Commit graph

295 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 0bbb38c67e
Merge pull request #4199 from TRodziewicz/mul_shortcut_fix
Fix ECDSA failing when the hash is all-bits-zero
2021-04-19 09:54:12 +02:00
Manuel Pégourié-Gonnard 247745ffc4 Revert "Changelog added"
This reverts commit 0961e3db49.

This was merged by mistake in development instead of development_3.0.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-15 12:27:04 +02:00
Manuel Pégourié-Gonnard c039514559
Merge pull request #4334 from TRodziewicz/origin/remove_old_func_from_hashing
Remove deprecated things from hashing modules
2021-04-15 10:13:32 +02:00
TRodziewicz 0961e3db49 Changelog added
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-12 17:19:43 +02:00
Gilles Peskine 8f28c24b4a Explain the problem in more concrete terms
Don't try to make the reader guess what a “negative zero” might mean.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-09 20:20:26 +02:00
Gilles Peskine fd4fab0b24 mbedtls_mpi_read_string("-0") no longer produces a "negative zero"
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-09 17:13:15 +02:00
TRodziewicz 40de3c99c0 Fix Changelog, add separate test functions for hash of all-zero bits
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-07 19:16:18 +02:00
Gilles Peskine 7bc6a3749c
Merge pull request #3183 from meuter/development
RSA PSS signature generation with the option to specify the salt length
2021-04-06 21:36:06 +02:00
TRodziewicz 5feb6702dd Fix the Changelog and extend tests to cover the hash of all-bits zero
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-06 19:56:42 +02:00
Gilles Peskine 889828d0b4
Merge pull request #4279 from ronald-cron-arm/fix-invalid-id-error-code
Fix error code when creating/registering a key with invalid id
2021-04-06 18:46:30 +02:00
Ronald Cron 602f986511 Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:55:04 +02:00
Ronald Cron 2af9641a7d
Merge pull request #4198 from maulik-arm/maulik-arm/fix-4162
PSA Update return code for non-existing key in various key operations
2021-04-01 13:27:31 +02:00
Maulik Patel f41be14269 Add Change log entry for bug fix.
Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
2021-04-01 10:01:32 +01:00
Gilles Peskine bf792e0a82
Merge pull request #3616 from militant-daos/bug_3175
Fix premature fopen() call in mbedtls_entropy_write_seed_file
2021-03-30 17:33:08 +02:00
TRodziewicz 782a7eab14 ecjpake_zkp_read() now returns ...BAD_INPUT_DATA when r len == 0 and test follows that
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-03-17 11:36:31 +01:00
Ryan LaPointe 59244e87e1 Actually use the READ_TIMEOUT_MS in the sample DTLS client and server
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
2021-03-15 16:43:08 -04:00
Dave Rodgman e483a77c85
Merge pull request #816 from ARMmbed/development
Merge recent commits from development into 2.26.0-rc
2021-03-12 16:55:26 +00:00
Paul Elliott 9907e2c334 Improve wording of ChangeLog entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:14:10 +00:00
Paul Elliott 3949065aef Fix incorrect case in changelog entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott 6f21e11265 Add Changelog entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
paul-elliott-arm 0135516d55
Merge pull request #4203 from paul-elliott-arm/memsan_fix_build
Fix memsan build with Clang 11
2021-03-09 16:31:31 +00:00
Dave Rodgman 74755e484c Update Changelog for 2.26.0
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-08 18:35:44 +00:00
Dave Rodgman b4fe1053e4 Add missing changelog entry
Add missing changelog entry for 3698: Mark basic constraints critical
as appropriate.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-08 18:34:24 +00:00
Dave Rodgman 2d83ac100d Add a missing changelog entry
Add a missing changelog entry for #3996: Allow loading external wrapped
keys.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-08 18:34:16 +00:00
Dave Rodgman 5cce6a24d0 Merge branch 'development-restricted' into mbedtls-2.26.0-rc 2021-03-08 17:01:24 +00:00
Gilles Peskine e252868be4
Merge pull request #4067 from stevew817/feature/allow_multilength_aead
Add support for key policies (MAC & AEAD)
2021-03-08 15:04:17 +01:00
Paul Elliott fb91a48616 Fix memsan build with clang 11
Memsan build was reporting a false positive use of uninitialised memory
in x509_crt.c on a struct filled by an _stat function call. According to
the man pages, the element reported has to be filled in by the call, so
to be safe, and keep memsan happy, zero the struct first.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-05 14:24:03 +00:00
TRodziewicz 9edff740e1 Fix EC J-PAKE failing when the payload is all-bits-zero
Fix function mbedtls_ecp_mul_shortcuts() to skip multiplication when m
is 0 and simply assignt 0 to R. Additionally fix ecjpake_zkp_read() to
return MBEDTLS_ERR_ECP_INVALID_KEY when the above condintion is met.

Fix #1792

Signed-off-by: TRodziewicz <rodziewicz@gmail.com>
2021-03-04 18:19:48 +01:00
Paul Elliott a5dce14291 Fixup changelog formatting
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:24:57 +00:00
Steven Cooreman 7de9e2db1f Language / verbiage fixes
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman 5d81481a1c Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman caad49316b rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman ee18b1f5a4 Style and language updates after review
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman b3ce8156ce Add support for minimum-tag-length AEAD and MAC policies
Includes tests.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
Gilles Peskine ddf4374879 Fix stack buffer overflow in net functions with large file descriptor
Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout() when given a file descriptor that is beyond
FD_SETSIZE. The bug was due to not checking that the file descriptor
is within the range of an fd_set object.

Fix #4169

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-25 15:56:48 +01:00
Paul Elliott b4e4bfdd00 Add Changelog entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-25 10:47:56 +00:00
Gilles Peskine b15832160b Make entropy double-free work
Although the library documentation does not guarantee that calling
mbedtls_entropy_free() twice works, it's a plausible assumption and it's
natural to write code that frees an object twice. While this is uncommon for
an entropy context, which is usually a global variable, it came up in our
own unit tests (random_twice tests in test_suite_random).

Announce this in the same changelog entry as for RSA because it's the same
bug in the two modules.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 11:27:03 +01:00
Gilles Peskine 4337a9cb18 Document mutex usage for RSA
The mutex is now initialized iff ver != 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine 1226ecef01 Changelog entry for RSA mutex usage fix
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine 71edf749e1 Changelog entry for DRBG mutex usage fix
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Dave Rodgman d6ee36ed04
Merge pull request #4110 from gilles-peskine-arm/psa-external-random-in-mbedtls
Expose the PSA RNG in mbedtls
2021-02-22 14:47:29 +00:00
Gilles Peskine d548d964db Clarify where mbedtls_psa_get_random might be useful
Also fix some typos.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:46:06 +01:00
Gilles Peskine e3ed802138 Expose mbedtls_psa_get_random()
Expose whatever RNG the PSA subsystem uses to applications using the
mbedtls_xxx API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:39:48 +01:00
Gilles Peskine bb86d0c61c
Merge pull request #3995 from stevew817/feature/psa_configurable_static_ram_usage
Allow tweaking PSA_KEY_SLOT_COUNT
2021-02-16 12:52:24 +01:00
Manuel Pégourié-Gonnard 495ef98b24
Merge pull request #3976 from devnexen/fbsd_dfly_upd
Implements getrandom's wrapper for handful of BSD.
2021-02-16 09:41:55 +01:00
Steven Cooreman 863470a5f9 Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 14:26:44 +01:00
David Carlier 4971c3fce7 Changelog entry.
Signed-off-by: David Carlier <devnexen@gmail.com>
2021-02-15 13:13:13 +00:00
Steven Cooreman 7976574f82 Allow tweaking PSA_KEY_SLOT_COUNT
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 13:58:27 +01:00
Gilles Peskine 59ad77032f
Merge pull request #4131 from paul-elliott-arm/fix_crypto_leak
Fix memory leak in error case in psa_crypto
2021-02-15 11:38:13 +01:00
Ronald Cron 5cd00d28bf
Merge pull request #4092 from ronald-cron-arm/psa-crypto-client
Psa crypto client
2021-02-15 10:46:35 +01:00