mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-14 09:41:12 +00:00

Author	SHA1	Message	Date
Gabor Mezei	0b04116cc8	Do not copy the content to the local output buffer with allocation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-29 10:08:16 +00:00
Gabor Mezei	f1dd0253ec	Remove write check in driver wrappers tests This check is intended to ensure that we do not write intermediate results to the shared output buffer. This check will be made obselete by generic memory-poisoning-based testing for all functions. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:18:21 +00:00
Gabor Mezei	358eb218ab	Fix buffer protection handling for `cipher_generate_iv` Use the `LOCAL_OUTPUT_` macros for buffer protection instead of the existing local variable. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:19 +00:00
Gabor Mezei	b74ac66c8b	Update test wrapper functions for ciper buffer protection Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:18 +00:00
Gabor Mezei	7abf8ee51b	Add buffer protection for `cipher_generate_iv` and `cipher_set_iv` Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:18 +00:00
Gabor Mezei	8b8e485961	Move local buffer allocation just before usage Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:18 +00:00
Gabor Mezei	4892d75e9b	Add `LOCAL_OUTPUT_ALLOC_WITH_COPY` macro if buffer protection is disabled Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:17 +00:00
Gabor Mezei	c25fbd2cc1	Fix ASAN error for `psa_cipher_update` The ASAN gives an error for `psa_cipher_update` when the `input_length` is 0 and the `input` buffer is `NULL`. The root cause of this issue is `mbedtls_cipher_update` always need a valid pointer for the input buffer even if the length is 0. This fix avoids the `mbedtls_cipher_update` to be called if the input buffer length is 0. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:17 +00:00
Gabor Mezei	b8f97a1f3f	Add test wrapper functions for cipher buffer protection Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:17 +00:00
Gabor Mezei	212eb08884	Add buffer protection for cipher functions Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:15:49 +00:00
David Horstmann	1ff95e61d7	Merge pull request #1149 from tom-daubney-arm/mac_buffer_protection Implement safe buffer copying in MAC API	2024-02-26 19:06:42 +00:00
Thomas Daubney	4a46d73bb0	Suppress pylint Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-26 13:49:26 +00:00
tom-daubney-arm	5cd611d144	Merge branch 'development-restricted' into mac_buffer_protection Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>	2024-02-22 15:26:06 +00:00
David Horstmann	cf3457ef26	Merge pull request #1132 from davidhorstmann-arm/copying-aead Copy buffers in AEAD	2024-02-20 16:07:30 +00:00
David Horstmann	b539126670	Merge pull request #1156 from Ryan-Everett-arm/key-derivation-buffer-protection Add buffer copying to the Key Derivation API	2024-02-15 11:54:20 +00:00
David Horstmann	2e7db3c0dd	Merge pull request #1142 from tom-daubney-arm/hash_buffer_protection Add secure buffer copying to PSA Hash API	2024-02-13 18:17:52 +00:00
Thomas Daubney	03f1ea3624	Change condition on wiping tag buffer Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:38 +00:00
Thomas Daubney	1ffc5cb4a5	Modify allocation and buffer wiping in sign_finish Allocate immediately after declaration and only wipe tag buffer if allocation didn't fail. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:38 +00:00
Thomas Daubney	7480a74cba	Fix code style Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:38 +00:00
Thomas Daubney	c6705c6cb2	Conditionally include exit label ... on MAC functions where the label was only added due to the modifications required by this PR. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:38 +00:00
Thomas Daubney	a1cf1010cc	Generate test wrappers for mac functions Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:35 +00:00
Thomas Daubney	8db8d1a83e	Implement safe buffer copying in MAC API Use buffer local copy macros to implement safe copy mechanism in MAC API. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:02 +00:00
Thomas Daubney	d2411565ce	Fix code style Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:43:07 +00:00
Thomas Daubney	dedd1006b6	Conditionally include exit label ...on hash functions where the label was only added due to the modifications required by this PR. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:43:07 +00:00
Thomas Daubney	45c8586a91	Generate test wrappers for hash functions Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:43:03 +00:00
Thomas Daubney	51ffac9f40	Implement buffer copy code in psa_hash_compare Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:34:02 +00:00
Thomas Daubney	31d8c0bdb4	Make new internal function static Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:34:02 +00:00
Thomas Daubney	1c5118e58c	Implement safe buffer copying in hash API Use local copy buffer macros to implement safe copy mechanism in hash API. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:34:02 +00:00
Janos Follath	ad736991bb	Merge pull request #1177 from ronald-cron-arm/tls-max-version-reset Reset properly the TLS maximum negotiable version	2024-02-09 16:04:59 +00:00
Ryan Everett	ee5920a7d5	Fix error path in `psa_key_derivation_output_bytes` Co-authored-by: David Horstmann <david.horstmann@arm.com> Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-09 15:09:28 +00:00
Ronald Cron	c522255e33	Add change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-09 08:26:58 +01:00
Ronald Cron	90abb224f7	ssl-opt.sh: Establish TLS 1.3 then TLS 1.2 session Add a test where first we establish a TLS 1.3 session, then a TLS 1.2 one with the same server. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-08 12:12:58 +01:00
Ronald Cron	587cfe65ca	ssl-opt.sh: Establish TLS 1.2 then TLS 1.3 connection Add a test where first we establish a TLS 1.2 session, then a TLS 1.3 one with the same server. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-08 12:09:42 +01:00
Ronald Cron	195c0bc24e	tls: Reset TLS maximum negotiable version When reseting an SSL context with mbedtls_ssl_session_reset() reset the TLS maximum negotiable version as configured. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-08 11:54:55 +01:00
Ryan Everett	eb8c665a53	Reformat wrapper generation code Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	5d2e82f0ce	Guard memcpy so that it won't fail on null input pointer Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	b41c3c9582	Guard the exit to stop unused label warning Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	0f54727bf4	Restructure wrapper script Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	198a4d98d5	Generate test wrappers for key derivation Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	da9227de7c	Fix psa_key_derivation_output_bytes Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	f943e22bb9	Protect key_derivation_output_bytes If the alloc fails I belive it is okay to preserve the algorithm. The alloc cannot fail with BAD_STATE, and this setting is only used to differentiate between a exhausted and blank. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	d1e398c374	Protect psa_key_derivation_input_bytes Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
David Horstmann	2f387e98a0	Merge pull request #1174 from davidhorstmann-arm/cipher-multipart-test-fix Fix a multipart test that overwrites the same buffer twice	2024-02-07 17:18:48 +00:00
David Horstmann	b8dc2453f1	Update buffer start and length in multipart test This fixes a test failure in which the buffer was not properly filled. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 17:03:13 +00:00
David Horstmann	30a61f2ec8	Add testcase to fail multipart cipher tests Encrypt more than 2 blocks of data, causing both update() calls to output data as well as the call to finish(). This exposes a test bug where the pointer to a buffer is not updated as it is filled with data. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 16:55:19 +00:00
David Horstmann	86e6fe0cce	Generate poisoning wrappers for AEAD Modify wrapper generation script to generate poisoning calls and regenerate wrappers. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	18dc032fb4	Prevent unused warnings in psa_aead_set_nonce() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	e000a0aedf	Add buffer copying to psa_aead_verify() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	6db0e73dc4	Add buffer copying to psa_aead_finish() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	2914fac28a	Add buffer copying to psa_aead_update() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00

1 2 3 4 5 ...

29410 Commits