TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-25 05:31:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,954 Commits 177 Branches 276 Tags
a129babb83279f8d2f56624238e2c70ddea46bb9
Commit Graph

522 Commits

Author SHA1 Message Date
Przemek Stekiel
1834a2e985 Reword change log entry 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-10 14:03:16 +02:00
Przemek Stekiel
0a48eaebc6 Add changelog entry: tls 1.2 builds with single encryption type 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-06 12:18:27 +02:00
savent
a37f5c1da3 cmake: IAR support option( MBEDTLS_FATAL_WARNINGS) 
IAR toolchain makes some warning, forcing 'warning as error' is not for sure.

Signed-off-by: savent <savent_gate@outlook.com>
 2022-08-09 10:54:13 +01:00
Gilles Peskine
f222b8e041 Merge pull request #6161 from daverodgman/backport-cert-symlink 
Backport 2.28: x509_crt: handle properly broken links when looking for certificates
 2022-08-03 13:05:31 +02:00
Gilles Peskine
ddc3845782 Merge pull request #6168 from mman/mbedtls-2.28 
Use double quotes to include private header file psa_crypto_cipher.h
 2022-08-03 13:05:00 +02:00
Martin Man
43dedd8afe Use double quotes to include private header file psa_crypto_cipher.h 
Signed-off-by: Martin Man <mman@martinman.net>
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
 2022-08-02 13:36:18 +02:00
Dave Rodgman
626b37859c Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-29 14:27:52 +01:00
Dave Rodgman
7d4a8da1b7 Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-29 11:34:26 +01:00
Tom Cosgrove
accd50d4cd Add a ChangeLog entry 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-07-19 09:02:47 +01:00
Dave Rodgman
6743ec492e Assemble Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-11 10:43:37 +01:00
Dave Rodgman
b51e0c7e56 Add correct .txt extension to Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-11 10:43:32 +01:00
Dave Rodgman
df275c4227 Merge remote-tracking branch 'restricted/mbedtls-2.28-restricted' into mbedtls-2.28.1rc0-pr 2022-07-11 10:42:55 +01:00
Andrzej Kurek
135afdca1e Changelog rewording 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 06:48:48 -04:00
Andrzej Kurek
33b731f637 Improve changelog wording 
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 06:43:18 -04:00
Andrzej Kurek
78c63511ae Add a changelog entry for the session resumption + CID bug 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 06:43:09 -04:00
Paul Elliott
06986de4ea Merge pull request #6066 from AndrzejKurek/fix-some-resource-leaks-2-28 
Fix `mbedtls_pk_parse_public_key` resource leaks
 2022-07-05 23:12:11 +01:00
Andrzej Kurek
cd5e671b5a Add a changelog entry for pkparse bugs 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-05 10:32:38 -04:00
Ronald Cron
0ae1c1c49c Merge pull request #5991 from gilles-peskine-arm/asn1write-0-fix-2.28 
Backport 2.28: Improve ASN.1 write tests
 2022-06-30 15:42:31 +02:00
Paul Elliott
24ed2caaff Fix the wrong variable being used for TLS record size checks 
Fix an issue whereby a variable was used to check the size of incoming
TLS records against the configured maximum prior to it being set to the
right value.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-06-30 12:37:15 +01:00
Dave Rodgman
eee5c8ac23 Merge pull request #5982 from gilles-peskine-arm/selftest-calloc-pointer-comparison-fix-2.28 
Backport 2.28: Remove largely useless bit of test log to silence GCC 12
 2022-06-29 15:25:00 +01:00
Gilles Peskine
bb34feea0d Fix bug whereby 0 was written as 0200 rather than 020100 
0200 is not just non-DER, it's completely invalid, since there has to be a
sign bit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-29 11:04:48 +02:00
Gilles Peskine
06c5e929ba Merge pull request #5863 from wernerlewis/csr_subject_comma_2.28 
[Backport 2.28] Fix output of commas and other special characters in X509 DN values
 2022-06-28 21:00:47 +02:00
Gilles Peskine
83f54aad6a Changelog: minor copyediting 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-28 00:05:58 +02:00
Gilles Peskine
cd1608914f Changelog: clarify a cmake-related entry as being about cmake 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-28 00:05:50 +02:00
Gilles Peskine
8960d0585b Changelog: mention bug id in bugfix entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-28 00:05:50 +02:00
Gilles Peskine
06900034cb Changelog: remove bugfix entry that's actually a robustness improvement 
If the key agreement or the public key export in
ssl_write_client_key_exchange() fails, the handshake enters a failed state.
The only valid thing you can do in a failed handshake is to abort it, which
calls mbedtls_ssl_handshake_free(), which destroys ecdh_psa_privey. While
it's good hygiene to destroy the key in the function that creates it, it
would have been cleaned up a little later in the normal course of things
anyway, so there wasn't an actual bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-28 00:05:49 +02:00
Gilles Peskine
dc7e34ca2e Clarify potential ambiguity in changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 14:48:44 +02:00
Gilles Peskine
c9529f9649 Fix null pointer dereference in mpi_mod_int(0, 2) 
Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or
mbedtls_mpi_write_string() in base 2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 14:48:44 +02:00
Dave Rodgman
4118092105 Merge pull request #5825 from polhenarejos/mbedtls-2.28 
Backport 2.28: Fix for order value for curve448
 2022-06-27 13:47:31 +01:00
Gilles Peskine
52396ef622 Remove largely useless bit of test log to silence GCC 12 
GCC 12 emits a warning because it thinks `buffer1` is used after having been
freed. The code is correct C because we're only using the value of
`(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for
anything useful: it doesn't really matter if an alloc-free-alloc sequence
returns the same address twice. So don't print that bit of information, and
this way we don't need to save the old address.

Fixes #5974.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 14:30:48 +02:00
Werner Lewis
2ee1e2dd22 Replace parsing with outputting 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 10:03:10 +01:00
Manuel Pégourié-Gonnard
8641102bc1 Fix impact evaluation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:04:31 +02:00
Manuel Pégourié-Gonnard
37e5999ac3 Fix potential buffer overread with USE_PSA 
Using opaque keys for static ECDH is not supported in this branch (will
be introduced in 3.2). In case we reach that point, error out cleanly
instead of miscasting a pointer. Since opaque keys were introduced,
mbedtls_pk_can_do() was no longer a precise enough check.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:04:31 +02:00
Andrzej Kurek
6b4f062cde Fix incorrect changelog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-17 07:37:36 -04:00
Andrzej Kurek
a39170bbed Add a changelog entry for the cookie parsing bounds bug 
Co-authored-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-17 07:36:50 -04:00
Werner Lewis
02c9d3b9c2 Fix parsing of special chars in X509 DN values 
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes #769.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-08 14:38:38 +01:00
Dave Rodgman
ce02537b0c Merge pull request #5828 from wernerlewis/time_utc_2.28 
[Backport 2.28] Use ASN1 UTC tags for dates before 2000
 2022-06-08 13:55:38 +01:00
Werner Lewis
1b54a05f77 Use ASN1 UTC tags for dates before 2000 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-01 16:28:10 +01:00
Gilles Peskine
adf225dfd6 Merge pull request #5848 from tom-daubney-arm/2-28_x25519_program 
[2.28] Rewrite x25519 example program
 2022-05-31 11:26:27 +02:00
Thomas Daubney
c227ea5942 Adds Changelog entry 
Adds change log entry.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-05-30 14:12:24 +01:00
Gilles Peskine
42313fbfcc psa_raw_key_agreement: return BUFFER_TOO_SMALL when warranted 
psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH,
the only algorithm that is currently implemented. Make it return the correct
error code.

The reason for the wrong error code is that ecdh.c returns
MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It
might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL,
but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the
impact of the fix, handle this in the PSA layer.

Fixes #5735.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-17 16:29:55 +02:00
Pol Henarejos
679d1a085a Added fix for x448 bug to changelog. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-09 10:14:48 +02:00
Werner Lewis
6342debc72 Add ChangeLog entry 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-05-04 16:27:54 +01:00
Gilles Peskine
9aa892b833 Merge pull request #5754 from gilles-peskine-arm/psa-storage-format-test-exercise-2.28 
Backport 2.28: PSA storage format: exercise key
 2022-04-28 18:20:09 +02:00
Gilles Peskine
f87d84361c Merge pull request #5740 from gilles-peskine-arm/psa-crypto-config-file-2.28 
Backport 2.28: Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
 2022-04-28 18:17:45 +02:00
Hanno Becker
c61543dc71 Adapt ChangeLog 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-04-25 11:57:09 +02:00
Gilles Peskine
500e48f095 Consistently use "ARC4" in PSA docs and comments 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-25 09:49:39 +02:00
Gilles Peskine
f7a101af3c Merge pull request #5730 from gilles-peskine-arm/ssl-opt-auto-psk-2.28 
Backport 2.28: Run ssl-opt.sh in more reduced configurations
 2022-04-21 12:03:43 +02:00
Gilles Peskine
4a83c1047f Fix RC4 multipart PSA 
RC4 doesn't take an IV.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-20 20:58:04 +02:00
Gilles Peskine
46cc5fd321 Wording improvement 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-14 13:54:57 +02:00