lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-05 19:35:48 +03:00
Code Activity
18,895 Commits 174 Branches 272 Tags
ae59c5232274df36b1b58dd52eb74cb153829a1a
Commit Graph

18895 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Rodgman
e0be6bfafa Merge pull request #8324 from tom-daubney-arm/fix_mbedtls_styling_docs_228 
Backport 2.28: Correct styling of Mbed TLS in documentation
 2023-10-06 20:07:40 +00:00
Thomas Daubney
0814a22490 Correct styling of Mbed TLS in documentation 
Several bits of documentation were incorrectly styling Mbed TLS
as MbedTLS.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-10-06 17:37:01 +01:00
Dave Rodgman
360320a660 Merge pull request #8293 from daverodgman/check-changelog-exts-2.28 
2.28 backport - Check changelog extensions
 2023-10-05 17:22:45 +00:00
minosgalanakis
064e732640 Merge pull request #1102 from Mbed-TLS/mbedtls-2.28.5_mergeback 
Mbedtls 2.28.5 mergeback
 2023-10-05 17:33:08 +01:00
Paul Elliott
36a4ea5c01 Merge pull request #8302 from davidhorstmann-arm/cmake-fix-3rdparty-custom-config-2.28 
[Backport 2.28] CMake: fix build with 3rdparty module enabled through a custom config
 2023-10-04 22:59:43 +00:00
minosgalanakis
47e8cc9db2 Merge pull request #1092 from Mbed-TLS/mbedtls-2.28.5rc0-pr 
Mbedtls 2.28.5rc0 pr
v2.28.5 mbedtls-2.28.5 		2023-10-04 23:11:08 +01:00
Minos Galanakis
e18540886c Updated BRANCHES.md 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-04 21:05:17 +01:00
Gilles Peskine
66a868b6af CMake: fix build with 3rdparty module enabled through a custom config 
Fixes #8165

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-04 15:11:10 +02:00
Minos Galanakis
468d6e8e0e ChangeLog: Set release date 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 22:28:07 +01:00
Minos Galanakis
7de3eed636 Prepare ChangeLog for 2.28.5 release 
```
./scripts/assemble_changelog.py
```

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 22:26:03 +01:00
Minos Galanakis
c7a8ea998d Bump version to 2.28.5 
```
./scripts/bump_version.sh --version 2.28.5
```

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 22:24:04 +01:00
Minos Galanakis
6d169947e9 Merge branch 'mbedtls-2.28-restricted' into mbedtls-2.28.5rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 22:22:36 +01:00
Dave Rodgman
3c6b7c8efc Move check into list_files_to_merge 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-02 17:20:08 +01:00
Dave Rodgman
68cb9359a6 Check for incorrect changelog extensions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-02 17:03:47 +01:00
Dave Rodgman
da635ab657 Merge pull request #8280 from gilles-peskine-arm/ssl_cache-negative_errors-2.28 
Backport 2.28: ssl_cache: misc improvements
 2023-09-29 17:58:10 +00:00
Dave Rodgman
8c28032537 Merge pull request #8279 from gilles-peskine-arm/mbedtls_ecdsa_can_do 
Backport 2.28: Bug Fix: mbedtls_ecdsa_verify_restartable fails with ECDSA_SIGN_ALT
 2023-09-29 13:11:43 +00:00
Gilles Peskine
5856fd32dd Changelog entry for mbedtls_ssl_cache error code fixes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-29 13:42:47 +02:00
Gilles Peskine
fe4d93ad4d ssl_cache: return error codes on error 
mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() returned 1 on many error
conditions. Change this to returning a negative MBEDTLS_ERR_xxx error code.

Completeness: after this commit, there are no longer any occurrences of
`return 1` or `ret = 1`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-29 13:40:33 +02:00
Gilles Peskine
917dd8bd81 Add new error code for SSL cache entry not found 
There was no good error to return in this case.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-29 13:39:49 +02:00
JonathanWitthoeft
3ead877b68 Adjust ChangeLog 
Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
 2023-09-29 13:31:49 +02:00
JonathanWitthoeft
930679a1d7 Make mbedtls_ecdsa_can_do definition unconditional 
Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
 2023-09-29 13:31:48 +02:00
JonathanWitthoeft
bfb0b39460 Bug Fix: mbedtls_ecdsa_verify_restartable fails with ECDSA_SIGN_ALT 
When ECDSA_SIGN_ALT but not ECDSA_VERIFY_ALT, mbedtls_ecdsa_can_do was not being defined causing mbedtls_ecdsa_verify_restartable to always fail

Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
 2023-09-29 13:31:47 +02:00
Dave Rodgman
ba1d63e36f Merge pull request #1085 from daverodgman/update-ct-changelog-2.28 
Backport 2.28: Update padding const-time fix changelog
 2023-09-28 11:34:03 +01:00
Dave Rodgman
0ea272d110 Update padding const-time fix changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-27 16:31:33 +01:00
Dave Rodgman
dce82cd914 Merge pull request #8254 from paul-elliott-arm/fix_travis_coverity_build_2_28 
[Backport 2.28] Re-add python install of requirements to Travis CI.
 2023-09-26 16:56:17 +00:00
Dave Rodgman
7a8ec0f56c Merge pull request #8209 from lpy4105/issue/8168/2.28_fix-aesni-selection 
2.28: Fix AESNI selection
 2023-09-26 16:55:28 +00:00
Paul Elliott
13481f0439 Re-add python install of requirements to Travis CI. 
Also correct 'distro to 'dist' and update ubuntu to jammy and python
to 3.10 to hopefully fend off future issues. Too much got removed
when disabling travis and the Coverity scan build was failing on 'make
generated-files', due to lack of installed python dependencies

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-09-26 16:04:44 +01:00
Pengyu Lv
8068b0835b Fix comment 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-09-26 09:27:04 +08:00
Gilles Peskine
9fe480a5f6 Merge pull request #1081 from waleed-elmelegy-arm/backport_check-set_padding-is-called 
Backport 2.28: Check set_padding has been called in mbedtls_cipher_finish
 2023-09-25 17:12:41 +02:00
Waleed Elmelegy
916ed7b8db restore internal comment in cipher.h due to LTS 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-25 15:18:48 +01:00
Waleed Elmelegy
8ce42ebd87 Remove invalid comments from cipher.h 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-25 14:21:49 +01:00
Manuel Pégourié-Gonnard
e4138e3279 Fix a typo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 14:13:24 +01:00
Manuel Pégourié-Gonnard
8013e685f5 Clarify calling sequence in the Cipher layer 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 14:12:08 +01:00
Manuel Pégourié-Gonnard
3697954ac6 Fix inconsistent documentation of cipher_setup() 
- the \internal note said that calling cipher_init() first would be made
mandatory later, but the documention of the ctx parameter already said
the context had to be initialized...
- the documentation was using the word initialize for two different
meanings (calling setup() vs calling init()), making the documentation
of the ctx parameter quite confusing (you must initialize before you can
initialize...)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 14:10:49 +01:00
Dave Rodgman
fb6f2cc9d7 Merge pull request #1082 from daverodgman/padding-ct-changelog-2.28 
Backport 2.28: Add Changelog for CT fixes
 2023-09-25 14:02:16 +01:00
Dave Rodgman
0ab94d1239 Merge pull request #1077 from daverodgman/better-ct-2.28 
2.28 backport - Use CT module more consistently
 2023-09-25 11:50:16 +01:00
Dave Rodgman
e8358d400f Add Changelog for CT fixes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-25 11:34:35 +01:00
Gilles Peskine
b53e630d8a Merge pull request #8245 from paul-elliott-arm/remove_travis_ci_2.28 
[Backport 2.28] Remove all travis builds except for coverity_scan
 2023-09-24 19:59:13 +02:00
Paul Elliott
471425def2 Remove all travis builds except for coverity_scan 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-09-22 17:58:57 +01:00
Waleed Elmelegy
08fd33a875 Add warning to mbedtls_cipher_setup() about setting padding mode 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-22 14:45:25 +01:00
Gilles Peskine
f8fc956714 Merge pull request #1072 from gilles-peskine-arm/ssl_decrypt_stream_short_buffer-2.28 
Backport 2.28: Fix buffer overread in mbedtls_ssl_decrypt_buf with stream cipher
 2023-09-22 11:43:01 +02:00
Gilles Peskine
326ba3c0bb mbedtls_ssl_decrypt_buf(): fix buffer overread with stream cipher 
With stream ciphers, add a check that there's enough room to read a MAC in
the record. Without this check, subtracting the MAC length from the data
length resulted in an integer underflow, causing the MAC calculation to try
reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-21 18:25:05 +02:00
Gilles Peskine
dc48f6ed27 Test mbedtls_ssl_decrypt_buf(): stream cipher, negative cases 
Test mbedtls_ssl_decrypt_buf() with a stream cipher (RC4 or null). Test the
good case (to make sure the test code constructs the input correctly), test
with an invalid MAC, and test with a shortened input.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-21 18:25:05 +02:00
Gilles Peskine
2198cc5273 Refactoring: create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-21 18:24:38 +02:00
Gilles Peskine
027e1b4b3d Refactoring: prepare to create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-21 18:24:38 +02:00
Gilles Peskine
9013b818c6 Move testing of mbedtls_ssl_decrypt_buf to a new test suite 
test_suite_ssl is huge and needs splitting.

Create a new test suite focused on mbedtls_ssl_decrypt_buf(), which is a
complicated function that needs more thorough testing with malformed inputs.
At this point, we are only doing negative testing with CBC-non-ETM test
suites. This needs to grow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-21 18:24:36 +02:00
Pengyu Lv
20384f416e Fix the comments of some guards 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-09-21 10:14:16 +08:00
Dave Rodgman
6063d82f04 Correct macro guards in constant_time_internal.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 21:54:15 +01:00
Dave Rodgman
5ea6bb06a7 Add cast for MSVC 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 20:14:15 +01:00
Dave Rodgman
caa942569f Improve return value handling 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 19:26:08 +01:00