ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-07-16 12:31:18 +08:00
Code Issues Releases Wiki Activity
32,061 Commits 173 Branches 272 Tags
Commit Graph

32061 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Minos Galanakis
caaffc1e7e Built-in lms/lmots driver: Harden public key import against enum truncation 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-06-04 15:54:46 +01:00
Minos Galanakis
548e2dbf65 Built-in lms driver: Added input guard 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-06-04 15:20:38 +01:00
Manuel Pégourié-Gonnard
d9c141749b
Merge pull request #1345 from davidhorstmann-arm/pkcs7-side-channel-missing-credit-3.6 
Add credit to the reporters of the PKCS7 issue
 2025-05-28 11:49:35 +02:00
Manuel Pégourié-Gonnard
1e9267c993
Merge pull request #1340 from mpg/fix-string-to-names-uaf-3.6 
[3.6] Fix string to names memory management
 2025-05-21 14:48:43 +02:00
Manuel Pégourié-Gonnard
8ac3eb9833 Avoid a useless copy in cert_{req,write} 
I'm just trying to have a shorter name to avoid repeating a long
expression. This is a job for a pointer, not copying a struct.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-05-21 11:17:39 +02:00
Manuel Pégourié-Gonnard
8429619a92 Fix type in ChangeLog 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-05-19 12:29:11 +02:00
Manuel Pégourié-Gonnard
8a6fc08607 Add comment on apparent type mismatch 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-05-19 12:28:42 +02:00
Manuel Pégourié-Gonnard
35f2220e37 Remove redundant free loop 
This version is incomplete. I failed to noticed it when adding a more
complete version, making the existing one redundant.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-05-19 12:21:32 +02:00
David Horstmann
ddbf8d030a Add credit to the reporters of the PKCS7 issue 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-05-14 15:45:00 +01:00
Manuel Pégourié-Gonnard
219c3368eb
Merge pull request #1306 from davidhorstmann-arm/pkcs7-padding-side-channel-fix-3.6 
[Backport 3.6] Fix side channel in PKCS7 padding
 2025-05-06 09:34:40 +02:00
Manuel Pégourié-Gonnard
f9ac5e7728 Add unit test for new behaviour of string_to_names() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-05-05 18:25:26 +02:00
Manuel Pégourié-Gonnard
0803df29fc Fix memory leak in cert_write & cert_req 
That memory leak had been present ever since the san command-line
argument has been added.

Tested that the following invocation is now fully valgrind clean:

programs/x509/cert_write san=DN:C=NL,CN=#0000,CN=foo;DN:CN=#0000,O=foo,OU=bar,C=UK;IP:1.2.3.4;IP:4.3.2.1;URI:http\\://example.org/;URI:foo;DNS:foo.example.org;DNS:bar.example.org

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-05-05 17:45:43 +02:00
Manuel Pégourié-Gonnard
4dd52b7cfe Fix runtime error in cert_write & cert_req 
The runtime error was introduced two commits ago (while avoiding a
use-after-free). Now the programs run cleanly but still leak memory.

The memory leak is long pre-existing and larger than just DN components
(which are made temporarily slightly worse by this commit) and will be
fixed properly in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-05-05 17:16:15 +02:00
Manuel Pégourié-Gonnard
acdcb7fcd1 Restore behaviour of mbedtls_x509write_set_foo_name() 
The documentation doesn't say you can't call these functions more than
once on the same context, and if you do it shouldn't result in a memory
leak. Historically, the call to mbedtls_asn1_free_named_data_list() in
mbedtls_x509_string_to_names() (that was removed in the previous commit)
was ensuring that. Let's restore it where it makes sense. (These are the
only 3 places calling mbedtls_x509_string_to_names() in the library.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-05-05 16:49:45 +02:00
Manuel Pégourié-Gonnard
19d2c9165a Fix undocumented free() in x509_string_to_names() 
Now programs/x509/cert_write san="DN:CN=#0000;DN:CN=#0000" is no longer
crashing with use-after-free, instead it's now failing cleanly:

 failed
  !  mbedtls_x509_string_to_names returned -0x2800 - X509 - Input invalid

That's better of course but still not great, will be fixed by future
commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-05-05 16:44:18 +02:00
David Horstmann
3bd433d38a
Merge pull request #10150 from gilles-peskine-arm/pylint-check-str-concat-3.6 
Backport 3.6: Pylint: Complain about a missing comma in multiline lists of strings
 2025-04-28 16:53:39 +00:00
Gilles Peskine
ae18357880
Merge pull request #10138 from XavierChapron/xch/constify-mbedtls_cipher_base_lookup_table-3.6 
Constify cipher_wrap:mbedtls_cipher_base_lookup_table
 2025-04-24 17:49:03 +00:00
Gilles Peskine
cc4649dd7f Complain about a missing comma in multiline lists of strings 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-24 19:37:58 +02:00
Gilles Peskine
0dd76e0470 Prepare framework for pylint check-str-concat-over-line-jumps 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-24 19:37:41 +02:00
Gilles Peskine
84442115ff
Merge pull request #10137 from gilles-peskine-arm/test_suite_ssl-fix-ret-20250408-3.6 
Backport 3.6: Fix uncaught failure conditions in test_suite_ssl
 2025-04-23 16:42:17 +00:00
Gilles Peskine
74383ab137
Merge pull request #10132 from valeriosetti/issue157-3.6 
[3.6] Make demo_common.sh usable on its own
 2025-04-18 11:11:11 +00:00
Valerio Setti
309ca525ac framework: update reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-04-18 10:31:28 +02:00
Xavier Chapron
afedef5eea Constify cipher_wrap:mbedtls_cipher_base_lookup_table 
This structure is initialized during the compilation and there is no
reason it changes.
Making it const allows the compiler to put it in .rodata section instead
of .data one.

Signed-off-by: Xavier Chapron <chapron.xavier@gmail.com>
 2025-04-18 09:24:36 +02:00
David Horstmann
e08edcc494
Merge pull request #9469 from mfil/feature/backport36_implement_tls_exporter 
[Backport 3.6] Implement TLS-Exporter
 2025-04-17 14:47:20 +00:00
Gilles Peskine
0e6032dd94 Fix some test helper functions returning 0 on some failures 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-17 10:35:04 +02:00
Gilles Peskine
1ff12810e5 Check the status of mbedtls_ssl_set_hostname() 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-17 10:35:03 +02:00
Max Fillinger
1b0e2e903b Add missing ifdef for mbedtls_ssl_tls13_exporter 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 14:35:24 +02:00
Max Fillinger
40c202461f Add label_len argument to non-PSA tls_prf_generic 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
820e5cc29b Fix dependencies for TLS-Exporter tests 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
0b65a91eea Fix doxygen for MBEDTLS_SSL_KEYING_MATERIAL_EXPORT 
Error was introduced while resolving a merge conflict.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
5122dc6219 Fix mistake in previous comment change 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
7833b18008 Fix HkdfLabel comment 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
529931a34a Allow maximum label length in Hkdf-Expand-Label 
Previously, the length of the label was limited to the maximal length
that would be used in the TLS 1.3 key schedule. With the keying material
exporter, labels of up to 249 bytes may be used.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
6a64f0f171 Exporter: Add min. and max. label tests 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
76bb753054 Fix max. label length in key material exporter 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
97a287953f Document BAD_INPUT_DATA error in key material exporter 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
c361064dee Fix requirements for TLS 1.3 Exporter compat test 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
6f7cf0e402 Use mbedtls_calloc, not regular calloc 
Also fix the allocation size.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
2310c1970b Add fixed compatibility test for TLS 1.3 Exporter 
When testing TLS 1.3, use O_NEXT_CLI.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
e009158d71 Remove exporter compatibility test for TLS 1.3 
The openssl version in the docker image doesn't support TLS 1.3, so we
can't run the test.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
0faf5d19a7 Fix openssl s_client invocation 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:49 +02:00
Max Fillinger
d22493f86b Print names of new tests properly 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:49 +02:00
Max Fillinger
a442aea2be Fix memory leak in example programs 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:49 +02:00
Max Fillinger
9c3a7ba6da ssl-opt.sh: Add tests for keying material export 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:49 +02:00
Max Fillinger
c8f936e746 mbedtls_test_ssl_do_handshake_with_endpoints: Zeroize endpoints 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-04-16 11:24:49 +02:00
Max Fillinger
ede294ea42 Exporter tests: Don't use unavailbable constant 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:49 +02:00
Max Fillinger
2c2a6ac64c Exporter tests: Add missing depends-ons 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:47 +02:00
Max Fillinger
8ee21410f1 Use one maximum key_len for all exported keys 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:23:42 +02:00
Max Fillinger
fb7e578689 Exporter tests: Reduce key size in long key tests 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:23:42 +02:00
Max Fillinger
20e4ac8b3e Exporter tests: Free endpoints before PSA_DONE() 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:23:42 +02:00