mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-26 11:37:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
29,411 Commits 173 Branches 267 Tags
Commit Graph

29411 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Horstmann
2bb537ec61
Merge pull request #1172 from davidhorstmann-arm/generate-random-buffer-protection 
Add secure buffer copying to `psa_generate_random()`
 2024-03-04 13:23:46 +00:00
David Horstmann
c5688a2629
Merge branch 'development-restricted' into generate-random-buffer-protection 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 14:25:56 +00:00
David Horstmann
920a932bab
Merge pull request #1153 from tom-daubney-arm/asymmetric_encrypt_buffer_protection 
Implement safe buffer copying in asymmetric encryption
 2024-02-29 14:16:59 +00:00
David Horstmann
7581363122 Fix incorrect conflict resolution 
A return statement was missing in the wrapper generation script.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 11:26:45 +00:00
tom-daubney-arm
840dfe8b41
Merge branch 'development-restricted' into asymmetric_encrypt_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-02-28 15:42:38 +00:00
David Horstmann
e097bbdcf3 Add missing guards around exit label 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-28 14:17:10 +00:00
David Horstmann
1ff95e61d7
Merge pull request #1149 from tom-daubney-arm/mac_buffer_protection 
Implement safe buffer copying in MAC API
 2024-02-26 19:06:42 +00:00
David Horstmann
075c5fb76f Generate test wrappers for psa_generate_random() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-26 17:12:34 +00:00
David Horstmann
6e99bb203f Add buffer copying to psa_generate_random() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-26 17:12:34 +00:00
Thomas Daubney
4a46d73bb0 Suppress pylint 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-26 13:49:26 +00:00
tom-daubney-arm
5cd611d144
Merge branch 'development-restricted' into mac_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-02-22 15:26:06 +00:00
David Horstmann
cf3457ef26
Merge pull request #1132 from davidhorstmann-arm/copying-aead 
Copy buffers in AEAD
 2024-02-20 16:07:30 +00:00
David Horstmann
b539126670
Merge pull request #1156 from Ryan-Everett-arm/key-derivation-buffer-protection 
Add buffer copying to the Key Derivation API
 2024-02-15 11:54:20 +00:00
David Horstmann
2e7db3c0dd
Merge pull request #1142 from tom-daubney-arm/hash_buffer_protection 
Add secure buffer copying to PSA Hash API
 2024-02-13 18:17:52 +00:00
Thomas Daubney
54e6b412bd Generate all test wrappers 
One was missed due to a typo

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:49:22 +00:00
Thomas Daubney
27b48a312f Generate test wrappers 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:49:19 +00:00
Thomas Daubney
6adbb2a351 Implement safe buffer copying in asymm. encryption 
Use local copy buffer macros to implement safe
copy mechanism in asymmetric encryption API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:48:36 +00:00
Thomas Daubney
03f1ea3624 Change condition on wiping tag buffer 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:07:38 +00:00
Thomas Daubney
1ffc5cb4a5 Modify allocation and buffer wiping in sign_finish 
Allocate immediately after declaration and only wipe
tag buffer if allocation didn't fail.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:07:38 +00:00
Thomas Daubney
7480a74cba Fix code style 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:07:38 +00:00
Thomas Daubney
c6705c6cb2 Conditionally include exit label 
... on MAC functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:07:38 +00:00
Thomas Daubney
a1cf1010cc Generate test wrappers for mac functions 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:07:35 +00:00
Thomas Daubney
8db8d1a83e Implement safe buffer copying in MAC API 
Use buffer local copy macros to implement safe
copy mechanism in MAC API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:07:02 +00:00
Thomas Daubney
d2411565ce Fix code style 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:43:07 +00:00
Thomas Daubney
dedd1006b6 Conditionally include exit label 
...on hash functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:43:07 +00:00
Thomas Daubney
45c8586a91 Generate test wrappers for hash functions 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:43:03 +00:00
Thomas Daubney
51ffac9f40 Implement buffer copy code in psa_hash_compare 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:34:02 +00:00
Thomas Daubney
31d8c0bdb4 Make new internal function static 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:34:02 +00:00
Thomas Daubney
1c5118e58c Implement safe buffer copying in hash API 
Use local copy buffer macros to implement safe
copy mechanism in hash API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:34:02 +00:00
Janos Follath
ad736991bb
Merge pull request #1177 from ronald-cron-arm/tls-max-version-reset 
Reset properly the TLS maximum negotiable version
 2024-02-09 16:04:59 +00:00
Ryan Everett
ee5920a7d5
Fix error path in psa_key_derivation_output_bytes 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-09 15:09:28 +00:00
Ronald Cron
c522255e33 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-09 08:26:58 +01:00
Ronald Cron
90abb224f7 ssl-opt.sh: Establish TLS 1.3 then TLS 1.2 session 
Add a test where first we establish a
TLS 1.3 session, then a TLS 1.2 one
with the same server.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-08 12:12:58 +01:00
Ronald Cron
587cfe65ca ssl-opt.sh: Establish TLS 1.2 then TLS 1.3 connection 
Add a test where first we establish a
TLS 1.2 session, then a TLS 1.3 one
with the same server.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-08 12:09:42 +01:00
Ronald Cron
195c0bc24e tls: Reset TLS maximum negotiable version 
When reseting an SSL context with
mbedtls_ssl_session_reset() reset
the TLS maximum negotiable version
as configured.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-08 11:54:55 +01:00
Ryan Everett
eb8c665a53 Reformat wrapper generation code 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
5d2e82f0ce Guard memcpy so that it won't fail on null input pointer 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
b41c3c9582 Guard the exit to stop unused label warning 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
0f54727bf4 Restructure wrapper script 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
198a4d98d5 Generate test wrappers for key derivation 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
da9227de7c Fix psa_key_derivation_output_bytes 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
f943e22bb9 Protect key_derivation_output_bytes 
If the alloc fails I belive it is okay to preserve the algorithm.
The alloc cannot fail with BAD_STATE, and this setting is only used
to differentiate between a exhausted and blank.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
d1e398c374 Protect psa_key_derivation_input_bytes 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
David Horstmann
2f387e98a0
Merge pull request #1174 from davidhorstmann-arm/cipher-multipart-test-fix 
Fix a multipart test that overwrites the same buffer twice
 2024-02-07 17:18:48 +00:00
David Horstmann
b8dc2453f1 Update buffer start and length in multipart test 
This fixes a test failure in which the buffer was not properly filled.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 17:03:13 +00:00
David Horstmann
30a61f2ec8 Add testcase to fail multipart cipher tests 
Encrypt more than 2 blocks of data, causing both update() calls to
output data as well as the call to finish().

This exposes a test bug where the pointer to a buffer is not updated
as it is filled with data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 16:55:19 +00:00
David Horstmann
86e6fe0cce Generate poisoning wrappers for AEAD 
Modify wrapper generation script to generate poisoning calls and
regenerate wrappers.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
18dc032fb4 Prevent unused warnings in psa_aead_set_nonce() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
e000a0aedf Add buffer copying to psa_aead_verify() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
6db0e73dc4 Add buffer copying to psa_aead_finish() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00