Commit graph

16433 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 349a059f5f
Merge pull request #5461 from gilles-peskine-arm/ssl-opt-self-signed-positive-2.28
Backport 2.28: Add positive test case with self-signed certificates
2022-02-03 11:33:59 +01:00
Manuel Pégourié-Gonnard ca664c74a6
Merge pull request #5255 from AndrzejKurek/chacha-iv-len-16-fixes-2.x
Backport 2.28: Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
2022-02-03 11:31:34 +01:00
Manuel Pégourié-Gonnard 92d54fb41d
Merge pull request #5444 from AndrzejKurek/use-psa-crypto-reduced-configs-2.28
Backport 2.28: Resolve problems with reduced configs using USE_PSA_CRYPTO
2022-02-02 10:20:35 +01:00
Manuel Pégourié-Gonnard b72ecfd5a0
Merge pull request #5468 from Unity-Technologies/mbedtls-2.28-windows-arm64-workaround
Backport 2.28: Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug
2022-02-01 09:21:37 +01:00
Tautvydas Žilys 61156f8a6a Cap the workaround for mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to MSVC versions prior to 17.1.
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
2022-01-31 13:37:47 -08:00
Andrzej Kurek a16ffaf811 Add a check in check_config.h for PK_WRITE_C when RSA is enabled
This is required for importing RSA keys, as 
mbedtls_psa_rsa_export_key is used internally.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-31 09:52:33 -05:00
Andrzej Kurek 699290de04 Fix config-mini-tls1_1 PK_WRITE requirement when USA_PSA_CRYPTO is used
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-31 09:51:44 -05:00
Andrzej Kurek d08ed95419 Formatting: remove tabs from check_config.h
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-27 11:03:09 -05:00
Andrzej Kurek 38adac32e7 Add a changelog entry regarding bugfixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-27 11:01:33 -05:00
Andrzej Kurek 19d6ab0fb8 Enable testing with PSA for config-mini-tls1_1
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-27 11:01:24 -05:00
Andrzej Kurek 1faa2a3c6e Add a check for MBEDTLS_PK_WRITE_C with USE_PSA_CRYPTO to check-config.h
Also force MBEDTLS_PK_WRITE_C in reduced configs using
MBEDTLS_USE_PSA_CRYPTO, MBEDTLS_PK_C and 
MBEDTLS_ECDSA_C.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-27 11:00:24 -05:00
Tautvydas Žilys ea4af4d345 Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug.
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
2022-01-26 15:44:47 -08:00
Andrzej Kurek 19e83fa3a5 Restructure test-ref-configs to test with USE_PSA_CRYPTO turned on
Run some of the test configs twice, enabling MBEDTLS_USE_PSA_CRYPTO
and MBEDTLS_PSA_CRYPTO_C in one of the runs.
Add relevant comments in these configs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-26 07:45:43 -05:00
Andrzej Kurek e001596d83 Add missing MBEDTLS_ASN1_WRITE_C dependency in test_suite_psa_crypto
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-26 07:45:43 -05:00
Andrzej Kurek e2462ba437 Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
Fix dependencies across test ssl programs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-26 07:45:43 -05:00
Andrzej Kurek c60cc1d7be Add missing dependency on MBEDTLS_GCM_C in cipher tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-26 07:45:43 -05:00
Andrzej Kurek 53ad763848 Mark unused variable in tests for cases with reduced configs
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-26 07:45:43 -05:00
Gilles Peskine 8c681b7290 Add positive test case with self-signed certificates
Add a positive test case where both the client and the server require
authentication and both use a non-CA self-signed certificate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-25 17:09:19 +01:00
Gilles Peskine 98dcb4c024
Merge pull request #5458 from AndrzejKurek/gitignore-eclipse-2-28
Backport 2.28: Add eclipse-specific project files to gitignore
2022-01-25 17:02:58 +01:00
Andrzej Kurek d5746aa13d Add eclipse-specific project files to gitignore
The project file must be at root directory:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=78438
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-25 07:03:06 -05:00
Gilles Peskine ed29547902
Merge pull request #5452 from AndrzejKurek/doxygen-closure-fixes-2-28
Backport 2.28: doxygen: add missing asterisk to group closures
2022-01-24 21:40:42 +01:00
Andrzej Kurek fe5fb8e5d2 doxygen: remove empty platform_time configuration section
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-24 10:33:13 -05:00
Andrzej Kurek ff632d5a3c doxygen: move addtogroup closures to include more elements
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-24 10:32:00 -05:00
Andrzej Kurek 73afe27d5d Add missing asterisk to doxygen closures
Clarify section names next to closing braces
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-24 10:31:06 -05:00
Gilles Peskine bf62325c9f
Merge pull request #5439 from SebastianBoe/mbedtls-2.28_check_config
Backport 2.28: Add missing config check for PKCS5.
2022-01-22 00:52:18 +01:00
Sebastian Bøe 9db51a6e26 Add missing config check for PKCS5.
PKCS5 depends on MD, but is missing a config check resulting in
obscure errors on invalid configurations.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
2022-01-19 13:26:09 +01:00
Manuel Pégourié-Gonnard 4afaba52a9
Merge pull request #5416 from gstrauss/mbedtls_ssl_config_defaults-repeat-2.28
Backport 2.28: Reset dhm_P and dhm_G if config call repeated
2022-01-14 10:41:12 +01:00
Gilles Peskine bbfa3f1967
Merge pull request #5422 from yanesca/update_mailing_list_links_backport
Update mailing list links [Backport]
2022-01-12 16:47:02 +01:00
Janos Follath c6935e8b19 Update mailing list links
The mailing list software has been updated and the links have changed.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-01-12 13:17:16 +00:00
Glenn Strauss de081ce75c Reset dhm_P and dhm_G if config call repeated
Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated
to avoid leaking memory.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-11 20:07:44 -05:00
Gilles Peskine 4ed2844405
Merge pull request #5312 from gilles-peskine-arm/add_list_config_function-2.x
Backport 2.x: Add list config function
2021-12-20 22:08:01 +01:00
Dave Rodgman 53c268e6a9
Merge pull request #873 from ARMmbed/mbedtls-2.28.0_merge_into_release
Mbedtls 2.28.0 merge into release
2021-12-17 11:22:26 +00:00
Dave Rodgman 8b3f26a5ac
Merge pull request #868 from ARMmbed/mbedtls-2.28.0rc0-pr
Mbedtls 2.28.0rc0 pr
2021-12-15 13:47:54 +00:00
Dave Rodgman d41dab39c5 Bump version to 2.28.0
Executed ./scripts/bump_version.sh --version 2.28.0 --so-tls 14

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-15 11:55:31 +00:00
Dave Rodgman 29c3aee6a7 Update branch information in BRANCHES.md
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-15 11:53:12 +00:00
Dave Rodgman f00d9a2340 Minor Changelog updates & fixes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-15 11:52:54 +00:00
Dave Rodgman 0798a827c8 Assemble changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-15 11:48:21 +00:00
Ronald Cron 2d2fb47e45 Add change log for #4883
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 11:47:25 +00:00
Dave Rodgman 04e920410d Add missing changelog for ARIA (#5051)
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-14 12:53:07 +00:00
Dave Rodgman 08412e2a67 Merge remote-tracking branch 'restricted/development_2.x-restricted' into mbedtls-2.28.0rc0-pr
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-14 12:52:51 +00:00
Gilles Peskine c97cc18fb8
Merge pull request #5327 from gilles-peskine-arm/zeroize-tag-2.28
Backport 2.2x: Zeroize expected MAC/tag intermediate variables
2021-12-13 19:09:32 +01:00
Gilles Peskine f9a0501683 mbedtls_cipher_check_tag: jump on error for more robustness to refactoring
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 16:59:04 +01:00
Gilles Peskine 384b98bdae
Merge pull request #5310 from paul-elliott-arm/pkcs12_fix_2.x
Backport 2.x: Fixes for pkcs12 with NULL and/or zero length password
2021-12-13 14:52:44 +01:00
Gilles Peskine 622d80453b Initialize hash_len before using it
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 14:45:38 +01:00
Gilles Peskine d61551c017 Generalize MAC zeroization changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 13:55:17 +01:00
Gilles Peskine 8c99a760d5 PKCS#1v1.5 signature: better cleanup of temporary values
Zeroize temporary buffers used to sanity-check the signature.

If there is an error, overwrite the tentative signature in the output
buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 13:55:17 +01:00
Gilles Peskine f91b2e5a97 mbedtls_ssl_parse_finished: zeroize expected finished value on error
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 13:55:17 +01:00
Gilles Peskine 69d3b86baa mbedtls_ssl_cookie_check: zeroize expected cookie on cookie mismatch
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 13:49:14 +01:00
Gilles Peskine b3f4e5b1e1 PSA hash verification: zeroize expected hash on hash mismatch
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 13:49:14 +01:00
Gilles Peskine dc269bbd08 mbedtls_cipher_check_tag: zeroize expected tag on tag mismatch
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 13:49:14 +01:00