Paul Elliott
f294ff5d87
Make changelog more specific
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-10 17:48:12 +00:00
Paul Elliott
fe724fe618
Fix for pkcs12 with NULL or zero length password
...
Previously passing a NULL or zero length password into either
mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate
loop, and it was also possible to pass a NULL password, with a non-zero
length, which would cause memory corruption.
I have fixed these errors, and improved the documentation to reflect the
changes and further explain what is expected of the inputs.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-10 17:48:12 +00:00
Gilles Peskine
18a59b7d4c
Merge pull request #5306 from gilles-peskine-arm/test-missing-ret-check-202112-2.x
...
Backport 2.x: Missing error checks + test bug on unlikely failure
2021-12-10 17:41:49 +01:00
Minos Galanakis
5c93a9f214
Update changelog & readme
...
This patch adds explicit wording to state
that Two's complement is the official
supported signed integer representation.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2021-12-10 15:57:54 +00:00
Gilles Peskine
3fc0d30447
Don't fail until everything is initialized
...
Can't call mbedtls_cipher_free(&invalid_ctx) in cleanup if
mbedtls_cipher_init(&invalid_ctx) hasn't been called.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-10 14:45:41 +01:00
Gilles Peskine
3d28378734
Check return values in more places
...
Selective replacement of
```
^\( *\)\(mbedtls_\(md\|cipher\)_[A-Z_a-z0-9]+\)\((.*)\);
```
by
```
\1if( \2\4 != 0 )
\1{
\1 mbedtls_fprintf( stderr, "\2() returned error\\n" );
\1 goto exit;
\1}
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-10 14:45:41 +01:00
Gilles Peskine
362d6efbde
Merge pull request #5301 from paul-elliott-arm/test_suite_cipher_returns_2.x
...
Backport 2.x : Add checked return to cipher setup in Cipher tests
2021-12-10 10:40:01 +01:00
Gilles Peskine
4a5396ec25
Merge pull request #5299 from paul-elliott-arm/crypt_and_hash_prog_2.x
...
Backport 2.x: Add checks for return values to md functions in crypt and hash
2021-12-09 23:32:52 +01:00
Gilles Peskine
51377d8a73
Merge pull request #5280 from davidhorstmann-arm/2.x-improve-cmac-docs
...
Backport 2.x: Reword documentation of CMAC operations
2021-12-09 23:28:39 +01:00
Gilles Peskine
c2c1c22dda
Merge pull request #5298 from paul-elliott-arm/ssl_context_info_prog_2.x
...
Backport 2.x: Two fixes for SSL context info sample program
2021-12-09 23:22:54 +01:00
Paul Elliott
68b64cd64c
Add checked return to cipher setup
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 21:37:23 +00:00
Paul Elliott
d068876181
Add checks for return values to md functions
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 18:51:56 +00:00
Paul Elliott
8f20bab14d
Fix printf format specifier
...
Also mark function as printf variant so compiler will pickup any future
issues.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 18:35:13 +00:00
Paul Elliott
110afd0e4d
Prevent resource leak
...
If -f was used as an argument twice to the program, then it would leak
the file resource, due to overwriting it on the second pass
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 18:33:22 +00:00
Ronald Cron
620cbb9bf5
Merge pull request #5262 from xffbai/code-align-backport2.x
...
Backport 2.x: Fix (d)tls1_2 into (d)tls12 in version options
2021-12-09 16:26:24 +01:00
Manuel Pégourié-Gonnard
c3319e73db
Merge pull request #5189 from gilles-peskine-arm/struct_reordering_2.x
...
Backport 2.x: Reorder structure fields to maximize usage of immediate offset access
2021-12-09 12:54:13 +01:00
Manuel Pégourié-Gonnard
218abe081c
Merge pull request #5284 from gabor-mezei-arm/4926_bp2x_base64_move_constant-time_functions
...
[Backport 2.x] Move base64 constant-time functions to the new module
2021-12-09 12:40:24 +01:00
Gabor Mezei
00e08a3a21
Update generated files
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-12-09 10:05:48 +01:00
Manuel Pégourié-Gonnard
9ac32eb123
Merge pull request #863 from davidhorstmann-arm/2.x-fix-session-copy-bug
...
Backport 2.x: [session] fix a session copy bug
2021-12-09 09:21:33 +01:00
Gabor Mezei
3a755f511f
Add documentation for the functions
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-12-08 16:24:22 +01:00
Gabor Mezei
46ca2f76c4
Unify function parameters
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-12-08 16:22:45 +01:00
Gabor Mezei
df29332d4b
Make mbedtls_ct_uchar_mask_of_range function static
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-12-08 16:20:39 +01:00
Gabor Mezei
f554ce21b8
Delete base64_invasive.h due to functions are moved to the constant-time module
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-12-08 16:20:27 +01:00
Gabor Mezei
3d4dba84b7
Move mbedtls_ct_base64_dec_value function to the constant-time module
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-12-08 16:20:16 +01:00
Gabor Mezei
200708d30a
Move mbedtls_ct_base64_enc_char function to the constant-time module
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-12-08 16:20:04 +01:00
Gabor Mezei
46f79c388d
Move mbedtls_ct_uchar_mask_of_range function to the constant-time module
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-12-08 16:19:41 +01:00
Gabor Mezei
7464f37e7b
Rename functions to have suitable name
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-12-08 16:19:23 +01:00
David Horstmann
0add7f96ac
Add changelog entry for session copy bugfix
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-12-08 13:29:55 +00:00
Manuel Pégourié-Gonnard
9a4a9c66a4
Merge pull request #860 from ronald-cron-arm/fix-cipher-iv_2.x
...
Backport 2.x: Avoid using encryption output buffer to pass generated IV to PSA driver
2021-12-08 13:30:11 +01:00
吴敬辉
0f6c6bc0dc
[session] fix a session copy bug
...
fix a possible double reference on 'ticket'
when peer_cert/peer_cert_digest calloc failed.
Signed-off-by: 吴敬辉 <11137405@vivo.com>
2021-12-07 17:27:31 +00:00
David Horstmann
b56f38f57b
Reword documentation of CMAC operations
...
Change the wording of the documentation for some CMAC functions,
as the existing wording, while technically correct, can be
easy to misunderstand. The reworded docs explain the flow of
a CMAC computation a little more fully.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-12-07 12:16:33 +00:00
Gilles Peskine
582f2398d4
Merge pull request #5167 from tom-cosgrove-arm/fix-builds-with-only-mbedtls_bignum_c-defined
...
Backport 2.x: Fix builds when config.h only defines MBEDTLS_BIGNUM_C
2021-12-07 12:38:04 +01:00
Ronald Cron
e7a5e985ae
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-07 09:23:27 +01:00
Gilles Peskine
ad47e6d160
Add changelog entry for build error fixes
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-06 20:58:51 +01:00
Gilles Peskine
1e313165f3
Merge pull request #5258 from gilles-peskine-arm/pip-requirements-2.x
...
Backport 2.x: In-tree Python package requirements
2021-12-03 17:25:56 +01:00
Gilles Peskine
5d6de4ebc4
Merge pull request #5254 from adeaarm/development_2.x
...
Backport 2.x: Align function parameter names for mbedtls_set_key_owner_id
2021-12-03 17:24:49 +01:00
Gilles Peskine
4b71e9b96a
Correct default requirements file name in help
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-03 13:32:10 +01:00
Xiaofei Bai
f40545d919
Fix (d)tls1_2 into (d)tls12 in version options
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-03 08:13:30 +00:00
Gilles Peskine
f3564bfe99
Add Cryptodome to maintainer requirements
...
See e.g. https://github.com/ARMmbed/mbedtls/pull/5218
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 13:19:19 +01:00
Gilles Peskine
3f5f7df75b
Remove accidental requirement on the worktree content
...
This made the build impossible since mbedtls isn't available when building
the container.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 13:19:19 +01:00
Gilles Peskine
ca07ea0802
Allow passing options to pip
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 13:19:19 +01:00
Gilles Peskine
c31780f62f
Use a method to invoke pip that works on Windows
...
Passing arguments on the command line apparently didn't work due to quoting
issues. Use a temporary file instead.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 13:19:19 +01:00
Gilles Peskine
6d253cc4fc
Travis: use the in-tree Python package requirements
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 13:19:02 +01:00
Gilles Peskine
ce8ccaf55b
Docker: Python requirements are now managed in-tree
...
Neither mbed-host-tests nor mock are currently used.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 13:07:58 +01:00
Gilles Peskine
e4d142f1e7
Script to install minimum versions of the requirements
...
Wherever we have a requirement on foo>=N, install foo==N. This is for
testing, to ensure that we don't accidentally depend on features that are
not present in the minimum version we declare support for.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 13:07:58 +01:00
Gilles Peskine
12fe74e360
Declare which Python packages we use
...
Add pip requirements files. We'll have separate requirements files for
different target audiences. Each file can use `-r` lines to include other
files.
This commit adds two requirement files: one with everything that's needed to
pass the CI, and one with additional tools that are suggested for Mbed TLS
maintainers to install locally.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 13:07:20 +01:00
Andrzej Kurek
2c2c1778f7
Add a changelog entry for the ChaCha20 default behavior change
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-12-02 09:32:23 +01:00
Andrzej Kurek
e6728203d2
Add a missing test case to ChaCha20 tests - decrypt empty buffer
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-12-02 09:32:15 +01:00
Andrzej Kurek
d353043380
Return an error for IV lengths other than 12 with ChaCha20+Poly1305
...
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-12-02 09:31:58 +01:00
Andrzej Kurek
5375fd9a3f
Return an error for IV lengths other than 12 with ChaCha20
...
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-12-02 09:29:49 +01:00