TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-14 15:42:41 +02:00
Code Issues Packages Projects Releases Wiki Activity
31,133 Commits 179 Branches 280 Tags
b59bf585acae37b34796070c8fea4ac30e383e72
Commit Graph

13367 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
b59bf585ac Merge pull request #1247 from gilles-peskine-arm/ecdsa-conversion-overflow 
Fix stack buffer overflow in ECDSA signature format conversions
 2024-07-31 12:39:32 +02:00
Waleed Elmelegy
bc5877786b Merge branch 'development' into development-restricted 2024-07-08 14:22:09 +01:00
Gilles Peskine
4efd1645e8 Merge pull request #8983 from Troy-Butler/handle-null-args 
Fix NULL argument handling in mbedtls_xxx_free() functions
 2024-07-04 14:50:55 +00:00
Gilles Peskine
e2902346f5 Merge pull request #9139 from bluerise/silence 
Silence gcc 12.2.0 warning
 2024-07-04 14:49:47 +00:00
Gilles Peskine
c971d80faa Merge pull request #9315 from gilles-peskine-arm/psa_cipher_decrypt-ccm_star-iv_length_enforcement 
psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes
 2024-07-04 14:39:25 +00:00
Ronald Cron
cd906958df Merge pull request #9214 from eleuzi01/replace-mbedtls-md-can-sha3-512 
Replace MBEDTLS_MD_CAN_SHA3_512 with PSA_WANT_ALG_SHA3_512
 2024-07-04 13:31:47 +00:00
Elena Uziunaite
e8cd45ca65 Replace MBEDTLS_MD_CAN_SHA3_512 with PSA_WANT_ALG_SHA3_512 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-04 11:39:46 +01:00
Ronald Cron
2cf41a273e Merge pull request #9171 from eleuzi01/replace-mbedtls-md-can-sha384 
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
 2024-07-04 08:56:52 +00:00
Ronald Cron
45aa4d50de Merge pull request #9125 from eleuzi01/replace-mbedtls-md-can-ripemd160 
Replace MBEDTLS_MD_CAN_RIPEMD160 with PSA_WANT_ALG_RIPEMD160
 2024-07-04 08:38:40 +00:00
Gilles Peskine
4a17523e48 Merge pull request #9170 from eleuzi01/replace-mbedtls-md-can-sha224 
Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224
 2024-07-03 14:42:08 +00:00
Gilles Peskine
94f07689d6 Merge pull request #9082 from andre-rosa/check-overflow-when-reading-padding-len-on-aes-128-cbc-decryption 
Add invalid `padding_len` check in `get_pkcs_padding`
 2024-07-03 14:41:06 +00:00
Elena Uziunaite
b476d4bf21 Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-03 10:20:41 +01:00
Elena Uziunaite
fcc9afaf9d Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-02 11:08:04 +01:00
Ronald Cron
fa7e15d76b Fix typo 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-07-01 14:59:35 +02:00
Ronald Cron
3d817add46 Adjust build systems 
Adjust build systems such as we can built
Mbed TLS in the default and full configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-07-01 14:59:35 +02:00
Gilles Peskine
6bba0a8355 Fix stack buffer overflow in ECDSA signature format conversions 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-27 08:55:56 +02:00
Gilles Peskine
7b6ddfcd25 psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes 
Credit to Cryptofuzz. Fixes #9314.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-26 13:16:33 +02:00
Ronald Cron
f0481f562a Merge pull request #9258 from tom-daubney-arm/drop_padlock_support 
Drop support for VIA Padlock
 2024-06-26 07:36:04 +00:00
Thomas Daubney
f57a352a9d Remove superfluous brackets 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-06-25 15:23:57 +01:00
Thomas Daubney
4e5d183d78 Correct pluralisation errors in comments 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-06-25 15:21:48 +01:00
Waleed Elmelegy
7b3024e791 Change mbedtls_mpi_core_exp_mod to constant time 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-06-25 09:51:37 +00:00
Thomas Daubney
1d08e2f2bc Change guard implementation 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-06-25 09:18:20 +01:00
Thomas Daubney
6a758fc7a1 Add guarding to aes_maybe_realign 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-06-20 16:43:20 +01:00
Elena Uziunaite
1b6fb219e9 Replace MBEDTLS_MD_CAN_RIPEMD160 with PSA_WANT_ALG_RIPEMD160 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-06-20 16:35:29 +01:00
Ronald Cron
de0d7e6cd0 Merge pull request #9247 from ronald-cron-arm/move-psa-headers 
Move PSA headers to a new tf-psa-crypto directory
 2024-06-18 18:48:24 +00:00
Waleed Elmelegy
122ae06ca9 Add constant time tests to mbedtls_mpi_core_montmul() 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-06-14 15:00:05 +00:00
Thomas Daubney
62af02c063 Drop support for VIA Padlock 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-06-14 10:37:13 +01:00
Tom Cosgrove
f41272099b Merge pull request #9242 from sezrab/fix-function-parameter 
Fix incorrect array length in function prototype
 2024-06-13 07:55:50 +00:00
Ronald Cron
c7e9e367bb Adjust build systems 
Adjust build systems such as we can build
Mbed TLS in the default and full configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-06-13 09:02:24 +02:00
Tom Cosgrove
a0cfe01bb7 Merge pull request #9241 from lhuang04/official_development_psk_null2 
Set psk to NULL in ssl_psk_remove
 2024-06-12 12:00:34 +00:00
Manuel Pégourié-Gonnard
fe9129d14d Merge pull request #1239 from Mbed-TLS/change-mpi-mla-to-constant-time 
Change mbedtls_mpi_core_mla() to be constant time
 2024-06-12 09:53:57 +02:00
Sam Berry
3504c88916 Fix incorrect array length in function prototype 
Issue #9179 (MBEDTLS_SSL_CID_OUT_LEN_MAX changed to
MBEDTLS_SSL_CID_IN_LEN_MAX in library\ssl.h and library\ssl_tls.c)

Signed-off-by: Sam Berry <sam.berry@arm.com>
 2024-06-11 14:46:31 +01:00
lhuang04
54adeab866 set psk to null in ssl_psk_remove 
Summary:
set the psk to null after it is released.

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2024-06-10 12:17:11 -07:00
Gilles Peskine
69770aaa7b Use unsigned long rather than size_t for format string readability 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-05 20:54:42 +02:00
Gilles Peskine
a9d4ef0998 Fix uint32_t printed as unsigned int 
This is ok in practice since we don't support 16-bit platforms, but it makes
`arm-none-eabi-gcc-10 -mthumb -Wformat` complain.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-03 22:16:23 +02:00
Gilles Peskine
8c60b16188 Merge pull request #8643 from gilles-peskine-arm/tls12_server-pk_opaque-dead_code 
Guard configuration-specific code in ssl_tls12_server.c
 2024-05-30 17:24:33 +00:00
Waleed Elmelegy
473dea26a6 Remove unnecessary testing and documentation 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-05-28 11:15:21 +00:00
Waleed Elmelegy
11a81cd7dd Add comment to mbedtls_mpi_core_mla() to indicate it is costant time 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-05-23 08:01:58 +00:00
Waleed Elmelegy
77bd479825 Change mbedtls_mpi_core_mla() to be constant time 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-05-23 00:22:44 +00:00
Waleed Elmelegy
a9fe03ea4e Add comment to mbedtls_mpi_core_sub() to indicate it is costant time 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-05-21 16:17:06 +00:00
Patrick Wildt
5da4b7d8da Silence gcc 12.2.0 warning 
Unfortunately this compiler complains about a variable potentially being
used un-initialized.  Silence the warning by initializing it to a sane
default.

Signed-off-by: Patrick Wildt <pwildt@google.com>
 2024-05-15 19:07:11 +00:00
Gilles Peskine
bdce65700e Merge pull request #9067 from gilles-peskine-arm/ssl-opt-server2-detection 
Fix skipped tests in configurations without RSA
 2024-05-15 12:06:31 +00:00
Waleed Elmelegy
3235165e07 Change mpi_core_check_sub to be constant time 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-05-13 13:47:04 +00:00
Gilles Peskine
ca73fc6627 Merge pull request #9026 from nileshkale123/fix/redefination_warning_for_gnu_source 
Fixed redefination warning messages for _GNU_SOURCE
 2024-05-06 12:40:49 +00:00
Manuel Pégourié-Gonnard
61734ec61d Merge pull request #9073 from valeriosetti/issue9068 
Undefined reference to mbedtls_md_error_from_psa() function
 2024-05-03 07:52:37 +00:00
Gilles Peskine
9791ee9296 Merge pull request #8538 from Ryan-Everett-arm/8537-fix-error-handling-for-secure-element-keys-in-psa_start_key_creation 
Fix error handling for secure element keys in `psa_start_key_creation`
 2024-05-02 16:06:07 +00:00
Gilles Peskine
fa8fc2705a Merge pull request #9069 from Ryan-Everett-arm/fix-get-and-lock-key-slot-threading-bug 
Wipe the returned slot pointer upon failure in `psa_get_and_lock_key_slot`
 2024-05-02 15:48:21 +00:00
Andre Goddard Rosa
d0a1691b99 Remove unnecessary cast 
Signed-off-by: Andre Goddard Rosa <andre.goddard@gmail.com>
Signed-off-by: Andre Goddard Rosa <agoddardrosa@roku.com>
 2024-05-01 12:44:02 -05:00
Andre Goddard Rosa
30666d478b Add invalid padding_len check in get_pkcs_padding 
When trying to decrypt data with an invalid key, we found that `mbedtls`
returned `0x6200` (`-25088`), which means "_CIPHER - Input data contains
invalid padding and is rejected_" from `mbedtls_cipher_finish`, but it also
set the output len as `18446744073709551516`.

In case we detect an error with padding, we leave the output len zero'ed
and return `MBEDTLS_ERR_CIPHER_INVALID_PADDING`. I believe that the current
test cases are sufficient, as they fail if I return the alternative code
`MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA`, so they do already expect a padding
failure, but now we don't change the output len in the error case.

Here's a reference for the way `openssl` checks the padding length:
  - 1848c561ec/crypto/evp/evp_enc.c (L1023)
  - b554eef43b

Signed-off-by: Andre Goddard Rosa <andre.goddard@gmail.com>
Signed-off-by: Andre Goddard Rosa <agoddardrosa@roku.com>
 2024-05-01 12:02:14 -05:00
Gilles Peskine
489688c0f7 Merge pull request #9065 from paul-elliott-arm/fix_ubsan_mp_aead_gcm 
Add early exit if zero length AEAD additional data passed in.
 2024-04-30 09:48:20 +00:00