mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-14 18:40:50 +00:00

Author	SHA1	Message	Date
David Horstmann	c2ac51e0c6	Fix removed space in merge resolution This space was mysteriously removed during the merge, restore it here. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-12 16:09:58 +00:00
David Horstmann	db90914232	Change goto exit into direct return Fix errors in merge conflict resolution - change psa_generate_random_internal() to return directly rather than jumping to an exit label and restore the variable psa_status_t status. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-12 16:07:08 +00:00
Ronald Cron	114c5f0321	ssl-opt.sh: Expand MbedTLS only version negotiation tests Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 16:46:37 +01:00
Ronald Cron	dcfd00c128	ssl-opt.sh: Change MbedTLS only version negotiation tests Change description and dependencies before to expand MbedTLS only version negotiation tests. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 16:46:37 +01:00
Ronald Cron	fe18d8db76	ssl-opt.sh: Group MbedTLS only version negotiation tests Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 16:46:37 +01:00
Ronald Cron	a1e7b6a66a	ssl-opt.sh: Group cli ver nego tests against GnuTLS and OpenSSL Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 16:46:37 +01:00
Ronald Cron	dfad493e8b	ssl-opt.sh: Expand G->m server version selection tests Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 16:46:35 +01:00
Ronald Cron	98bdcc4f29	ssl-opt.sh: Change G->m server version selection tests Change description and dependencies before to expand G->m server version selection tests. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 16:45:27 +01:00
Ronald Cron	cd1370e8d8	ssl-opt.sh: Group G->m server version selection checks Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 16:44:37 +01:00
Paul Elliott	358165246b	Protect PSA drivers_initialized with mutex Writes to this in psa_crypto_init() were again already covered. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-12 15:36:57 +00:00
Paul Elliott	8e15153637	Protect PSA global rng data with mutex. Reads and writes of rng_state in psa_crypto_init() and psa_crypto_free() were already covered by mutex. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-12 15:36:57 +00:00
Paul Elliott	600472b443	Protect PSA global initialized flag with mutex. Unfortunately this requires holding the mutex for the entire psa_crypto_init() function, as calling psa_crypto_free() from another thread should block until init has ended, then run. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-12 15:36:57 +00:00
Paul Elliott	b8e38e0e27	Add new mutex for PSA global rng data Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-12 15:36:57 +00:00
Paul Elliott	077fd87748	Add new global mutex for PSA global_data Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-12 15:36:57 +00:00
David Horstmann	93fa4e1b87	Merge branch 'development' into buffer-sharing-merge	2024-03-12 15:05:06 +00:00
David Horstmann	3232842d63	Merge pull request #1188 from davidhorstmann-arm/interruptible-sign-hash-buffer-protection Add buffer protection for interruptible sign/verify	2024-03-12 14:47:00 +00:00
Gilles Peskine	d6a710a397	Fix copypasta Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 15:06:47 +01:00
Gilles Peskine	0dc79a754d	Fix and test pk_copy_from_psa with an unsupported algorithm Fix mbedtls_pk_copy_from_psa() and mbedtls_pk_copy_public_from_psa() to still work when the algorithm in the key policy is not an RSA algorithm (typically PSA_ALG_NONE). Add a dedicated test case and adjust the test code. Fixes the test case "Copy from PSA: non-exportable -> public, RSA" when MBEDTLS_PKCS1_V15 is disabled. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 15:06:47 +01:00
Gilles Peskine	17d5b6bda2	Test mbedtls_pk_copy_public_from_psa on non-exportable keys Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 15:06:47 +01:00
Gilles Peskine	bf69f2e682	New function mbedtls_pk_copy_public_from_psa Document and implement mbedtls_pk_copy_public_from_psa() to export the public key of a PSA key into PK. Unit-test it alongside mbedtls_pk_copy_from_psa(). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 15:06:45 +01:00
Manuel Pégourié-Gonnard	d7e7f48323	Merge pull request #8774 from valeriosetti/issue8709 Implement mbedtls_pk_copy_from_psa	2024-03-12 13:45:27 +00:00
Dave Rodgman	235799bc23	Simplify locating original tool Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-12 13:33:09 +00:00
Dave Rodgman	294a3c2ccb	Remove unnecessary use of export Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-12 13:32:36 +00:00
Ronald Cron	ec4ed8eae4	Merge pull request #8857 from ronald-cron-arm/tls13-cli-max-early-data-size TLS 1.3: Enforce max_early_data_size on client	2024-03-12 13:31:20 +00:00
Dave Rodgman	e0ffb1d2e9	Merge pull request #8908 from daverodgman/cmac-perf CMAC size and perf	2024-03-12 13:17:00 +00:00
Dave Rodgman	a7f3c4e1d0	Merge pull request #8822 from daverodgman/sha3-perf SHA-3 performance & code size	2024-03-12 13:14:40 +00:00
Gilles Peskine	e4220fef2f	MBEDTLS_USE_PSA_CRYPTO: most pk bridge functions don't require it mbedtls_setup_pk_opaque does require it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 13:03:12 +01:00
Gilles Peskine	0cff1116f7	Remind the reader that PK doesn't support DH Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 13:02:58 +01:00
Gilles Peskine	7caf2dc964	Discuss mbedtls_pk_copy_public_from_psa Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 13:02:45 +01:00
Gilles Peskine	b5b185b482	Merge pull request #8850 from billatarm/fix-pc-files project: set version	2024-03-12 11:30:27 +00:00
Manuel Pégourié-Gonnard	fe164aecfc	Merge pull request #8887 from gilles-peskine-arm/pk_import_into_psa-fix_doxygen_code_blocks Fix intended code blocks that were not suitably indented	2024-03-12 11:27:45 +00:00
Valerio Setti	6fbde6e242	test_suite_pk: revert erroneous missing initialization of PSA key IDs Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-12 11:00:39 +01:00
Manuel Pégourié-Gonnard	1c191c1317	Merge pull request #8917 from gilles-peskine-arm/mbedtls_pk_decrypt-USE_PSA_CRYPTO-changelog-correction mbedtls_pk_decrypt/encrypt actually check the padding mode	2024-03-12 07:53:54 +00:00
Valerio Setti	8b3c6fffa7	test_suite_pk: add comment for pk_copy_from_psa_builtin_fail Explain why this kind of test is possible for RSA keys, while it is not possible for EC ones. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-12 06:05:03 +01:00
Valerio Setti	d286491ed7	changelog: fix text Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-12 05:11:09 +01:00
Gilles Peskine	88c2755a30	mbedtls_pk_decrypt/encrypt actually check the padding mode The sign/verify functions happily use the wrong algorithm, but the encrypt/decrypt functions error out if the padding mode specifies V21. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-11 18:49:54 +01:00
Dave Rodgman	66ebde46df	Merge pull request #8916 from daverodgman/iar-bignum-fix Fix IAR warning	2024-03-11 17:43:43 +00:00
David Horstmann	5fb5cce066	Add ChangeLog for PSA buffer sharing fix Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-11 17:28:09 +00:00
Ronald Cron	e98a492cf5	Merge pull request #1187 from ronald-cron-arm/issue-1185 Add security change log for issue 1185	2024-03-11 18:04:47 +01:00
David Horstmann	c5064c83a1	Do not attempt to wipe output buffer if it is NULL If the output buffer is NULL, it either: * Does not need wiping because it is zero-length. * Has failed allocation of a copy. * Has not yet been written to as a copy hasn't been allocated. In any of these circumstances, we should not try to write the buffer, so perform a NULL check before wiping it. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-11 17:02:03 +00:00
David Horstmann	5ba3f5f7a5	Flip logic of generate_psa_wrappers.py Change from a long list of PSA functions to a list of excluded false-positives. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-11 15:57:43 +00:00
David Horstmann	5d64c6acca	Generate memory poisoning in wrappers Generate memory poisoning code in test wrappers for: * psa_sign_hash_start() * psa_sign_hash_complete() * psa_verify_hash_start() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-11 15:56:13 +00:00
David Horstmann	0fea6a52b4	Add buffer copying to psa_verify_hash_start() Protect input buffers to psa_verify_hash_start(), namely the hash and signature parameters. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-11 15:56:13 +00:00
David Horstmann	4a523a608e	Add buffer copying to psa_sign_hash_start/complete Add buffer protection to: * psa_sign_hash_start(), which takes an input buffer for the hash. * psa_sign_hash_complete(), which takes an output buffer for the calculated signature. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-11 15:56:13 +00:00
Dave Rodgman	d282e264cd	Fix IAR warning Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-11 15:28:48 +00:00
David Horstmann	63dfb45e5e	Merge pull request #1181 from tom-daubney-arm/key_agreement_buffer_protection Implement safe buffer copying in key agreement	2024-03-11 15:10:49 +00:00
Janos Follath	43edc75e31	Merge pull request #8882 from Ryan-Everett-arm/threading-key-tests Test multi-threaded key generation	2024-03-11 15:07:48 +00:00
Dave Rodgman	9cc01ccbf8	Merge pull request #8831 from yanesca/switch_to_new_exp Use mpi_core_exp_mod in bignum	2024-03-11 13:40:46 +00:00
Ronald Cron	44193fa573	Fix and improve the change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-11 13:40:24 +01:00
Paul Elliott	a09b01b5a8	Merge pull request #8912 from Ryan-Everett-arm/double-destroy-key-bugfix Fix threading bug when multiple destroy_key calls run on the same key	2024-03-11 12:04:04 +00:00

... 6 7 8 9 10 ...

30747 Commits