yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-02-07 00:04:50 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
26208 commits 89 branches 205 tags 114 MiB
Commit graph

1166 commits

Author SHA1 Message Date
Valerio Setti 89029e7366 changelog: fix description for ECDH changes 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:48:34 +01:00
Valerio Setti 8427b56d71 added changelog for accelerated ECDH changes 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:48:34 +01:00
Paul Elliott 1b5957165a Add Changelog for PSA to Mbed TLS error translation unification 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-21 16:38:31 +00:00
Tom Cosgrove c4d759b697 Update AESCE changelog entry 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-21 16:31:18 +00:00
Tom Cosgrove dcc0ee1a1e Update changelog entry, splitting into two sections 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-21 15:52:20 +00:00
Jerry Yu 8d3fa9bd7b Add changelog entry for #6932 and #7203 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-03-21 15:52:08 +00:00
Paul Elliott 3201f56952 Rename misnamed changelog entries 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-21 15:46:33 +00:00
Paul Elliott f1eb5e2a04 Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-21 15:35:17 +00:00
Dave Rodgman 3543806026
Merge pull request #7190 from yanrayw/6197_rsa_get_padding_hashID 
RSA: provide interface to retrieve padding mode and hash_id
 2023-03-20 18:34:53 +00:00
Dave Rodgman d3b6e92967
Merge pull request #997 from gilles-peskine-arm/aesni-intrinsics 
Implement AESNI with intrinsics
 2023-03-20 18:20:51 +00:00
Manuel Pégourié-Gonnard e9a60224fd Add ChangeLog entry for driver-only EC J-PAKE 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-20 10:03:55 +01:00
Yanray Wang b46ccf235c fix line length of ChangeLog 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-20 12:41:10 +08:00
Dave Rodgman f992e6fe38 Changelog for AESCE support 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-17 17:52:38 +00:00
Dave Rodgman 8a7ed6951d Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-17 18:58:11 +08:00
Paul Elliott 9f02a4177b
Merge pull request #7009 from mprse/csr_write_san 
Added ability to include the SubjectAltName extension to a CSR - v.2
 2023-03-17 10:07:27 +00:00
Gilles Peskine 74b4223c81 Announce the expanded AESNI support 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-16 17:50:15 +01:00
Dave Rodgman 680dbd46ae
Merge pull request #7270 from DemiMarie/oid-fix 
Fix segfault in mbedtls_oid_get_numeric_string
 2023-03-16 12:21:36 +00:00
Demi Marie Obenour 889534a4d2 Fix segfault in mbedtls_oid_get_numeric_string 
When passed an empty OID, mbedtls_oid_get_numeric_string would read one
byte from the zero-sized buffer and return an error code that depends on
its value.  This is demonstrated by the test suite changes, which
check that an OID with length zero and an invalid buffer pointer does
not cause Mbed TLS to segfault.

Also check that second and subsequent subidentifiers are terminated, and
add a test case for that.  Furthermore, stop relying on integer division
by 40, use the same loop for both the first and subsequent
subidentifiers, and add additional tests.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
 2023-03-16 01:06:41 -04:00
Gilles Peskine 2a44ac245f
Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api 
ssl_cache: Add cache entry removal api
 2023-03-15 15:38:06 +01:00
Janos Follath 0086f8626a Add changelog entry 
PR7083 silently fixed a security vulnerability in public, this commit
adds a changelog entry for it.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-03-15 13:31:48 +00:00
Dave Rodgman a94c90d30d
Merge pull request #7282 from gilles-peskine-arm/changelog-6567-psa_key_derivation_abort-no-other_secret 
Add changelog entry for a bug in non-PAKE code fixed during PAKE work
 2023-03-15 09:27:33 +00:00
Manuel Pégourié-Gonnard 18336dace2
Merge pull request #7196 from mprse/ecjpake-driver-dispatch-peer-user 
EC J-PAKE: partial fix for role vs user+peer
 2023-03-15 09:37:30 +01:00
Pengyu Lv db47f2fbd4 Add changelog entry for new API 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-15 15:01:36 +08:00
Gilles Peskine 51b2868f3c Add changelog entry for a bug in non-PAKE code fixed during PAKE work 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-14 21:41:54 +01:00
Gilles Peskine 215ecd0439
Merge pull request #7252 from daverodgman/enable_pkcs7 
Enable PKCS 7
 2023-03-14 10:39:50 +01:00
Paul Elliott e4622a3436 Merge remote-tracking branch 'development/development' into development-restricted 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-13 17:49:32 +00:00
Przemek Stekiel a11c1d141e Reword change log entry 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-13 16:21:40 +01:00
Dave Rodgman 756b028511
Merge pull request #7171 from daverodgman/pr5527 
Fix undefined behavior in ssl_read if buf parameter is NULL
 2023-03-13 10:46:29 +00:00
Jerry Yu 3373ccaa18 Update changelog 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-03-13 11:39:43 +08:00
Przemek Stekiel 8b429ba414 Add change log entry (EC j-pake driver dispatch) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-12 16:59:28 +01:00
Przemek Stekiel 9cc1786e46 Add chenage log entry for j-pake user/peer partial fix 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-12 16:59:20 +01:00
Dave Rodgman 957cc36be9 Improve wording; use PKCS #7 not PKCS7 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 08:50:58 +00:00
Dave Rodgman 3fe2abf306 Apply suggestions from code review 
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 08:50:58 +00:00
Dave Rodgman d12b592bc1 Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 08:50:58 +00:00
Manuel Pégourié-Gonnard c2495f78e6 Add a ChangeLog entry for driver-only ECDSA 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-10 12:37:16 +01:00
Przemek Stekiel 89e268dfb9 Add change log entry (SubjectAltName extension in CSR) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 14:04:17 +01:00
Dave Rodgman 4693fd9e9e
Merge pull request #7173 from daverodgman/zeroize-platform 
Use platform-provided secure zeroization
 2023-03-06 09:16:12 +00:00
Pol Henarejos f61d6c0a2b
Merge branch 'development' into sha3 2023-03-04 00:03:06 +01:00
Dave Rodgman 1f39a62ce6
Merge pull request #7151 from gilles-peskine-arm/psa-headers-alt 
Allow alternative names for overridable PSA headers
 2023-03-03 12:37:51 +00:00
Jerry Yu 8049346989 Add change log entry for mbedtls_ms_time 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-03-03 11:19:07 +08:00
Gilles Peskine cc29bfd92a Bug fixes from the split of ssl_handle_hs_message_post_handshake 
The split of ssl_handle_hs_message_post_handshake() into
ssl_tls12_handle_hs_message_post_handshake() and
ssl_tls13_handle_hs_message_post_handshake() fixed some user-visible bugs.
Add a changelog entry for those bugs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-01 19:49:58 +01:00
Dave Rodgman dd4427cc5b
Merge pull request #7169 from AndrzejKurek/mpi-window-size 
Reduce the default MBEDTLS_ECP_WINDOW_SIZE value from 6 to 2
 2023-02-27 17:12:38 +00:00
Paul Elliott ac2251dad1
Merge pull request #7076 from mprse/parse_RFC822_name 
Add parsing of x509 RFC822 name + test
 2023-02-27 14:16:13 +00:00
Dave Rodgman bf0597f804 Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-24 17:45:41 +00:00
Dave Rodgman fd8929cfd1 Improve changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-24 15:57:30 +00:00
Ashley Duncan 88240e769f Added changelog entry. 
Signed-off-by: Ashley Duncan <ashley.duncan@evnex.com>
 2023-02-24 15:57:30 +00:00
Andrzej Kurek 86f30ff626 Reduce the default MBEDTLS_ECP_WINDOW_SIZE value to 2 
As tested in https://github.com/Mbed-TLS/mbedtls/issues/6790,
after introducing side-channel counter-measures to bignum,
the performance of RSA decryption in correlation to the
MBEDTLS_ECP_WINDOW_SIZE has changed.
The default value of 2 has been chosen as it provides best
or close-to-best results for tests on Cortex-M4 and Intel i7.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-24 07:51:21 -05:00
Paul Elliott a3b625b0a1
Merge pull request #7098 from gilles-peskine-arm/retval-non-empty 
Pacify Clang 15 about empty \retval
 2023-02-24 09:10:53 +00:00
Gilles Peskine b1176f2583 Allow alternative names for overridden PSA headers 
Integrators of Mbed TLS may override the header files
"psa/crypto_platform.h" and "psa/crypto_struct.h" by overwriting the files
or by placing alternative versions earlier in the include file search path.
These two methods are sometimes inconvenient, so allow a third method which
doesn't require overwriting files or having a precise order for the include
path: integrators can now specify alternative names for the headers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-22 22:07:28 +01:00
Gilles Peskine ffb92b0789
Merge pull request #7105 from davidhorstmann-arm/fix-oid-printing-bug 
Fix bugs in OID to string conversion
 2023-02-21 23:16:44 +01:00
Gilles Peskine 250a5ac4cb
Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle 
Implement PSA interruptible sign/verify hash
 2023-02-21 15:13:34 +01:00
Ronald Cron d89360b87b Fix and improve documentation, comments and logs 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-21 14:57:25 +01:00
Przemek Stekiel d7820b7026 Add change log entry: SAN rfc822Name 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-20 15:09:50 +01:00
Ronald Cron 675d97d42e Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-20 11:42:19 +01:00
Manuel Pégourié-Gonnard 718eb4f190
Merge pull request #7025 from AndrzejKurek/uri_san 
Add the uniformResourceIdentifier subtype for the subjectAltName
 2023-02-20 11:29:59 +01:00
Paul Elliott e04e15b766 Add Changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
David Horstmann 21b8387929 Add ChangeLog for OID-to-string fixes 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-15 13:07:49 +00:00
Gilles Peskine 4386cf188d Changelog entry for pacifying clang -Wdocumentation about \retval 
Fixes #6960

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-14 19:26:56 +01:00
Paul Elliott 1748de160a Fix IAR Warnings 
IAR was warning that conditional execution could bypass initialisation of
variables, although those same variables were not used uninitialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-13 15:35:35 +00:00
Andrzej Kurek 3e8f65a7e2 Add a changelog entry for URI SAN parsing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-13 10:21:20 -05:00
Gilles Peskine 928593f732
Merge pull request #7041 from gilles-peskine-arm/pk_ext-pss_options-public 
Make the fields of mbedtls_pk_rsassa_pss_options public
 2023-02-10 15:08:06 +01:00
Gilles Peskine b8531c4b0b
Merge pull request #6882 from AndrzejKurek/x509_san_parsing_testing-dev 
X.509: Fix bug in SAN parsing and enhance negative testing
 2023-02-10 15:05:32 +01:00
Manuel Pégourié-Gonnard cf1c16af6e
Merge pull request #6925 from gilles-peskine-arm/coding-style-doc 
Switch to the new coding style: documentation
 2023-02-10 10:05:27 +01:00
Pol Henarejos 4e747337ee
Merge branch 'development' into sha3 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-02-07 19:55:31 +01:00
Hanno Becker dc0e8b92f8 Add a ChangeLog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-07 05:10:29 -05:00
Gilles Peskine 4c77601832
Merge pull request #6975 from davidhorstmann-arm/c-build-helper-improvements 
Minor improvements to `c_build_helper.py`
 2023-02-07 10:25:59 +01:00
Dave Rodgman 94c9c96c94
Merge pull request #6998 from aditya-deshpande-arm/fix-example-programs-usage 
Fix incorrect dispatch to USAGE in example programs, which causes uninitialized memory to be used
 2023-02-06 09:53:50 +00:00
Gilles Peskine 0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3 
Parsing v3 extensions from a CSR - v.2
 2023-02-03 16:41:11 +01:00
Gilles Peskine 34c43a871f Make the fields of mbedtls_pk_rsassa_pss_options public 
This makes it possible to verify RSA PSS signatures with the pk module,
which was inadvertently broken since Mbed TLS 3.0. Fixes #7040.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-02 23:06:37 +01:00
Aditya Deshpande 3b18a29c13 Amend changelog entry 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-02-02 09:06:00 +00:00
David Horstmann a43e332fe4 Fix near-tautological repetition in ChangeLog 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-01 13:39:57 +00:00
Gilles Peskine a193986aab
Merge pull request #6942 from ucko/2023a-bignum 
mbedtls_mpi_sub_abs: Skip memcpy when redundant (#6701).
 2023-02-01 11:36:25 +01:00
Aaron M. Ucko a2b674f9a7 Simplify ChangeLog entry for mbedtls_mpi_sub_abs fix. 
Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>
 2023-01-31 15:31:18 -05:00
Aditya Deshpande d05aa0fc60 Add changelog entry 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-01-30 17:22:07 +00:00
Manuel Pégourié-Gonnard aae61257d1
Merge pull request #6883 from valeriosetti/issue6843 
Improve X.509 cert writing serial number management
 2023-01-30 13:08:57 +01:00
David Horstmann 6fcc77cf5e Add ChangeLog for c_build_helper improvements 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-01-27 19:53:49 +00:00
Przemek Stekiel 3022370896 Add changelog entry for V3 extensions in CSR 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-27 16:06:08 +01:00
Manuel Pégourié-Gonnard 169d9e6eb4
Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215 
Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS
 2023-01-27 10:05:00 +01:00
Valerio Setti af4815c6a4 x509: replace/fix name of new function for setting serial 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-26 17:43:09 +01:00
Dave Rodgman fd09b31011 Add Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-01-20 11:41:43 +00:00
Gilles Peskine bb3814c7a8 Reject key agreement chained with PSA_ALG_TLS12_ECJPAKE_TO_PMS 
The key derivation algorithm PSA_ALG_TLS12_ECJPAKE_TO_PMS cannot be
used on a shared secret from a key agreement since its input must be
an ECC public key. Reject this properly.

This is tested by test_suite_psa_crypto_op_fail.generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-19 12:11:23 +01:00
Gilles Peskine ecaa7ca507 Add missing supported algorithm to psa/crypto_config.h 
The following shell command lists features that seem to be supported, but
are missing from include/psa/crypto_config.h:
```
for x in $(grep -ho -Ew '(PSA_WANT|MBEDTLS_PSA_BUILTIN)_\w+_\w+' library/psa_crypto*.c | sed 's/^MBEDTLS_PSA_BUILTIN/PSA_WANT/' | sort -u); do grep -qw $x include/psa/crypto_config.h || echo $x; done
```
This looks for PSA_WANT_<kind>_<thing> macros that gate a part of the
library, as well as their MBEDTLS_PSA_BUILTIN_<kind>_<thing> counterparts.
This is not necessarily a complete list of identifiers that must appear
in the config file, since a few features are not gated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-19 12:11:18 +01:00
Aaron M. Ucko af67d2c1cf mbedtls_mpi_sub_abs: Skip memcpy when redundant (#6701). 
In some contexts, the output pointer may equal the first input
pointer, in which case copying is not only superfluous but results in
"Source and destination overlap in memcpy" errors from Valgrind (as I
observed in the context of ecp_double_jac) and a diagnostic message
from TrustInSoft Analyzer (as Pascal Cuoq reported in the context of
other ECP functions called by cert-app with a suitable certificate).

Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>
 2023-01-17 11:52:22 -05:00
Gilles Peskine 12f4122068 Announce coding style change in the changelog 
It doesn't affect users, but it affects some other external consumers of the
library.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-13 12:04:14 +01:00
Valerio Setti 791bbe629d programs: improved cert_write serial management 
Now it can accept serial both as decimal and hex number (only one format
at a time, of course, not simultaneously).

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:45 +01:00
Valerio Setti ea19d2db73 changelog: fixed typos 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Valerio Setti 903b6aa87d Changelog: list changes in x509write_crt module 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Dave Rodgman 05bdb13be3 Update README and add changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-01-11 18:56:11 +00:00
Ronald Cron 83c5ad4873
Merge pull request #6787 from yuhaoth/pr/workaround-gnutls_anti_replay_fail 
TLS 1.3: EarlyData: Workaround anti replay fail from GnuTLS
 2023-01-11 09:05:36 +01:00
Gilles Peskine f9c8d76db6
Merge pull request #6893 from tom-daubney-arm/modify_generate_errors_script 
Make generate_errors.pl handle directory names containing spaces when opening files
 2023-01-10 22:09:58 +01:00
Dave Rodgman bbbd803c2e Add Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-01-10 10:08:12 +00:00
Thomas Daubney 1efe4a874d Add ChangeLog entry 
Add ChangeLog entry documenting bugfix.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-01-10 09:35:39 +00:00
Jerry Yu 3e60cada5d Improve comment and changlog 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-01-10 14:58:08 +08:00
Jerry Yu 99e902f479 Add changlog entry. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-01-07 20:20:35 +08:00
Manuel Pégourié-Gonnard 7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702 
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
 2023-01-03 09:36:58 +01:00
Valerio Setti 62e1ebbbc7 changelog: fix text error 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-28 13:28:42 +01:00
Valerio Setti fe6c19b69c added changelog file for PR #6784 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-22 15:05:27 +01:00
Manuel Pégourié-Gonnard 2510dd41bf
Merge pull request #6282 from gstrauss/sw_derive_y 
mbedtls_ecp_point_read_binary from compressed fmt
 2022-12-22 10:20:31 +01:00
Dave Rodgman 2038da9266
Merge pull request #6826 from daverodgman/fix_gettimeofday 
Fix gettimeofday overflow
 2022-12-20 16:01:53 +00:00
Dave Rodgman 327b69c8a2 Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-20 13:16:34 +00:00
Gilles Peskine d1dd41f3fc
Merge pull request #6723 from mpg/restartable-vs-use-psa 
Document ECP_RESTARTABLE and make it compatible with USE_PSA
 2022-12-15 19:47:44 +01:00
Dave Rodgman 01f6e61781
Merge pull request #986 from Mbed-TLS/merge-back-3.3.0-3 
Merge back 3.3.0 3
 2022-12-14 19:18:05 +00:00
Manuel Pégourié-Gonnard ebf322ddf6
Merge pull request #6629 from concatime/cmake-config-dir 
Install CMake files in MbedTLS dir
 2022-12-14 10:30:52 +01:00
Manuel Pégourié-Gonnard a9ac61203b
Merge pull request #6666 from daverodgman/fast_unaligned 
Fast unaligned memory access macros
 2022-12-12 12:18:17 +01:00
Dave Rodgman 852191e0b5 Improve Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-09 14:24:33 +00:00
Manuel Pégourié-Gonnard 67bad73e87 Add a ChangeLog entry for the ECDSA deterministic change 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-12-09 10:09:34 +01:00
Dave Rodgman 69591e9207 Assemble changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-08 14:59:54 +00:00
Dave Rodgman a5b2c52885 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-3.3.0rc0-pr 2022-12-08 14:10:59 +00:00
Dave Rodgman b74aa5a224 Add Changelog for Arm compile fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-08 13:43:08 +00:00
Dave Rodgman 98be95563d
Merge pull request #6689 from gilles-peskine-arm/changelog-20221129-pre-3.3 
Changelog improvements for 3.3
 2022-12-06 13:37:24 +00:00
Gilles Peskine 77d3057c6d More grammar fixes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-06 11:25:09 +01:00
Dave Rodgman acbb6dc364 Merge remote-tracking branch 'origin/development' into merge-dev 2022-12-05 10:59:23 +00:00
Issam E. Maghni 760f3a0a48 Install CMake files in MbedTLS dir 
Right now, CMake files are installed in <prefix>/cmake. That being said,
it gets easily bloated, and the standard is to use a directory with the
same name as the project.

I discovered this issue with this "bug":
https://github.com/termux/termux-packages/issues/12416
The issue's author claimed that MbedTLS's files were not installed in
the lib directory. But the patch applied by termux team broke CMake's
search of MbedTLS config files. So I wanted to upstream the real fix
here instead.

Here are some examples of projects using directories:
 - https://github.com/xiph/flac/blob/1.4.2/CMakeLists.txt#L239
 - https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.15.2/CMakeLists.txt#L675
 - https://github.com/catchorg/Catch2/blob/v3.2.0/CMakeLists.txt#L62
 - https://github.com/capnproto/capnproto/blob/v0.10.2/c++/CMakeLists.txt#L162

Signed-off-by: Issam E. Maghni <issam.e.maghni@mailbox.org>
 2022-12-04 03:00:38 +00:00
Gilles Peskine cf0074b2c8 More wording improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine afb15206b5 Wording clarification 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine f3cc9d925f Improve "codegen 1.1" entry 
"version 1.1 of #5137" is not meaningful to users, only as an internal
project milestone. Explain what this means from a user's point of view.

Announce the requirement for jsonschema in the proper section, which is
"Requirement changes". Mention jinja2 and basic.requirements.txt which
had not previously been explicitly mentioned in the changelog.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine 723bee67b2 Wrap lines to 79 columns max 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine 5ba1697e8a Put behavior change in the correct category 
"Changes" is for miscellaneous stuff that doesn't affect backward
compatibility.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine 6593c7e1cb Clarify PSS sigalg entry 
If my understanding is correct (to be confirmed in review), this is a new
feature which was not particularly desired on its own but was the simplest
way to fix an interoperability issue in TLS 1.2 caused accidentally by
the work on TLS 1.3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine 29a56a1251 Clarify ASN.1 entry named data free functions 
Mention the name of the new functions in the "Features" entry. Clarify what
they're for (there's no structure called mbedtls_x509_named_data, it's
mbedtls_asn1_named_data, but that name isn't so important here since we've
mentioned the names of the functions).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine 6d069afe6b Clarify that these two entries are about CMake 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:52 +01:00
Gilles Peskine 20c1f03dd5 Improve wording, punctuation, etc. 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 19:56:47 +01:00
Dave Rodgman bc5f03dabc Disable PKCS7 by default; improve docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-01 18:32:23 +00:00
Paul Elliott 266f79c136
Merge pull request #6426 from aditya-deshpande-arm/driver-wrapper-key-agreement 
Add driver dispatch layer for raw key agreement, along with test call for transparent drivers.
 2022-12-01 11:40:52 +00:00
Dave Rodgman 7f62f36f82 Add changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-01 09:44:31 +00:00
Aditya Deshpande 5484e96117 Add changelog entry 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-30 15:56:42 +00:00
Gilles Peskine 787c79dc1a Remove changelog entry for an internal change 
We removed internal code left over after removing a feature in Mbed TLS 3.0.
The removal of the internal code is not user-visible.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-29 22:27:03 +01:00
Gilles Peskine d622c7de56 Changelog entry files must have a .txt extension 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-29 22:18:05 +01:00
Manuel Pégourié-Gonnard 37d41c79b8 Add ChangeLog entry for DTLS Connection ID 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-29 10:20:15 +01:00
Andrzej Kurek a6ab9d8b12 Add a changelog entry explaining usage of PSA in TLS 1.2 EC J-PAKE 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-11-28 03:55:27 -05:00
Gilles Peskine 898db6b8e5 Move ssl_debug_helpers_generated to the correct library 
This is a private interface only, so it's an ABI change but not an API change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-26 14:15:32 +01:00
Dave Rodgman bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0 
Fix NULL+0 undefined behavior in PSA crypto ECB
 2022-11-25 17:07:46 +00:00
Bence Szépkúti 6e85673e8d
Merge pull request #3431 from naynajain/development-pkcs7 
PKCS7 Parser - RFC 2315
 2022-11-25 15:55:46 +01:00
Dave Rodgman f1419dbbe8
Merge pull request #6381 from tom-cosgrove-arm/pr2164 
mbedtls: fix possible false success in mbedtls_cipher_check_tag()
 2022-11-25 10:55:10 +00:00
Bence Szépkúti 12269e27b1 Add changelog for PKCS7 parser 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-11-25 05:51:40 +01:00
Manuel Pégourié-Gonnard fecc6b2fe4 Minor tune-up to ChangeLog & documentation 
- fix a recurring typo
- use clearer names

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-24 09:40:12 +01:00
Gilles Peskine 42649d9270 Fix NULL+0 undefined behavior in ECB encryption and decryption 
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-23 14:16:52 +01:00
Manuel Pégourié-Gonnard 3518fb11d0 Improve ChangeLog entry for driver-only hashes 
- avoid long unstructured paragraph with long messy sentences
- de-emphasize "no longer depends on MD" and emphasize "can work in
some driver-only builds" instead - that's what users are interested in
(building without MD is just the current way to accomplish that, but
that will change in the future)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-23 13:23:28 +01:00
Manuel Pégourié-Gonnard 660b396e41
Merge pull request #975 from yanesca/issue-946 
Fix RSA side channel
 2022-11-23 10:30:35 +01:00
Janos Follath 33480a372b Changelog: expand conference acronym for clarity 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:11 +00:00
Janos Follath 74369b2497 Add paper title to Changelog 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath b3608afe29 Add ChangeLog entry 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Manuel Pégourié-Gonnard 18a3856a03 Document another limitation of driver-only hashes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-22 11:59:55 +01:00
Gilles Peskine 339406daf9
Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub 
Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
 2022-11-21 19:51:58 +01:00
Dave Rodgman 9e1836cc16
Merge pull request #6593 from Mbed-TLS/fix_tls12_sent_sigalgs 
Fix TLS1.2 signature algorithms list entry getting overwritten by length.
 2022-11-21 10:09:57 +00:00
Paul Elliott 96a0fd951f Fix signature algorithms list entry getting overwritten by length. 
Fix bug whereby the supported signature algorithm list sent by the
server in the certificate request would not leave enough space for the
length to be written, and thus the first element would get overwritten,
leaving two random bytes in the last entry.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-11-17 14:58:14 +00:00
Ronald Cron 5dc7999946 Simplify the change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-17 14:51:52 +01:00
Tom Cosgrove 0f0b548519 Limit ChangeLog entry to 80 characters 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-16 14:23:51 +00:00
Ronald Cron 9a1396bfcc Add ChangeLog 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-16 11:04:48 +01:00
Gilles Peskine af601f9751 Fix undefined behavior with the most negative mbedtls_mpi_sint 
When x is the most negative value of a two's complement type,
`(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x`
has well-defined behavior and does what was intended.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-15 23:02:14 +01:00