lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-12-11 02:02:32 +03:00
Code Activity
18,950 Commits 176 Branches 276 Tags
archive/mbedtls-2.28
Commit Graph

18950 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
minosgalanakis
6a58fa8122 Merge pull request #1331 from Mbed-TLS/mbedtls-2.28.10_mergeback 
Mbedtls 2.28.10 mergeback
 2025-03-24 16:48:56 +00:00
minosgalanakis
2fc8413bfc Merge pull request #1329 from Mbed-TLS/mbedtls-2.28.10rc0-pr 
Mbedtls 2.28.10rc0 pr
v2.28.10 mbedtls-2.28.10 		2025-03-20 23:13:48 +00:00
Minos Galanakis
71a228202c Update BRANCHES.md 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-19 20:20:22 +00:00
Minos Galanakis
78a2a31a72 Finalise ChangeLog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 17:23:31 +00:00
Minos Galanakis
92e298ed2a Version Bump for 2.28.10 
./scripts/bump_version.sh --version 2.28.10

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 17:17:34 +00:00
Minos Galanakis
1b94fc6344 Assemble Changelog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:51:19 +00:00
Minos Galanakis
43bb98f55b Changelog: Added CVE. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:44:06 +00:00
Manuel Pégourié-Gonnard
70407cbdce Merge pull request #1325 from Mbed-TLS/pre-2.28.9-upstream-merge 
Merge upstream/mbedtls2.28 into mbedtls2.28-restricted
 2025-03-17 09:31:11 +01:00
Minos Galanakis
d69bfb904d Merge remote-tracking branch 'upstream/mbedtls-2.28' into pre-2.28.9-upstream-merge 2025-03-14 14:26:47 +00:00
Gilles Peskine
73cbd3104c Merge pull request #10059 from gilles-peskine-arm/mbedtls_net_send-api-desc-tweak-2.28 
Backport 2.28: mbedtls_net_send API description typo fix
 2025-03-13 16:57:35 +00:00
Gilles Peskine
ef96fc616e Merge pull request #10053 from gilles-peskine-arm/doc-threading-needed-by-psa-2.28 
Backport 2.28: Document PSA's need for threading
 2025-03-13 15:42:52 +00:00
Bence Szépkúti
85cb1f5fad Merge pull request #10044 from Mbed-TLS/msvc-format-size-macros-2.28 
[Backport 2.28] Fix preprocessor guards for C99 format size specifiers
 2025-03-13 10:09:18 +00:00
Noah Pendleton
1567199c89 mbedtls_net_send API description typo fix 
Signed-off-by: Noah Pendleton <noah.pendleton@gmail.com>
 2025-03-13 10:32:46 +01:00
Gilles Peskine
23981ad57f Merge pull request #10026 from waleed-elmelegy-arm/mbedtls-2.28-fix-key-deriv-bad-state-error 
Backport 2.28: Fix psa_key_derivation_input_bytes() not detecting bad state
 2025-03-13 09:31:07 +00:00
Bence Szépkúti
cb094f9192 Use an array of strings instead of pointer smuggling 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-12 19:16:47 +01:00
David Horstmann
6070470dfd Merge pull request #1321 from davidhorstmann-arm/calc-finished-check-return-2.28 
[Backport 2.28] TLS1.2: Check for failures in Finished calculation
 2025-03-12 17:35:48 +00:00
Bence Szépkúti
cfadd96a9b Clarify changelog 
Remove mention of the shipped .sln files, as those are planned to be
removed from Mbed TLS.

Clarify the affected CRT headers.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-12 17:32:23 +01:00
David Horstmann
226daac168 Declare conversion function even without 1.2 
In 2.28 we may only enable TLS 1.0 or 1.1 in which case this function is
still needed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-12 13:58:01 +00:00
David Horstmann
09072663a7 Convert PSA errors to Mbed TLS MD errors 
Factor out a static function to perform error conversion and use it for
the calc_verify() functions along with the place where it is currently
used.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-12 12:03:13 +00:00
David Horstmann
2b85729d23 Add checking to missed case of calc_finished() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-11 18:13:02 +00:00
Gilles Peskine
a0b25120db Merge pull request #1317 from gilles-peskine-arm/zeroize-psa-202503-2.28 
Backport 2.28: Zeroize PSA temporary heap buffers
 2025-03-11 17:38:36 +01:00
David Horstmann
78302e263c Add MBEDTLS_CHECK_RETURN_CRITICAL annotation 
Ensure that the compiler will warn us if we do not check the
return of calc_verify in future.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-11 16:01:51 +00:00
David Horstmann
b81920dc8f Add changelog entry for TLS 1.2 Finished fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-11 15:54:09 +00:00
Gilles Peskine
012ebb01f9 Document PSA's need for threading 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-11 15:04:05 +01:00
Waleed Elmelegy
254cadac70 Replace zero by PSA_ALG_NONE in key derivation internal functions 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-11 12:27:34 +00:00
David Horstmann
68014b2b80 Return and propagate errors in calc_finished() 
Allow calc_finished to return an error code and propagate that back to
the original function. If an error is returned by a PSA function,
propagate it upwards instead of continuing, so that we do not fail to
properly check the finished message.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-10 14:29:11 +00:00
Bence Szépkúti
af07ab897c Fix comments 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-08 01:02:37 +01:00
Bence Szépkúti
ded35000b0 Update changelog to call out MinGW 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-08 00:40:47 +01:00
Bence Szépkúti
b4f25121cc Never use %zu on MinGW 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-08 00:23:37 +01:00
Bence Szépkúti
85167e041c Remove Everest VS2010 compatibility headers 
These headers were necessary for compatibility with Visual Studio 2010,
and interfere with the system headers on Visual Studio 2013+, eg. when
building Mbed TLS using the .sln file shipped with the project.

Move the still-required definition of "inline" to callconv.h, where the
definition for GCC also lives.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-08 00:23:37 +01:00
Bence Szépkúti
e7ee902e09 Fix MSVC version guard for C99 format size specifiers 
Visual Studio 2013 (_MSC_VER == 1800) doesn't support %zu - only use it
on 2015 and above (_MSC_VER >= 1900).

%ldd works on Visual Studio 2013, but this patch keeps the two macro
definitions together, for simplicity's sake.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-08 00:23:37 +01:00
Bence Szépkúti
5d554667c4 Disable fatal assertions in Windows printf tests 
The Windows CRT treats any invalid format specifiers passed to the CRT
as fatal assertion failures. Disable thie behaviour temporarily while
testing if the format specifiers we use are supported.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-08 00:23:35 +01:00
Bence Szépkúti
94b0eea23f Test handling of format macros defined in debug.h 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-07 17:59:00 +01:00
Bence Szépkúti
27da54de49 Run test_suite_debug without MBEDTLS_SSL_TLS_C 
Move the suite's global dependency on MBEDTLS_SSL_TLS_C to the
individual test cases.

Add an preprocesor guard around string_debug to prevent warning about unused
functions.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-07 17:58:58 +01:00
Gilles Peskine
466ebe8ced Zeroize temporary heap buffers used in PSA operations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-06 22:43:23 +01:00
David Horstmann
c43a9d5576 Merge pull request #1313 from gilles-peskine-arm/ssl-hostname-unset-magic-pointer-2.28 
Backport 2.28: require setting the hostname for verification
 2025-03-05 17:59:19 +00:00
Waleed Elmelegy
e014887ea5 Fix code style for key derivation input function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 15:01:38 +00:00
Waleed Elmelegy
3dee9a92e4 Replace zero by PSA_ALG_NONE in key derivation test function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 13:13:17 +00:00
Waleed Elmelegy
76bafb6a33 Replace zero by PSA_ALG_NONE in key derivation testing 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 13:12:36 +00:00
Waleed Elmelegy
fd01e44cbe Simplify testing psa_key_derivation_input_*() bad state 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 13:11:26 +00:00
Waleed Elmelegy
c8c89eda5d Fix psa_key_derivation_input_integer() not detecting bad state 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-03-03 13:04:12 +00:00
Gilles Peskine
2cc9dcbbcc Document the need to call mbedtls_ssl_set_hostname 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-25 18:47:55 +01:00
Gilles Peskine
538553fa7b Improve documentation of mbedtls_ssl_set_hostname 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-25 18:47:55 +01:00
Gilles Peskine
6310e98fa5 Expose mbedtls_ssl_get_hostname_pointer() 
In 2.28, the `hostname` field of `mbedtls_ssl_context` is part of the public
API. We've slightly changed its meaning in order to fix a security issue.
Document the new function mbedtls_ssl_get_hostname_pointer() which
returns what used to be the value of this field.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-25 18:47:55 +01:00
Gilles Peskine
7d193acf01 Expand and rectify the documentation of mbedtls_ssl_context::hostname 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-25 18:47:55 +01:00
Gilles Peskine
8f964d4677 Changelog entries for requiring mbedls_ssl_set_hostname() in TLS clients 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-25 18:47:55 +01:00
Gilles Peskine
1ecf2c7d57 Add a note about calling mbedtls_ssl_set_hostname to mbedtls_ssl_setup 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-25 18:47:55 +01:00
Gilles Peskine
1309493225 Run part of ssl-opt.sh in full_no_deprecated 
In particular, run the test case
"Authentication: hostname unset, client required, secure config, CA callback"

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-25 18:47:24 +01:00
Gilles Peskine
f086b8f0f1 mbedtls_ssl_set_hostname tests: add tests with CA callback 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-24 18:04:29 +01:00
Gilles Peskine
18b52ce40c Call mbedtls_ssl_set_hostname in the generic endpoint setup in unit tests 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-24 18:04:29 +01:00