Commit graph

457 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 0178487fb2 Fix missing check on server-chosen curve
We had this check in the non-PSA case, but it was missing in the PSA
case.

Backport of 141be6cc7faeb68296625670b851670542481ab6 with just the
error code change to adapt to 2.28.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-14 13:00:42 +01:00
Manuel Pégourié-Gonnard ca664c74a6
Merge pull request #5255 from AndrzejKurek/chacha-iv-len-16-fixes-2.x
Backport 2.28: Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
2022-02-03 11:31:34 +01:00
Andrzej Kurek 38adac32e7 Add a changelog entry regarding bugfixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-27 11:01:33 -05:00
Glenn Strauss de081ce75c Reset dhm_P and dhm_G if config call repeated
Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated
to avoid leaking memory.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-11 20:07:44 -05:00
Dave Rodgman 0798a827c8 Assemble changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-15 11:48:21 +00:00
Ronald Cron 2d2fb47e45 Add change log for #4883
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 11:47:25 +00:00
Dave Rodgman 04e920410d Add missing changelog for ARIA (#5051)
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-14 12:53:07 +00:00
Dave Rodgman 08412e2a67 Merge remote-tracking branch 'restricted/development_2.x-restricted' into mbedtls-2.28.0rc0-pr
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-14 12:52:51 +00:00
Gilles Peskine c97cc18fb8
Merge pull request #5327 from gilles-peskine-arm/zeroize-tag-2.28
Backport 2.2x: Zeroize expected MAC/tag intermediate variables
2021-12-13 19:09:32 +01:00
Gilles Peskine 384b98bdae
Merge pull request #5310 from paul-elliott-arm/pkcs12_fix_2.x
Backport 2.x: Fixes for pkcs12 with NULL and/or zero length password
2021-12-13 14:52:44 +01:00
Gilles Peskine d61551c017 Generalize MAC zeroization changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 13:55:17 +01:00
Paul Elliott 7a342a24ff Delete unneccesary changelog entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-13 11:14:45 +00:00
Paul Elliott 2ab9a7a57a Stop CMake out of source tests running on 16.04
Running the out of source CMake test on Ubuntu 16.04 using more than one
processor (as the CI does) can create a race condition whereby the build
fails to see a generated file, despite that file actually having been
generated. This problem appears to go away with 18.04 or newer, so make
the out of source tests not supported on Ubuntu 16.04

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-13 11:14:45 +00:00
Gilles Peskine 2b3f21dc0b Catch failures of md_hmac operations
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.

Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 15:02:06 +01:00
Gilles Peskine d8e2e8347b Zeroize local MAC variables
Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption,
this is just good hygiene but probably not needed for security since the
data protected by the MAC that could leak is about to be transmitted anyway.
In DTLS decryption, this could be a security issue since an adversary could
learn the MAC of data that they were trying to inject. At least with
encrypt-then-MAC, the adversary could then easily inject a datagram with
a corrected packet. TLS would still be safe since the receiver would close
the connection after the bad MAC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 14:24:23 +01:00
Gilles Peskine 9e8f3a6b71
Merge pull request #5308 from minosgalanakis/development_2.x
Backport 2.x: Document platform architecture portability constraints
2021-12-10 21:13:09 +01:00
Paul Elliott f294ff5d87 Make changelog more specific
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-10 17:48:12 +00:00
Paul Elliott fe724fe618 Fix for pkcs12 with NULL or zero length password
Previously passing a NULL or zero length password into either
mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate
loop, and it was also possible to pass a NULL password, with a non-zero
length, which would cause memory corruption.
I have fixed these errors, and improved the documentation to reflect the
changes and further explain what is expected of the inputs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-10 17:48:12 +00:00
Minos Galanakis 5c93a9f214 Update changelog & readme
This patch adds explicit wording to state
that Two's complement is the official
supported signed integer representation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2021-12-10 15:57:54 +00:00
Manuel Pégourié-Gonnard c3319e73db
Merge pull request #5189 from gilles-peskine-arm/struct_reordering_2.x
Backport 2.x: Reorder structure fields to maximize usage of immediate offset access
2021-12-09 12:54:13 +01:00
Manuel Pégourié-Gonnard 9ac32eb123
Merge pull request #863 from davidhorstmann-arm/2.x-fix-session-copy-bug
Backport 2.x: [session] fix a session copy bug
2021-12-09 09:21:33 +01:00
David Horstmann 0add7f96ac Add changelog entry for session copy bugfix
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-12-08 13:29:55 +00:00
Gilles Peskine 582f2398d4
Merge pull request #5167 from tom-cosgrove-arm/fix-builds-with-only-mbedtls_bignum_c-defined
Backport 2.x: Fix builds when config.h only defines MBEDTLS_BIGNUM_C
2021-12-07 12:38:04 +01:00
Ronald Cron e7a5e985ae Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-07 09:23:27 +01:00
Gilles Peskine ad47e6d160 Add changelog entry for build error fixes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-06 20:58:51 +01:00
Andrzej Kurek 2c2c1778f7 Add a changelog entry for the ChaCha20 default behavior change
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-12-02 09:32:23 +01:00
Paul Elliott 14148c4fbe Fix Changelog
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:08:30 +00:00
Paul Elliott 954578644f Fix compilation errors.
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:08:23 +00:00
Gilles Peskine 3107b337e1
Merge pull request #5154 from gabor-mezei-arm/3649_bp2x_move_constant_time_functions_into_separate_module
[Backport 2.x] Move constant-time functions into a separate module
2021-11-24 19:33:03 +01:00
Gilles Peskine 989a4e9388
Merge pull request #5132 from openluopworld/origin/development_2.x
Backport 2.x: Fix GCM calculation with very long IV
2021-11-22 22:22:47 +01:00
Bence Szépkúti 358e0ea464 Indicate nonce sizes invalid for ChaCha20-Poly1305
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 14:03:08 +01:00
Gilles Peskine c0656b43f1 Note the reordered fields in SSL structures
This is technically an API break according to the unwritten rules of API
compatibility for Mbed TLS 2.x. However, it is very unlikely to affect any
realistic application, with the possible exception of applications that
define a global constant of type mbedtls_ssl_config.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-16 19:00:04 +01:00
Gabor Mezei 84d739846c
Update changelog with the new public API
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:33:19 +01:00
gabor-mezei-arm 10117d673e
Add changelog entry
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:52 +01:00
Gilles Peskine 95c3971c81
Merge pull request #5133 from haampie/fix/DT_NEEDED_for_shared_libraries-2.x
Backport 2.x: DT_NEEDED for shared builds in makefile
2021-11-05 12:04:33 +01:00
Harmen Stoppels 3ed4263ad7 DT_NEEDED for shared builds in makefile
The makefile build specifies -L. -lmbedx509 -lmbedcrypto flags first,
and only then object files referencing symbols from those libraries.

In this order the linker will not add the linked libraries to the
DT_NEEDED section because they are not referenced yet (at least that
happens for me on ubuntu 20.04 with the default gnu compiler tools).

By first specifying the object files and then the linked libraries, we
do end up with libmbedx509 and libmbedcrypto in the DT_NEEDED sections.

This way running dlopen(...) on libmedtls.so just works.

Note that the CMake build does this by default.

Signed-off-by: Harmen Stoppels <harmenstoppels@gmail.com>
2021-11-05 09:31:22 +01:00
openluopworld 5d5f520d3a An initialization vector IV can have any number of bits between 1 and
2^64. So it should be filled to the lower 64-bit in the last step
when computing ghash.

Signed-off-by: openluopworld <wuhanluop@163.com>
2021-11-05 00:13:43 +08:00
Gilles Peskine 19191039f9 Note the change to PSA_ALG_IS_HASH_AND_SIGN in the changelog
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 13:19:02 +01:00
Mateusz Starzyk 21cac07626 Add changelog entry for new PSA Crypto API macros.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-11-03 12:38:57 +01:00
Manuel Pégourié-Gonnard 1f1bc2df7c
Merge pull request #5117 from gilles-peskine-arm/psa-rsa-pss_any_salt-2.x
Backport 2.x: PSA: fix salt length for PSS verification
2021-10-29 16:36:46 +02:00
Manuel Pégourié-Gonnard 0c81ba7856
Merge pull request #4944 from gilles-peskine-arm/remove-greentea-2.x
Backport 2.x: Remove on-target testing
2021-10-29 09:33:26 +02:00
Gilles Peskine 44fa40cd56 Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length
PSA_ALG_RSA_PSS algorithm now accepts only the same salt length for
verification that it produces when signing, as documented.

Fixes #4946.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:07:27 +02:00
Gilles Peskine 1222fed513 Fix typo in documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine 3f0722c1af Fix the build of sample programs without mbedtls_strerror
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine 327c33fc7f Base64 range-based constant-flow code: changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:22:43 +02:00
Gilles Peskine e4739ab5ef
Merge pull request #5038 from mprse/issue_4551_2x
Backport 2.x: Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key #5037
2021-10-18 10:39:26 +02:00
Gilles Peskine 95f2324c5e
Merge pull request #4845 from mstarzyk-mobica/ecb-alt-ret-2.2x
Backport 2.2x: Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
2021-10-14 12:11:04 +02:00
Przemyslaw Stekiel d6ead7ca84 Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-11 16:39:32 +02:00
Przemyslaw Stekiel 479a13d181 Add change-log entry
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-07 12:40:55 +02:00
Gilles Peskine a4e060b87b
Merge pull request #5000 from mprse/mbedtls_cipher_setup_psa_ECB_2x
Backport 2.x: Fix test gap: mbedtls_cipher_setup_psa() with ECB
2021-10-01 14:49:25 +02:00