Gilles Peskine
0d27366520
Merge pull request #4448 from stevew817/backport_allow_cmac_alt_without_3des
...
[Backport 2.x] Allow CMAC_ALT implementations to not support 3DES
2021-04-30 12:45:25 +02:00
Gilles Peskine
222921830a
Merge pull request #4438 from gilles-peskine-arm/aes2crypt-removal-2.x
...
Backport 2.x: Remove the sample program aescrypt2
2021-04-30 11:15:25 +02:00
Steven Cooreman
91e2bab7fb
Add documentation for change in CMAC self-test behaviour
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-30 10:09:52 +02:00
Gilles Peskine
4ad0967125
Merge pull request #4430 from gilles-peskine-arm/dhm_min_bitlen-bits
...
Backport 2.x: Enforce dhm_min_bitlen exactly
2021-04-29 14:55:36 +02:00
Gilles Peskine
e0427c777f
Merge pull request #4434 from chris-jones-arm/development
...
Backport 2.x: Add macro to check error code additions/combinations
2021-04-28 16:47:26 +02:00
Gilles Peskine
98b3cd6b23
Remove the sample program aescrypt2
...
The sample program aescrypt2 shows bad practice: hand-rolled CBC
implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key
stretching, no algorithm agility. The new sample program pbcrypt does
the same thing, but better. So remove aescrypt2.
Fix #1906
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-28 15:57:30 +02:00
Ronald Cron
931d91e307
Merge pull request #4243 from bensze01/psa_vararg
...
PSA: Update AEAD output buffer macros to PSA API version 1.0
2021-04-28 08:36:06 +02:00
Dave Rodgman
46266670e9
Improve changelog entry for #4217
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-27 17:08:26 +01:00
Steven Cooreman
7f7f6b8ba9
Add changelog entry for #4217
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-27 17:08:26 +01:00
Bence Szépkúti
58d8518eb1
Update changelog
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-27 04:41:43 +02:00
Ronald Cron
b5939e814e
Merge pull request #4160 from stevew817/feature/driver_builtin_keys
...
Add implementation for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
Merging as it has been ready for four days now and I prefer not having to go through other rebases especially given the coming change of scope of development (3.0 rather than 2.2x).
2021-04-23 09:40:31 +02:00
Manuel Pégourié-Gonnard
0bbb38c67e
Merge pull request #4199 from TRodziewicz/mul_shortcut_fix
...
Fix ECDSA failing when the hash is all-bits-zero
2021-04-19 09:54:12 +02:00
Bence Szépkúti
8072db2fcb
Add changelog
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 17:32:16 +02:00
Steven Cooreman
5be864f645
Add changelog for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Manuel Pégourié-Gonnard
247745ffc4
Revert "Changelog added"
...
This reverts commit 0961e3db49
2021-04-15 12:27:04 +02:00
Chris Jones
fdb588b3a7
Fix an incorrect error code addition in pk_parse_key_pkcs8_unencrypted_der
...
An incorrect error code addition was spotted by the new invasive testing
infrastructure whereby pk_get_pk_alg will always return a high level
error or zero and pk_parse_key_pkcs8_unencrypted_der will try to add
another high level error, resulting in a garbage error code.
Apply the same fix from ae3741e8a
2021-04-15 11:19:56 +01:00
Manuel Pégourié-Gonnard
c039514559
Merge pull request #4334 from TRodziewicz/origin/remove_old_func_from_hashing
...
Remove deprecated things from hashing modules
2021-04-15 10:13:32 +02:00
TRodziewicz
0961e3db49
Changelog added
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-12 17:19:43 +02:00
Gilles Peskine
8f28c24b4a
Explain the problem in more concrete terms
...
Don't try to make the reader guess what a “negative zero” might mean.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-09 20:20:26 +02:00
Gilles Peskine
fd4fab0b24
mbedtls_mpi_read_string("-0") no longer produces a "negative zero"
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-09 17:13:15 +02:00
TRodziewicz
40de3c99c0
Fix Changelog, add separate test functions for hash of all-zero bits
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-07 19:16:18 +02:00
Gilles Peskine
7bc6a3749c
Merge pull request #3183 from meuter/development
...
RSA PSS signature generation with the option to specify the salt length
2021-04-06 21:36:06 +02:00
TRodziewicz
5feb6702dd
Fix the Changelog and extend tests to cover the hash of all-bits zero
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-06 19:56:42 +02:00
Gilles Peskine
889828d0b4
Merge pull request #4279 from ronald-cron-arm/fix-invalid-id-error-code
...
Fix error code when creating/registering a key with invalid id
2021-04-06 18:46:30 +02:00
Ronald Cron
602f986511
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:55:04 +02:00
Gilles Peskine
e8a2fc8461
Enforce dhm_min_bitlen exactly, not just the byte size
...
In a TLS client, enforce the Diffie-Hellman minimum parameter size
set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
minimum size was rounded down to the nearest multiple of 8.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-01 14:20:03 +02:00
Ronald Cron
2af9641a7d
Merge pull request #4198 from maulik-arm/maulik-arm/fix-4162
...
PSA Update return code for non-existing key in various key operations
2021-04-01 13:27:31 +02:00
Maulik Patel
f41be14269
Add Change log entry for bug fix.
...
Signed-off-by: Maulik Patel <Maulik.Patel@arm.com>
2021-04-01 10:01:32 +01:00
Gilles Peskine
bf792e0a82
Merge pull request #3616 from militant-daos/bug_3175
...
Fix premature fopen() call in mbedtls_entropy_write_seed_file
2021-03-30 17:33:08 +02:00
TRodziewicz
782a7eab14
ecjpake_zkp_read() now returns ...BAD_INPUT_DATA when r len == 0 and test follows that
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-03-17 11:36:31 +01:00
Ryan LaPointe
59244e87e1
Actually use the READ_TIMEOUT_MS in the sample DTLS client and server
...
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
2021-03-15 16:43:08 -04:00
Dave Rodgman
e483a77c85
Merge pull request #816 from ARMmbed/development
...
Merge recent commits from development into 2.26.0-rc
2021-03-12 16:55:26 +00:00
Paul Elliott
9907e2c334
Improve wording of ChangeLog entry
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:14:10 +00:00
Paul Elliott
3949065aef
Fix incorrect case in changelog entry
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott
6f21e11265
Add Changelog entry
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
paul-elliott-arm
0135516d55
Merge pull request #4203 from paul-elliott-arm/memsan_fix_build
...
Fix memsan build with Clang 11
2021-03-09 16:31:31 +00:00
Dave Rodgman
74755e484c
Update Changelog for 2.26.0
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-08 18:35:44 +00:00
Dave Rodgman
b4fe1053e4
Add missing changelog entry
...
Add missing changelog entry for 3698: Mark basic constraints critical
as appropriate.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-08 18:34:24 +00:00
Dave Rodgman
2d83ac100d
Add a missing changelog entry
...
Add a missing changelog entry for #3996 : Allow loading external wrapped
keys.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-08 18:34:16 +00:00
Dave Rodgman
5cce6a24d0
Merge branch 'development-restricted' into mbedtls-2.26.0-rc
2021-03-08 17:01:24 +00:00
Gilles Peskine
e252868be4
Merge pull request #4067 from stevew817/feature/allow_multilength_aead
...
Add support for key policies (MAC & AEAD)
2021-03-08 15:04:17 +01:00
Paul Elliott
fb91a48616
Fix memsan build with clang 11
...
Memsan build was reporting a false positive use of uninitialised memory
in x509_crt.c on a struct filled by an _stat function call. According to
the man pages, the element reported has to be filled in by the call, so
to be safe, and keep memsan happy, zero the struct first.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-05 14:24:03 +00:00
TRodziewicz
9edff740e1
Fix EC J-PAKE failing when the payload is all-bits-zero
...
Fix function mbedtls_ecp_mul_shortcuts() to skip multiplication when m
is 0 and simply assignt 0 to R. Additionally fix ecjpake_zkp_read() to
return MBEDTLS_ERR_ECP_INVALID_KEY when the above condintion is met.
Fix #1792
Signed-off-by: TRodziewicz <rodziewicz@gmail.com>
2021-03-04 18:19:48 +01:00
Paul Elliott
a5dce14291
Fixup changelog formatting
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:24:57 +00:00
Steven Cooreman
7de9e2db1f
Language / verbiage fixes
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
5d81481a1c
Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
# Conflicts:
# include/psa/crypto_values.h
# tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman
caad49316b
rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
ee18b1f5a4
Style and language updates after review
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
b3ce8156ce
Add support for minimum-tag-length AEAD and MAC policies
...
Includes tests.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
# Conflicts:
# include/psa/crypto_values.h
# tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
Gilles Peskine
ddf4374879
Fix stack buffer overflow in net functions with large file descriptor
...
Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout() when given a file descriptor that is beyond
FD_SETSIZE. The bug was due to not checking that the file descriptor
is within the range of an fd_set object.
Fix #4169
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-25 15:56:48 +01:00
