TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-03 16:50:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,203 Commits 179 Branches 280 Tags
b0423a260ccea427da5e6da85e5fd5df837e6ae7
Commit Graph

545 Commits

Author SHA1 Message Date
Dominik Gschwind
b0423a260c Copy files instead of hard-linking on Windows 
Fixes an issue on Windows where when source and build directory are on different drives hard-linking
to files or directory fails as it doesn't work across filesystem boundaries. Note that symlinking is also
not possible because it requires administrator privileges on Windows.

The solution copies the files using the built-in cmake `configure_file(src dest COPYONLY)` command.
As this command only operates on files, if a directory is specified the files will be globbed recursively
and through symlinks.

Signed-off-by: Dominik Gschwind <dominik.gschwind99@gmail.com>
 2022-12-07 19:34:52 +01:00
Gilles Peskine
01bf631159 Fix NULL+0 undefined behavior in ECB encryption and decryption 
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-23 17:23:44 +01:00
Gilles Peskine
b358e46c8e Merge pull request #6618 from gilles-peskine-arm/mpi_sint-min-ub-2.28 
Backport 2.28: Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
 2022-11-21 19:52:03 +01:00
Gilles Peskine
de1629aff9 Fix undefined behavior with the most negative mbedtls_mpi_sint 
When x is the most negative value of a two's complement type,
`(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x`
has well-defined behavior and does what was intended.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-17 11:03:46 +01:00
Gilles Peskine
103cf59e46 Fix NULL+0 in addition 0 + 0 
Fix undefined behavior (typically harmless in practice) of
mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() when
both operands are 0 and the left operand is represented with 0 limbs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-17 11:03:46 +01:00
Janos Follath
e530b5b4c4 Merge pull request #6579 from gilles-peskine-arm/negative-zero-from-add-2.28 
Backport 2.28: Fix negative zero from bignum add/subtract
 2022-11-16 14:06:04 +00:00
Aditya Deshpande
f22f73ef4e Fix issue in dh_genprime.c where the error code returned by mbedtls_mpi_write_file() is incorrectly reported on failure 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-10 15:33:11 +00:00
Gilles Peskine
195e1c8107 Changelog entry for the negative zero from add/sub 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-10 15:15:25 +01:00
Gilles Peskine
cb492102bf Merge pull request #6380 from Kabbah/backport2.28-x509-info-hwmodulename-hex 
[Backport 2.28] `x509_info_subject_alt_name`: Render HardwareModuleName as hex
 2022-11-08 17:11:09 +01:00
Dave Rodgman
febe14e6e0 Add Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 16:28:20 +00:00
Dave Rodgman
0bbe75838e Merge pull request #6191 from daverodgman/invalid-ecdsa-pubkey-backport-2.28 
Improve ECDSA verify validation - 2.28 backport
 2022-10-31 09:37:38 +00:00
Dave Rodgman
23b79b6c9c Credit Cryptofuzz in the changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-27 20:36:47 +01:00
Dave Rodgman
a66e7edf09 Improve changelog for ECDSA verify fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-27 20:34:59 +01:00
Ronald Cron
2e0a11556e Merge pull request #6483 from gilles-peskine-arm/psa-pkparse-pkwrite-2.28 
Backport 2.28: PSA with RSA requires PK_WRITE and PK_PARSE
 2022-10-26 14:57:41 +02:00
Ronald Cron
c527796ecb Merge pull request #6392 from davidhorstmann-arm/2.28-fix-x509-get-name-cleanup 
[Backport 2.28] Fix `mbedtls_x509_get_name()` cleanup
 2022-10-26 14:28:04 +02:00
Gilles Peskine
8fb928f642 Fix PSA+RSA dependencies on PK 
The PSA code needs pk_parse as well as pk_write for RSA keys. Fix #6409.
This is independent of PKCS#1v1.5 support. Fix #6408.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-25 20:32:02 +02:00
Manuel Pégourié-Gonnard
3495ca309b Merge pull request #6415 from mprse/aead_driver_test_2_28_backport 
2.28 backport: Enable testing of AEAD drivers with libtestdriver1
 2022-10-14 11:11:06 +02:00
Gilles Peskine
279188f3f3 Merge pull request #6396 from gilles-peskine-arm/platform.h-unconditional-2.28 
Backport 2.28: Include platform.h unconditionally
 2022-10-13 10:19:25 +02:00
Przemek Stekiel
65caa16973 Add changelog entry 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-13 08:06:47 +02:00
Przemek Stekiel
1834a2e985 Reword change log entry 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-10 14:03:16 +02:00
Gilles Peskine
0b7229d8c4 Include platform.h unconditionally: fixes undefined mbedtls_setbuf 
Now that mbedtls/platform.h is included unconditionally, there are no more
configurations where mbedtls_setbuf was accidentally left out of the manual
definitions when MBEDTLS_PLATFORM_C is disabled. Fixes #6118, #6196.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-07 15:52:58 +02:00
Przemek Stekiel
0a48eaebc6 Add changelog entry: tls 1.2 builds with single encryption type 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-06 12:18:27 +02:00
David Horstmann
854be05949 Add ChangeLog entry for memory leak fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-05 12:59:37 +01:00
Victor Barpp Gomes
78d343ec5c Add Changelog entry 
Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>
 2022-09-30 09:32:27 -03:00
Dave Rodgman
78508c496c Changelog for ECDSA verify fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-23 10:42:33 +01:00
savent
a37f5c1da3 cmake: IAR support option( MBEDTLS_FATAL_WARNINGS) 
IAR toolchain makes some warning, forcing 'warning as error' is not for sure.

Signed-off-by: savent <savent_gate@outlook.com>
 2022-08-09 10:54:13 +01:00
Gilles Peskine
f222b8e041 Merge pull request #6161 from daverodgman/backport-cert-symlink 
Backport 2.28: x509_crt: handle properly broken links when looking for certificates
 2022-08-03 13:05:31 +02:00
Gilles Peskine
ddc3845782 Merge pull request #6168 from mman/mbedtls-2.28 
Use double quotes to include private header file psa_crypto_cipher.h
 2022-08-03 13:05:00 +02:00
Martin Man
43dedd8afe Use double quotes to include private header file psa_crypto_cipher.h 
Signed-off-by: Martin Man <mman@martinman.net>
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
 2022-08-02 13:36:18 +02:00
Dave Rodgman
626b37859c Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-29 14:27:52 +01:00
Dave Rodgman
7d4a8da1b7 Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-29 11:34:26 +01:00
Tom Cosgrove
accd50d4cd Add a ChangeLog entry 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-07-19 09:02:47 +01:00
Dave Rodgman
6743ec492e Assemble Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-11 10:43:37 +01:00
Dave Rodgman
b51e0c7e56 Add correct .txt extension to Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-11 10:43:32 +01:00
Dave Rodgman
df275c4227 Merge remote-tracking branch 'restricted/mbedtls-2.28-restricted' into mbedtls-2.28.1rc0-pr 2022-07-11 10:42:55 +01:00
Andrzej Kurek
135afdca1e Changelog rewording 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 06:48:48 -04:00
Andrzej Kurek
33b731f637 Improve changelog wording 
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 06:43:18 -04:00
Andrzej Kurek
78c63511ae Add a changelog entry for the session resumption + CID bug 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 06:43:09 -04:00
Paul Elliott
06986de4ea Merge pull request #6066 from AndrzejKurek/fix-some-resource-leaks-2-28 
Fix `mbedtls_pk_parse_public_key` resource leaks
 2022-07-05 23:12:11 +01:00
Andrzej Kurek
cd5e671b5a Add a changelog entry for pkparse bugs 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-05 10:32:38 -04:00
Ronald Cron
0ae1c1c49c Merge pull request #5991 from gilles-peskine-arm/asn1write-0-fix-2.28 
Backport 2.28: Improve ASN.1 write tests
 2022-06-30 15:42:31 +02:00
Paul Elliott
24ed2caaff Fix the wrong variable being used for TLS record size checks 
Fix an issue whereby a variable was used to check the size of incoming
TLS records against the configured maximum prior to it being set to the
right value.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-06-30 12:37:15 +01:00
Dave Rodgman
eee5c8ac23 Merge pull request #5982 from gilles-peskine-arm/selftest-calloc-pointer-comparison-fix-2.28 
Backport 2.28: Remove largely useless bit of test log to silence GCC 12
 2022-06-29 15:25:00 +01:00
Gilles Peskine
bb34feea0d Fix bug whereby 0 was written as 0200 rather than 020100 
0200 is not just non-DER, it's completely invalid, since there has to be a
sign bit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-29 11:04:48 +02:00
Gilles Peskine
06c5e929ba Merge pull request #5863 from wernerlewis/csr_subject_comma_2.28 
[Backport 2.28] Fix output of commas and other special characters in X509 DN values
 2022-06-28 21:00:47 +02:00
Gilles Peskine
83f54aad6a Changelog: minor copyediting 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-28 00:05:58 +02:00
Gilles Peskine
cd1608914f Changelog: clarify a cmake-related entry as being about cmake 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-28 00:05:50 +02:00
Gilles Peskine
8960d0585b Changelog: mention bug id in bugfix entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-28 00:05:50 +02:00
Gilles Peskine
06900034cb Changelog: remove bugfix entry that's actually a robustness improvement 
If the key agreement or the public key export in
ssl_write_client_key_exchange() fails, the handshake enters a failed state.
The only valid thing you can do in a failed handshake is to abort it, which
calls mbedtls_ssl_handshake_free(), which destroys ecdh_psa_privey. While
it's good hygiene to destroy the key in the function that creates it, it
would have been cleaned up a little later in the normal course of things
anyway, so there wasn't an actual bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-28 00:05:49 +02:00
Gilles Peskine
dc7e34ca2e Clarify potential ambiguity in changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 14:48:44 +02:00