mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 08:42:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Reword ChangeLog entry for shared memory work

Browse Source 
Specifically:
* Clarify that passing shared buffers is now secure by default (not
  newly supported)
* Remove spurious hyphen
* Clarify that we do not guarantee copying, but rather guarantee
  protection, allowing us to implement this differently in future if
  required.
* Mention both protection of inputs from modification and outputs from
  exposure of intermediate results.
* Invert the config option, from an enable-option to a disable-option.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
This commit is contained in:
David Horstmann 2024-03-12 16:47:46 +00:00
parent 5fb5cce066
commit 1d3276da65
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
ChangeLog.d/psa-shared-memory-protection.txt
View File

@ -1,8 +1,10 @@
Security Security
* Support calling PSA functions with buffer arguments that are in memory * Passing buffers that are stored in untrusted memory as arguments
shared with an untrusted party. The PSA core now makes copies of all to PSA functions is now secure by default.
buffers before passing them to drivers to protect drivers against The PSA core now protects against modification of inputs or exposure
modification of buffers during operations. of intermediate outputs during operations. This is currently implemented
This feature increases code-size and memory usage. If buffers passed to by copying buffers.
PSA functions are all trusted, buffer copying may be disabled by This feature increases code size and memory usage. If buffers passed to
unsetting MBEDTLS_PSA_COPY_CALLER_BUFFERS. PSA functions are owned exclusively by the PSA core for the duration of
the function call, copying may be disabled by setting
MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS.