TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-27 06:31:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,159 Commits 177 Branches 276 Tags
df49355faaa92ddd94ea57c6caaa47fceec8e310
Commit Graph

633 Commits

Author SHA1 Message Date
Dave Rodgman
0ea272d110 Update padding const-time fix changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-27 16:31:33 +01:00
Dave Rodgman
e8358d400f Add Changelog for CT fixes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-25 11:34:35 +01:00
Gilles Peskine
326ba3c0bb mbedtls_ssl_decrypt_buf(): fix buffer overread with stream cipher 
With stream ciphers, add a check that there's enough room to read a MAC in
the record. Without this check, subtracting the MAC length from the data
length resulted in an integer underflow, causing the MAC calculation to try
reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-21 18:25:05 +02:00
Dave Rodgman
f4cf4a6e25 Merge pull request #1070 from gilles-peskine-arm/merge-2.28-restricted-20230915 
Merge mbedtls-2.28 into restricted
 2023-09-20 12:07:55 +01:00
Gilles Peskine
9cacae3c7a Merge remote-tracking branch 'upstream-public/mbedtls-2.28' into HEAD 2023-09-15 18:32:36 +02:00
Waleed Elmelegy
d24b546f3d Reduce line size in new pkcs function changelog 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-15 15:35:08 +01:00
Waleed Elmelegy
58ed2318c5 Modify changelog entry to add pkcs12 pbe functions 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-15 15:34:47 +01:00
Waleed Elmelegy
dffb1e3d66 Improve mbedtls_pkcs5_pbes2_ext changelog description 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-04 17:57:23 +01:00
Waleed Elmelegy
7aeb6e7610 Add changelog entry for new mbedtls_pkcs5_pbe2_ext function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-04 17:52:15 +01:00
Paul Elliott
12a2bfc970 Merge pull request #8096 from davidhorstmann-arm/2.28-initialize-struct-get-other-name 
[Backport 2.28] Coverity fix: Set `type_id` in `x509_get_other_name()`
 2023-08-31 14:10:06 +00:00
Gilles Peskine
c10520f45f Merge pull request #8102 from AgathiyanB/backport-iar-warnings-changelog 
Add changelog entry for 2.28 IAR warning fixes
 2023-08-24 18:02:15 +00:00
Agathiyan Bragadeesh
0aab8a878f Add changelog entry for 2.28 IAR warning fixes 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 15:29:02 +01:00
David Horstmann
d81f75bbbf Fixup incorrectly-formatted ChangeLog entry 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-21 17:36:02 +01:00
David Horstmann
869609f228 Add ChangeLog entry for otherName SAN fixes 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-18 19:51:45 +01:00
Chien Wong
0118a1d712 Fix a few unchecked return values 
Signed-off-by: Chien Wong <m@xv97.com>
 2023-08-17 22:13:11 +08:00
Chien Wong
12f6f28e15 Improve doc on special use of A in ecp group structure 
Signed-off-by: Chien Wong <m@xv97.com>
 2023-08-09 22:15:14 +08:00
Gilles Peskine
b438348774 Merge pull request #8010 from marekjansta/fix-x509-ec-algorithm-identifier-2.28 
Backport 2.28: Fixed x509 certificate generation to conform to RFCs when using ECC key
 2023-08-07 19:14:52 +00:00
Dave Rodgman
1484a53429 Merge pull request #8024 from daverodgman/changelog-warning-fixes-2.28 
Backport 2.28: Clarify changelog not needed for compiler warnings
 2023-08-07 10:55:56 +01:00
Dave Rodgman
ccba2b7507 Assemble 2.28.4 changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-02 14:47:25 +01:00
Dave Rodgman
973494d193 Clarify changelog not needed for compiler warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-02 13:52:20 +01:00
Marek Jansta
0a6743b2de Fixed AlgorithmIdentifier parameters when used with ECDSA signature algorithm in x509 certificate 
Signed-off-by: Marek Jansta <jansta@2n.cz>
 2023-07-31 17:33:23 +02:00
Gilles Peskine
e5507d5f20 Fix empty union when TLS is disabled 
When all TLS 1.2 support is disabled, union mbedtls_ssl_premaster_secret was
empty, which is not valid C even if the union is never used. Fixes #6628.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-26 17:22:04 +02:00
Gilles Peskine
9a9d5eea53 Fix a build error when MBEDTLS_PSA_INJECT_ENTROPY is enabled 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-20 18:07:47 +02:00
Dave Rodgman
45b93ec621 Merge pull request #1037 from daverodgman/cmac-blocksize-2.28 2023-07-13 19:32:58 +01:00
Dave Rodgman
a3e4e229ef Change value of MBEDTLS_CIPHER_BLKSIZE_MAX if ARIA or Camellia present 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-13 15:41:04 +01:00
David Horstmann
63b06a8889 Add ChangeLog entry for CMake config defines 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-07-07 11:29:23 +01:00
Dave Rodgman
08efc3d768 Merge pull request #7854 from daverodgman/fix-unused-aes-2.28 
Fix AES dependencies - build TF-M config cleanly - backport 2.28
 2023-07-03 16:48:39 +01:00
Dave Rodgman
a3fc295559 Merge pull request #7823 from SlugFiller/mbedtls-2.28 
Support compilation using CLang on Windows
 2023-07-03 09:52:03 +01:00
Tom Cosgrove
fbcb5d469b Merge pull request #7850 from davidhorstmann-arm/2.28-fix-string-to-names-retcode 
[Backport 2.28] Fix false success return code in `mbedtls_x509_string_to_names()`
 2023-06-30 14:28:38 +01:00
Dave Rodgman
3fb807c064 Merge pull request #7761 from waleed-elmelegy-arm/crypt_and_hash-decrypt-fix_backport 
Backport 2.28: Fix crypt_and_hash decrypt issue when used with stream cipher
 2023-06-30 11:42:19 +01:00
Dave Rodgman
c62e5c4885 Update changelog for 2.28 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 11:33:07 +01:00
Dave Rodgman
c34bea20d6 fix trailing whitespace 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 11:31:57 +01:00
Dave Rodgman
aac022dab4 Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 11:31:53 +01:00
David Horstmann
1e8086bd21 Add ChangeLog entry for string_to_names() fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-27 17:34:58 +01:00
SlugFiller
e2d0614571 Support compilation using CLang on Windows 
Signed-off-by: SlugFiller <5435495+SlugFiller@users.noreply.github.com>
 2023-06-26 19:19:56 +03:00
David Horstmann
7435651068 Reword changelog entry 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-15 14:09:05 +01:00
Waleed Elmelegy
558bdc3f42 Add crypt_and_hash decrypt issue to Changelog 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-06-13 12:15:30 +01:00
Robin Kastberg
45bbf16262 Create bugfix_iar_typo.txt 
Changelog entry

Signed-off-by: Robin Kastberg <robin.kastberg@iar.com>
 2023-06-12 14:16:42 +01:00
Dave Rodgman
763c8b96cc Fix armclang compile fail 
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
 2023-06-05 21:24:57 -04:00
Przemek Stekiel
9dd2167ea4 Add changelog entry (PSA initialization in sample programs) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-25 11:41:16 +02:00
Paul Elliott
f18db1f631 Assemble changelog for 2.28.3 release 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-23 11:26:53 +00:00
Paul Elliott
0e4a4c570e Fix changelog formatting 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-23 11:21:38 +00:00
Paul Elliott
f10eb92751 Rename misnamed changelog entries 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-23 11:18:17 +00:00
Tom Cosgrove
9bf344fddd Add security entry to ChangeLog for AES-NI 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-23 11:14:27 +00:00
Gilles Peskine
9a8bf9f85d Announce the expanded AESNI support 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-17 16:32:03 +00:00
Demi Marie Obenour
6b8e8ff079 Fix segfault in mbedtls_oid_get_numeric_string 
When passed an empty OID, mbedtls_oid_get_numeric_string would read one
byte from the zero-sized buffer and return an error code that depends on
its value.  This is demonstrated by the test suite changes, which
check that an OID with length zero and an invalid buffer pointer does
not cause Mbed TLS to segfault.

Also check that second and subsequent subidentifiers are terminated, and
add a test case for that.  Furthermore, stop relying on integer division
by 40, use the same loop for both the first and subsequent
subidentifiers, and add additional tests.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
 2023-03-16 01:07:35 -04:00
Dave Rodgman
39987ebde7 Merge pull request #7172 from daverodgman/fix_UB_in_ssl_read-2.28 
Backport 2.28: Fix undefined behavior in ssl_read if buf parameter is NULL
 2023-03-13 10:46:24 +00:00
Dave Rodgman
7a5168e90d Merge pull request #7170 from AndrzejKurek/mpi-window-size-2.28 
[Backport 2.28] Reduce the default MBEDTLS_ECP_WINDOW_SIZE value to 2
 2023-02-27 17:12:29 +00:00
Dave Rodgman
fb07c37cb1 Improve changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-24 16:02:26 +00:00
Ashley Duncan
13938b84e9 Added changelog entry. 
Signed-off-by: Ashley Duncan <ashley.duncan@evnex.com>
 2023-02-24 16:02:26 +00:00