mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-03 11:06:14 +02:00

Author	SHA1	Message	Date
Manuel Pégourié-Gonnard	b48ddb3f4e	Merge pull request #1485 from gilles-peskine-arm/dev-random-config-3.6 Backport 3.6: Use /dev/random and make it configurable	2026-03-17 10:54:46 +01:00
Gilles Peskine	03fafd2637	Update a statement about the default value (now /dev/random) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-16 14:02:47 +01:00
Bence Szépkúti	c5f0f738ed	Merge pull request #1497 from gilles-peskine-arm/psa-rng-reseed-3.6 Backport 3.6: API to reseed the PSA RNG	2026-03-16 13:53:53 +01:00
Manuel Pégourié-Gonnard	0d48c34169	Merge pull request #1490 from ronald-cron-arm/tls12-2nd-client-hello-3.6 Backport 3.6: Fix TLS 1.2 client hello after HRR	2026-03-16 10:58:44 +01:00
Gilles Peskine	d05d789316	grammar Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-15 19:53:48 +01:00
Gilles Peskine	e6efd3e406	Match macro definition order with order in mbedtls_entropy_init Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-15 19:52:16 +01:00
Gilles Peskine	900b7dc5ac	Test that the compile-time and run-time entropy source counts match Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-15 19:52:16 +01:00
Gilles Peskine	909055d760	Fix negation that broke psa_random_set_prediction_resistance Platform entropy is available when `MBEDTLS_NO_PLATFORM_ENTROPY` is _not_ defined. This caused the ok/not-supported behavior of `broke psa_random_set_prediction_resistance() to be inverted, and the unit tests checking that behavior to be similarly inverted, so the unit tests didn't catch it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-15 19:32:39 +01:00
Manuel Pégourié-Gonnard	2d0aa97f81	Merge pull request #1501 from mpg/restricted-ffdh-peerkey-checks [Backport 3.6] FFDH peer key checks	2026-03-13 12:44:30 +01:00
Manuel Pégourié-Gonnard	01b04ab723	Merge pull request #1489 from davidhorstmann-arm/fix-psa-ffdh-buffer-overflow-3.6 [Backport 3.6] Fix buffer overflow in FFDH public key export	2026-03-13 09:56:43 +01:00
Gilles Peskine	9d17d28dda	More documentation improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-12 12:39:16 +01:00
Gilles Peskine	f05a711011	Minor documentation improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-11 12:58:22 +01:00
Gilles Peskine	43afaa5343	Fix Doxygen warning in realfull config Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-11 12:21:18 +01:00
Gilles Peskine	d8ce52df19	Fix Doxygen comment start Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-11 10:48:58 +01:00
Gilles Peskine	409427eac4	Fix grammar Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-11 10:31:59 +01:00
Gilles Peskine	7cf7a85008	Add missing parenthetical remark Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-11 10:31:58 +01:00
Ronald Cron	0be90b44e2	Add change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-10 19:26:14 +01:00
Ronald Cron	668e677faf	tls13_hrr_then_tls12_second_client_hello: Improve client and server state checks Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-10 19:26:14 +01:00
Ronald Cron	7b3af46c40	tls13_hrr_then_tls12_second_client_hello: Improve some comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-10 19:26:08 +01:00
Ronald Cron	a76e7c65bc	tls13_hrr_then_tls12_second_client_hello: Various improvements Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2026-03-10 17:08:22 +01:00
Manuel Pégourié-Gonnard	199d4d9380	FFDH: fix wrong word in comment Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2026-03-10 11:40:14 +01:00
David Horstmann	97c4e3f69b	Add missing full stop in ChangeLog entry Signed-off-by: David Horstmann <david.horstmann@arm.com>	2026-03-10 09:09:56 +00:00
David Horstmann	89f132d3fa	Add buffer-too-small case for FFDH-8192 Signed-off-by: David Horstmann <david.horstmann@arm.com>	2026-03-10 09:07:20 +00:00
David Horstmann	14b37ec1c4	Add small buffer case for P521 import/export Specifically for the simple import/export case and also the import/export-public case. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2026-03-10 09:05:37 +00:00
David Horstmann	cc4e191d4f	Add missing buffer-too-small tests Add tests for key import-export and key import followed by public-key export when the output buffer is too small. Add these tests for the following curves: * p256 as an example of a Weierstrass curve * Curve25519 * Curve448 Signed-off-by: David Horstmann <david.horstmann@arm.com>	2026-03-10 09:05:37 +00:00
David Horstmann	23e688b3ab	Add credit to the ChangeLog entry Signed-off-by: David Horstmann <david.horstmann@arm.com>	2026-03-10 09:05:37 +00:00
David Horstmann	1ecd0c1ea6	Simplify ChangeLog entry Improve readability of the ChangeLog by including only the strictly necessary information. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2026-03-10 09:05:37 +00:00
David Horstmann	a749c3a5f8	Add ChangeLog entry for FFDH buffer overflow fix Signed-off-by: David Horstmann <david.horstmann@arm.com>	2026-03-10 09:05:37 +00:00
David Horstmann	01bcc1f754	Add missing FFDH public key buffer length check When exporting an FFDH public key we were not properly checking the length of the output buffer and would write the full length of the key in all cases. Fix this by checking the size of the output buffer before we write to it. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2026-03-10 09:05:37 +00:00
David Horstmann	443300e700	Add testcase for FFDH buffer overflow This testcase calls psa_export_public_key() on an FFDH key with an output buffer that is too small. Since the size is calculated based on the required key size but not checked against the available buffer size, we overflow the buffer. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2026-03-10 09:05:37 +00:00
Gilles Peskine	fc38b65561	Add advice to reseed the RNG if the application is cloned Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-09 18:06:38 +01:00
Manuel Pégourié-Gonnard	4704b6b4bd	Merge pull request #1488 from davidhorstmann-arm/fix-null-pointer-dereference-3.6 [Backport 3.6] Fix null pointer dereference in `mbedtls_x509_string_to_names()`	2026-03-09 12:42:56 +01:00
Manuel Pégourié-Gonnard	6a5d54b73d	Merge pull request #1503 from gilles-peskine-arm/merge-3.6-restricted-20260309 Merge 3.6 public into restricted (ready for fork fix)	2026-03-09 10:11:32 +01:00
Gilles Peskine	02b2b50fb0	Update framework with unix detection improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2026-03-08 20:31:59 +01:00
Gilles Peskine	8f8b70aff1	Merge remote-tracking branch 'mbedtls-3.6' into merge-3.6-restricted-20260309	2026-03-08 20:26:08 +01:00
Gilles Peskine	4b571add25	Merge pull request #10621 from gilles-peskine-arm/unix-detection-202601-3.6 Backport 3.6: Simplify platform requirements	2026-03-06 18:06:04 +00:00
David Horstmann	f858b47709	Merge pull request #1500 from gilles-peskine-arm/inet_pton-changelog-attribution-3.6 Update attribution to conform to contributor's request	2026-03-05 15:00:22 +00:00
Manuel Pégourié-Gonnard	174c323479	FFDH: fix some typos in test case titles Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2026-03-05 14:26:06 +01:00
Manuel Pégourié-Gonnard	e1d64c5ce2	Fix misplaced blank line in test data file Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2026-03-05 13:10:35 +01:00
Manuel Pégourié-Gonnard	35aec41600	Add Changelog entry for FFDH missing peerkey check Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2026-03-05 13:07:23 +01:00
Manuel Pégourié-Gonnard	f22ed632b4	FFDH: also test peer key 1 byte too long Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2026-03-05 13:04:50 +01:00
Manuel Pégourié-Gonnard	20a84bd287	FFDH: also test peer key = p, p+1, ff...ff Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2026-03-05 12:57:20 +01:00
Manuel Pégourié-Gonnard	7453b664af	tests: use derive_setup when applicable There was a single case for key_agreement_setup that was failing when setting up the derivation operation. Move this test case to use derive_setup() instead. Add a corresponding positive test with derive_setup() to make it more obvious that KEY_AGREEEMENT(ECDH, KDF) works and the problem really is that the KDF is unknown. Not the expected_status_setup argument of key_agreement_setup is no longer needed and can be removed. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2026-03-05 12:57:05 +01:00
Manuel Pégourié-Gonnard	8eb4fba6fb	FFDH: expand comment on peerkey check Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2026-03-05 12:56:53 +01:00
Manuel Pégourié-Gonnard	c173dfb035	FFDH: improve sanity checks - avoid grouping checks, for a better debugging experience (breakpoints) - use a more logical order, checking the key type first Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2026-03-05 12:56:45 +01:00
Manuel Pégourié-Gonnard	5cce3c8a75	Add comment in raw key agreement test function Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2026-03-05 12:56:35 +01:00
Manuel Pégourié-Gonnard	7a4e2c67b4	FFDH: reorder checks to satisfy picky test Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2026-03-05 12:56:22 +01:00
Manuel Pégourié-Gonnard	fb70b7f849	FFDH: test with key derivation and bad peer key Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2026-03-05 12:53:19 +01:00
Manuel Pégourié-Gonnard	118dc8c347	DH: clean up test function key_agreement_setup() See the comment that was there. I chose not to split the test function in two, but just have two arguments for each expected status. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2026-03-05 12:53:03 +01:00
Manuel Pégourié-Gonnard	10c5db67be	FFDH: clean up size check Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2026-03-05 12:52:19 +01:00

1 2 3 4 5 ...

32567 Commits