Commit graph

237 commits

Author SHA1 Message Date
Janos Follath 6a32ad83e3
Merge pull request #4094 from d-otte/development
wrong RSA_PRV_DER_MAX_BYTES for odd MBEDTLS_MPI_MAX_SIZE
2021-02-02 16:15:07 +00:00
Daniel Otte da43d78017 adjusting Changelog entry for PR #4094
Signed-off-by: Daniel Otte <d.otte@wut.de>
2021-02-02 12:38:26 +01:00
Daniel Otte 21cbe4a494 adding entry file to ChangeLog.d for PR4094
Signed-off-by: Daniel Otte <d.otte@wut.de>
2021-02-01 18:47:22 +01:00
Gilles Peskine c8a9177110 mbedtls_mpi_sub_abs: fix buffer overflow in error case
Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
|A| - |B| where |B| is larger than |A| and has more limbs (so the
function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE).

Fix #4042

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 17:28:03 +01:00
Gilles Peskine 53943ca434
Merge pull request #3992 from stevew817/feature/ecp_no_fallback
Add a flag for disabling software fallback in ecp.c
2021-01-29 16:08:51 +01:00
Ronald Cron 318515b384
Merge pull request #3984 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size_renames
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0
2021-01-29 09:31:59 +01:00
gabor-mezei-arm 47278ee8f8
Add changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-21 14:03:57 +01:00
Steven Cooreman 6226a12acc Documentation update for MBEDTLS_ECP_NO_FALLBACK
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-21 13:58:31 +01:00
Steven Cooreman 97b4984657 Add a flag for disabling fallback in ecp.c
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-08 16:43:43 +01:00
Gilles Peskine ae3741e8a4 Fix an incorrect error code if RSA private operation glitched
mbedtls_rsa_private() could return the sum of two RSA error codes
instead of a valid error code in some rare circumstances:

* If rsa_prepare_blinding() returned  MBEDTLS_ERR_RSA_RNG_FAILED
  (indicating a misbehaving or misconfigured RNG).
* If the comparison with the public value failed (typically indicating
  a glitch attack).

Make sure not to add two high-level error codes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine a51e1dbe76
Merge pull request #3895 from gilles-peskine-arm/psa-external-random
Alternative random generator support for PSA
2021-01-06 17:09:11 +01:00
Manuel Pégourié-Gonnard 75fdd0640f
Merge pull request #3973 from stroebeljc/development
Fixed seed variable concatenation pointer.
2021-01-06 10:07:52 +01:00
stroebeljc 03ee3834a0 Updated change description as suggested by @gilles-peskine-arm.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-05 11:28:30 -06:00
Gilles Peskine 73d783244f
Merge pull request #3969 from frestr/bugfix/psa_close_key_leak
PSA Crypto: Don't skip key data removal when SE driver is not in use
2021-01-05 16:55:52 +01:00
stroebeljc e67ba98581 Fixed verb tense in change log.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-04 18:19:29 -06:00
stroebeljc 2b50d78972 Fixed incorrect change log formatting.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-04 18:17:35 -06:00
stroebeljc d4de1b5d4e Updated per comments from @gilles-peskine-arm.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-04 18:14:32 -06:00
ENT\stroej1 6a5f10cdc7 Added ChangeLog entry for related issue.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-24 12:39:13 -06:00
Fredrik Strupe 462aa575a4 PSA Crypto: Don't skip key data removal when SE driver is not in use
Closing a wrapped key with the new SE driver interface while
MBEDTLS_PSA_CRYPTO_SE_C is also enabled leads to the key material not
being freed, even though an old SE driver is not in use, leading to a
memory leak. This is because a wrapped key is also considered external.

This commit extends the check for skipping by checking whether an
old-style SE driver is registered with the provided slot, in addition to
checking whether the key is external.

Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
2020-12-17 11:05:36 +01:00
Bence Szépkúti 0bd9d226bc Add Changelog entry
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-16 15:02:50 +01:00
Janos Follath 7ac5fd1861 Assemble ChangeLog
Executed scripts/assemble_changelog.py.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:03:46 +00:00
Janos Follath 248900d9b9 Fix Changelog format
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:03:03 +00:00
Janos Follath debe71988f Add missing ChangeLog entries
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:02:45 +00:00
Janos Follath a946dcf8b2 Merge branch 'development-restricted' into mbedtls-2.25.0r0-pr 2020-12-08 20:59:45 +00:00
Gilles Peskine 6d5c7bc69a
Merge pull request #3898 from paul-elliott-arm/fix_pem_write
Remove Extraneous bytes from buffer post pem write
2020-12-08 12:31:40 +01:00
Gilles Peskine 2b759626a9
Merge pull request #3948 from bensze01/update_psa_values
Update the values of PSA Crypto API macros to version 1.0.0
2020-12-08 11:03:33 +01:00
Bence Szépkúti 6879f42be4 Add changelog
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 00:24:41 +01:00
Paul Elliott 557b8d663a Remove Extraneous bytes from buffer post pem write
In order to remove large buffers from the stack, the der data is written
into the same buffer that the pem is eventually written into, however
although the pem data is zero terminated, there is now data left in the
buffer after the zero termination, which can cause
mbedtls_x509_crt_parse to fail to parse the same buffer if passed back
in. Patches also applied to mbedtls_pk_write_pubkey_pem, and
mbedtls_pk_write_key_pem, which use similar methods of writing der data
to the same buffer, and tests modified to hopefully catch any future
regression on this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-12-07 17:29:42 +00:00
Ronald Cron 771090659e
Merge pull request #3393 from geecrypt/development
Support set *_drbg reseed interval before seed
2020-12-07 14:29:52 +01:00
Gilles Peskine 22a191199d NIST_KW in cipher: credit the reporter
This issue was found by Guido Vranken's Cryptofuzz running on the
OSS-Fuzz platform.

Fix #3665

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 14:26:07 +01:00
Janos Follath 3aae5d4ed7
Merge pull request #781 from mpg/cipher-auth-crypt-restricted
Fix buffer overflow with NIST-KW in cipher layer
2020-12-07 12:58:36 +00:00
Janos Follath 7973e2b358
Merge pull request #772 from chris-jones-arm/development-restricted
Fix Diffie-Hellman large key size DoS
2020-12-07 09:28:55 +00:00
Gilles Peskine e410bf7320 Add changelog entry for the memory management fixes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-06 22:32:02 +01:00
gacquroff 1bfeb8a837 Add changelog entry file for bugfix 2927
Signed-off-by: gacquroff <gavina352@gmail.com>
2020-12-03 12:28:25 -08:00
Chris Jones add9948784 Fix whitespace in changelog entry
Extra whitespace and a missing newline at end of file was causing an error with
`check_files.py`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 15:45:29 +00:00
Manuel Pégourié-Gonnard 6df90523e1 Add ChangeLog entries for auth_crypt changes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 13:00:58 +01:00
Gilles Peskine 227366b4b0 Merge branch 'development' into development-restricted 2020-12-03 12:39:44 +01:00
Gilles Peskine 54a6f23393
Merge pull request #3930 from ccvca/fix_missing_argument
Fix: Add missing arguments to debug message.
2020-12-03 12:29:03 +01:00
Gilles Peskine a282984c3d
Merge pull request #773 from paul-elliott-arm/discrepancy_cert
Add missing tag check to signature check on certificate load
2020-12-03 12:19:39 +01:00
Manuel Pégourié-Gonnard 489c058b52 Merge branch 'development' into development-restricted
* development: (488 commits)
  Fix removal of deprecated PSA constants
  Use GitHub-compatible table formatting
  Remove psa header files in uninstall part
  Change function casting in `ssl_calc_finished_tls_sha384`
  Fix GCC warning in `ssl_calc_finished_tls_sha384`
  Add changelog entry file to `ChangeLog.d`
  Fix GCC warning in `ssl_calc_finished_tls_sha384`
  Fix GCC warning about `test_snprintf`
  Fix mismatched function parameters (prototype/definition)
  Fix build failure on gcc-11
  Copyediting
  Clarifications around key import
  Fix copypasta
  A variable is unused in some configurations
  Rename test_driver_keygen to test_driver_key_management
  Move "internal use" sentence attached to the wrong function
  Added changelog
  Plug in the entry point for public key export through driver
  tests: psa: Reset key attributes where needed
  Improve/fix documentation
  ...
2020-12-03 09:59:42 +01:00
Chris Jones 16187a21be Add ChangeLog entry for modular exponentiation size limit
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-02 15:25:27 +00:00
Christian von Arnim 883d304785
Fix: Add missing arguments to debug message.
Signed-off-by: Christian von Arnim <christian.von-arnim@isw.uni-stuttgart.de>
2020-12-02 10:13:02 +01:00
Paul Elliott ca17ebfbc0 Add tag check to cert algorithm check
Add missing tag check for algorithm parameters when comparing the
signature in the description part of the cert against the actual
signature whilst loading a certificate. This was found by a
certificate (created by fuzzing) that openssl would not verify, but
mbedtls would.

Regression test added (one of the client certs modified accordingly)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-11-26 16:34:16 +00:00
Gilles Peskine 436400eec3 Handle random generator failure in mbedtls_mpi_fill_random()
Discuss the impact in a changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-25 17:30:46 +01:00
Rodrigo Dias Correa 683028a2f7 Add changelog entry file to ChangeLog.d
Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-25 01:13:12 -03:00
Gilles Peskine 68cc434c11 PSA support for HMAC_DRBG: changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:42:54 +01:00
Gilles Peskine 9aaa3e164a
Merge pull request #3786 from stevew817/feature/generate_pubkey_in_driver
Add export_public_key entry point for drivers
2020-11-23 11:54:53 +01:00
Gilles Peskine 662deb38d6
Merge pull request #3547 from ronald-cron-arm/psa-openless
Openless PSA crypto APIs implementation
2020-11-20 18:48:33 +01:00
Steven Cooreman 0737c09c7b Added changelog
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-11-20 17:31:24 +01:00
Ronald Cron a3d9daca92 Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00