TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-01 18:21:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,072 Commits 181 Branches 280 Tags
91c0286917ffbfed6499936a179f6c7f35cbb430
Commit Graph

535 Commits

Author SHA1 Message Date
Dave Rodgman
febe14e6e0 Add Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 16:28:20 +00:00
Dave Rodgman
0bbe75838e Merge pull request #6191 from daverodgman/invalid-ecdsa-pubkey-backport-2.28 
Improve ECDSA verify validation - 2.28 backport
 2022-10-31 09:37:38 +00:00
Dave Rodgman
23b79b6c9c Credit Cryptofuzz in the changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-27 20:36:47 +01:00
Dave Rodgman
a66e7edf09 Improve changelog for ECDSA verify fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-27 20:34:59 +01:00
Ronald Cron
2e0a11556e Merge pull request #6483 from gilles-peskine-arm/psa-pkparse-pkwrite-2.28 
Backport 2.28: PSA with RSA requires PK_WRITE and PK_PARSE
 2022-10-26 14:57:41 +02:00
Ronald Cron
c527796ecb Merge pull request #6392 from davidhorstmann-arm/2.28-fix-x509-get-name-cleanup 
[Backport 2.28] Fix `mbedtls_x509_get_name()` cleanup
 2022-10-26 14:28:04 +02:00
Gilles Peskine
8fb928f642 Fix PSA+RSA dependencies on PK 
The PSA code needs pk_parse as well as pk_write for RSA keys. Fix #6409.
This is independent of PKCS#1v1.5 support. Fix #6408.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-25 20:32:02 +02:00
Manuel Pégourié-Gonnard
3495ca309b Merge pull request #6415 from mprse/aead_driver_test_2_28_backport 
2.28 backport: Enable testing of AEAD drivers with libtestdriver1
 2022-10-14 11:11:06 +02:00
Gilles Peskine
279188f3f3 Merge pull request #6396 from gilles-peskine-arm/platform.h-unconditional-2.28 
Backport 2.28: Include platform.h unconditionally
 2022-10-13 10:19:25 +02:00
Przemek Stekiel
65caa16973 Add changelog entry 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-13 08:06:47 +02:00
Przemek Stekiel
1834a2e985 Reword change log entry 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-10 14:03:16 +02:00
Gilles Peskine
0b7229d8c4 Include platform.h unconditionally: fixes undefined mbedtls_setbuf 
Now that mbedtls/platform.h is included unconditionally, there are no more
configurations where mbedtls_setbuf was accidentally left out of the manual
definitions when MBEDTLS_PLATFORM_C is disabled. Fixes #6118, #6196.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-07 15:52:58 +02:00
Przemek Stekiel
0a48eaebc6 Add changelog entry: tls 1.2 builds with single encryption type 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-06 12:18:27 +02:00
David Horstmann
854be05949 Add ChangeLog entry for memory leak fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-05 12:59:37 +01:00
Dave Rodgman
78508c496c Changelog for ECDSA verify fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-23 10:42:33 +01:00
savent
a37f5c1da3 cmake: IAR support option( MBEDTLS_FATAL_WARNINGS) 
IAR toolchain makes some warning, forcing 'warning as error' is not for sure.

Signed-off-by: savent <savent_gate@outlook.com>
 2022-08-09 10:54:13 +01:00
Gilles Peskine
f222b8e041 Merge pull request #6161 from daverodgman/backport-cert-symlink 
Backport 2.28: x509_crt: handle properly broken links when looking for certificates
 2022-08-03 13:05:31 +02:00
Gilles Peskine
ddc3845782 Merge pull request #6168 from mman/mbedtls-2.28 
Use double quotes to include private header file psa_crypto_cipher.h
 2022-08-03 13:05:00 +02:00
Martin Man
43dedd8afe Use double quotes to include private header file psa_crypto_cipher.h 
Signed-off-by: Martin Man <mman@martinman.net>
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
 2022-08-02 13:36:18 +02:00
Dave Rodgman
626b37859c Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-29 14:27:52 +01:00
Dave Rodgman
7d4a8da1b7 Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-29 11:34:26 +01:00
Tom Cosgrove
accd50d4cd Add a ChangeLog entry 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-07-19 09:02:47 +01:00
Dave Rodgman
6743ec492e Assemble Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-11 10:43:37 +01:00
Dave Rodgman
b51e0c7e56 Add correct .txt extension to Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-11 10:43:32 +01:00
Dave Rodgman
df275c4227 Merge remote-tracking branch 'restricted/mbedtls-2.28-restricted' into mbedtls-2.28.1rc0-pr 2022-07-11 10:42:55 +01:00
Andrzej Kurek
135afdca1e Changelog rewording 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 06:48:48 -04:00
Andrzej Kurek
33b731f637 Improve changelog wording 
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 06:43:18 -04:00
Andrzej Kurek
78c63511ae Add a changelog entry for the session resumption + CID bug 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 06:43:09 -04:00
Paul Elliott
06986de4ea Merge pull request #6066 from AndrzejKurek/fix-some-resource-leaks-2-28 
Fix `mbedtls_pk_parse_public_key` resource leaks
 2022-07-05 23:12:11 +01:00
Andrzej Kurek
cd5e671b5a Add a changelog entry for pkparse bugs 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-05 10:32:38 -04:00
Ronald Cron
0ae1c1c49c Merge pull request #5991 from gilles-peskine-arm/asn1write-0-fix-2.28 
Backport 2.28: Improve ASN.1 write tests
 2022-06-30 15:42:31 +02:00
Paul Elliott
24ed2caaff Fix the wrong variable being used for TLS record size checks 
Fix an issue whereby a variable was used to check the size of incoming
TLS records against the configured maximum prior to it being set to the
right value.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-06-30 12:37:15 +01:00
Dave Rodgman
eee5c8ac23 Merge pull request #5982 from gilles-peskine-arm/selftest-calloc-pointer-comparison-fix-2.28 
Backport 2.28: Remove largely useless bit of test log to silence GCC 12
 2022-06-29 15:25:00 +01:00
Gilles Peskine
bb34feea0d Fix bug whereby 0 was written as 0200 rather than 020100 
0200 is not just non-DER, it's completely invalid, since there has to be a
sign bit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-29 11:04:48 +02:00
Gilles Peskine
06c5e929ba Merge pull request #5863 from wernerlewis/csr_subject_comma_2.28 
[Backport 2.28] Fix output of commas and other special characters in X509 DN values
 2022-06-28 21:00:47 +02:00
Gilles Peskine
83f54aad6a Changelog: minor copyediting 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-28 00:05:58 +02:00
Gilles Peskine
cd1608914f Changelog: clarify a cmake-related entry as being about cmake 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-28 00:05:50 +02:00
Gilles Peskine
8960d0585b Changelog: mention bug id in bugfix entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-28 00:05:50 +02:00
Gilles Peskine
06900034cb Changelog: remove bugfix entry that's actually a robustness improvement 
If the key agreement or the public key export in
ssl_write_client_key_exchange() fails, the handshake enters a failed state.
The only valid thing you can do in a failed handshake is to abort it, which
calls mbedtls_ssl_handshake_free(), which destroys ecdh_psa_privey. While
it's good hygiene to destroy the key in the function that creates it, it
would have been cleaned up a little later in the normal course of things
anyway, so there wasn't an actual bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-28 00:05:49 +02:00
Gilles Peskine
dc7e34ca2e Clarify potential ambiguity in changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 14:48:44 +02:00
Gilles Peskine
c9529f9649 Fix null pointer dereference in mpi_mod_int(0, 2) 
Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or
mbedtls_mpi_write_string() in base 2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 14:48:44 +02:00
Dave Rodgman
4118092105 Merge pull request #5825 from polhenarejos/mbedtls-2.28 
Backport 2.28: Fix for order value for curve448
 2022-06-27 13:47:31 +01:00
Gilles Peskine
52396ef622 Remove largely useless bit of test log to silence GCC 12 
GCC 12 emits a warning because it thinks `buffer1` is used after having been
freed. The code is correct C because we're only using the value of
`(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for
anything useful: it doesn't really matter if an alloc-free-alloc sequence
returns the same address twice. So don't print that bit of information, and
this way we don't need to save the old address.

Fixes #5974.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 14:30:48 +02:00
Werner Lewis
2ee1e2dd22 Replace parsing with outputting 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 10:03:10 +01:00
Manuel Pégourié-Gonnard
8641102bc1 Fix impact evaluation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:04:31 +02:00
Manuel Pégourié-Gonnard
37e5999ac3 Fix potential buffer overread with USE_PSA 
Using opaque keys for static ECDH is not supported in this branch (will
be introduced in 3.2). In case we reach that point, error out cleanly
instead of miscasting a pointer. Since opaque keys were introduced,
mbedtls_pk_can_do() was no longer a precise enough check.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:04:31 +02:00
Andrzej Kurek
6b4f062cde Fix incorrect changelog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-17 07:37:36 -04:00
Andrzej Kurek
a39170bbed Add a changelog entry for the cookie parsing bounds bug 
Co-authored-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-17 07:36:50 -04:00
Werner Lewis
02c9d3b9c2 Fix parsing of special chars in X509 DN values 
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes #769.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-08 14:38:38 +01:00
Dave Rodgman
ce02537b0c Merge pull request #5828 from wernerlewis/time_utc_2.28 
[Backport 2.28] Use ASN1 UTC tags for dates before 2000
 2022-06-08 13:55:38 +01:00