mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-23 07:20:56 +00:00

Author	SHA1	Message	Date
Gabor Mezei	358eb218ab	Fix buffer protection handling for `cipher_generate_iv` Use the `LOCAL_OUTPUT_` macros for buffer protection instead of the existing local variable. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:19 +00:00
Gabor Mezei	b74ac66c8b	Update test wrapper functions for ciper buffer protection Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:18 +00:00
Gabor Mezei	7abf8ee51b	Add buffer protection for `cipher_generate_iv` and `cipher_set_iv` Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:18 +00:00
Gabor Mezei	8b8e485961	Move local buffer allocation just before usage Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:18 +00:00
Gabor Mezei	4892d75e9b	Add `LOCAL_OUTPUT_ALLOC_WITH_COPY` macro if buffer protection is disabled Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:17 +00:00
Gabor Mezei	c25fbd2cc1	Fix ASAN error for `psa_cipher_update` The ASAN gives an error for `psa_cipher_update` when the `input_length` is 0 and the `input` buffer is `NULL`. The root cause of this issue is `mbedtls_cipher_update` always need a valid pointer for the input buffer even if the length is 0. This fix avoids the `mbedtls_cipher_update` to be called if the input buffer length is 0. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:17 +00:00
Gabor Mezei	b8f97a1f3f	Add test wrapper functions for cipher buffer protection Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:17 +00:00
Gabor Mezei	212eb08884	Add buffer protection for cipher functions Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:15:49 +00:00
David Horstmann	1ff95e61d7	Merge pull request #1149 from tom-daubney-arm/mac_buffer_protection Implement safe buffer copying in MAC API	2024-02-26 19:06:42 +00:00
Thomas Daubney	4a46d73bb0	Suppress pylint Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-26 13:49:26 +00:00
tom-daubney-arm	5cd611d144	Merge branch 'development-restricted' into mac_buffer_protection Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>	2024-02-22 15:26:06 +00:00
David Horstmann	cf3457ef26	Merge pull request #1132 from davidhorstmann-arm/copying-aead Copy buffers in AEAD	2024-02-20 16:07:30 +00:00
David Horstmann	b539126670	Merge pull request #1156 from Ryan-Everett-arm/key-derivation-buffer-protection Add buffer copying to the Key Derivation API	2024-02-15 11:54:20 +00:00
David Horstmann	2e7db3c0dd	Merge pull request #1142 from tom-daubney-arm/hash_buffer_protection Add secure buffer copying to PSA Hash API	2024-02-13 18:17:52 +00:00
Thomas Daubney	03f1ea3624	Change condition on wiping tag buffer Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:38 +00:00
Thomas Daubney	1ffc5cb4a5	Modify allocation and buffer wiping in sign_finish Allocate immediately after declaration and only wipe tag buffer if allocation didn't fail. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:38 +00:00
Thomas Daubney	7480a74cba	Fix code style Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:38 +00:00
Thomas Daubney	c6705c6cb2	Conditionally include exit label ... on MAC functions where the label was only added due to the modifications required by this PR. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:38 +00:00
Thomas Daubney	a1cf1010cc	Generate test wrappers for mac functions Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:35 +00:00
Thomas Daubney	8db8d1a83e	Implement safe buffer copying in MAC API Use buffer local copy macros to implement safe copy mechanism in MAC API. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:02 +00:00
Thomas Daubney	d2411565ce	Fix code style Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:43:07 +00:00
Thomas Daubney	dedd1006b6	Conditionally include exit label ...on hash functions where the label was only added due to the modifications required by this PR. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:43:07 +00:00
Thomas Daubney	45c8586a91	Generate test wrappers for hash functions Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:43:03 +00:00
Thomas Daubney	51ffac9f40	Implement buffer copy code in psa_hash_compare Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:34:02 +00:00
Thomas Daubney	31d8c0bdb4	Make new internal function static Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:34:02 +00:00
Thomas Daubney	1c5118e58c	Implement safe buffer copying in hash API Use local copy buffer macros to implement safe copy mechanism in hash API. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:34:02 +00:00
Janos Follath	ad736991bb	Merge pull request #1177 from ronald-cron-arm/tls-max-version-reset Reset properly the TLS maximum negotiable version	2024-02-09 16:04:59 +00:00
Ryan Everett	ee5920a7d5	Fix error path in `psa_key_derivation_output_bytes` Co-authored-by: David Horstmann <david.horstmann@arm.com> Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-09 15:09:28 +00:00
Ronald Cron	c522255e33	Add change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-09 08:26:58 +01:00
Ronald Cron	90abb224f7	ssl-opt.sh: Establish TLS 1.3 then TLS 1.2 session Add a test where first we establish a TLS 1.3 session, then a TLS 1.2 one with the same server. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-08 12:12:58 +01:00
Ronald Cron	587cfe65ca	ssl-opt.sh: Establish TLS 1.2 then TLS 1.3 connection Add a test where first we establish a TLS 1.2 session, then a TLS 1.3 one with the same server. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-08 12:09:42 +01:00
Ronald Cron	195c0bc24e	tls: Reset TLS maximum negotiable version When reseting an SSL context with mbedtls_ssl_session_reset() reset the TLS maximum negotiable version as configured. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-08 11:54:55 +01:00
Ryan Everett	eb8c665a53	Reformat wrapper generation code Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	5d2e82f0ce	Guard memcpy so that it won't fail on null input pointer Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	b41c3c9582	Guard the exit to stop unused label warning Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	0f54727bf4	Restructure wrapper script Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	198a4d98d5	Generate test wrappers for key derivation Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	da9227de7c	Fix psa_key_derivation_output_bytes Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	f943e22bb9	Protect key_derivation_output_bytes If the alloc fails I belive it is okay to preserve the algorithm. The alloc cannot fail with BAD_STATE, and this setting is only used to differentiate between a exhausted and blank. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	d1e398c374	Protect psa_key_derivation_input_bytes Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
David Horstmann	2f387e98a0	Merge pull request #1174 from davidhorstmann-arm/cipher-multipart-test-fix Fix a multipart test that overwrites the same buffer twice	2024-02-07 17:18:48 +00:00
David Horstmann	b8dc2453f1	Update buffer start and length in multipart test This fixes a test failure in which the buffer was not properly filled. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 17:03:13 +00:00
David Horstmann	30a61f2ec8	Add testcase to fail multipart cipher tests Encrypt more than 2 blocks of data, causing both update() calls to output data as well as the call to finish(). This exposes a test bug where the pointer to a buffer is not updated as it is filled with data. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 16:55:19 +00:00
David Horstmann	86e6fe0cce	Generate poisoning wrappers for AEAD Modify wrapper generation script to generate poisoning calls and regenerate wrappers. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	18dc032fb4	Prevent unused warnings in psa_aead_set_nonce() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	e000a0aedf	Add buffer copying to psa_aead_verify() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	6db0e73dc4	Add buffer copying to psa_aead_finish() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	2914fac28a	Add buffer copying to psa_aead_update() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	25dac6edc1	Add buffer copying to psa_aead_update_ad() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	fed23777f3	Refactor: Use wrapper around internal set_nonce() * Rename psa_aead_set_nonce() to psa_aead_set_nonce_internal() * Recreate psa_aead_set_nonce() as a wrapper that copies buffers before calling the internal function. This is because psa_aead_set_nonce() is currently called by psa_aead_generate_nonce(). Refactoring this to call the static internal function avoids an extra set of buffer copies as well as simplifying future memory poisoning testing. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00

1 2 3 4 5 ...

29408 Commits