:00
Gilles Peskine	bb34feea0d	Fix bug whereby 0 was written as 0200 rather than 020100 0200 is not just non-DER, it's completely invalid, since there has to be a sign bit. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-29 11:04:48 +02:00
Gilles Peskine	06c5e929ba	Merge pull request #5863 from wernerlewis/csr_subject_comma_2.28 [Backport 2.28] Fix output of commas and other special characters in X509 DN values	2022-06-28 21:00:47 +02:00
Gilles Peskine	83f54aad6a	Changelog: minor copyediting Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-28 00:05:58 +02:00
Gilles Peskine	cd1608914f	Changelog: clarify a cmake-related entry as being about cmake Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-28 00:05:50 +02:00
Gilles Peskine	8960d0585b	Changelog: mention bug id in bugfix entry Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-28 00:05:50 +02:00
Gilles Peskine	06900034cb	Changelog: remove bugfix entry that's actually a robustness improvement If the key agreement or the public key export in ssl_write_client_key_exchange() fails, the handshake enters a failed state. The only valid thing you can do in a failed handshake is to abort it, which calls mbedtls_ssl_handshake_free(), which destroys ecdh_psa_privey. While it's good hygiene to destroy the key in the function that creates it, it would have been cleaned up a little later in the normal course of things anyway, so there wasn't an actual bug. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-28 00:05:49 +02:00
Gilles Peskine	dc7e34ca2e	Clarify potential ambiguity in changelog entry Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-27 14:48:44 +02:00

1 2 3 4 5 ...

545 Commits