This tied input and output buffers together in
awkward pairs, which made the API more difficult
to use.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Since we are internal rather than user-facing,
PSA_ERROR_CORRUPTION_DETECTED makes more sense than
PSA_ERROR_BUFFER_TOO_SMALL. Whilst it really is a buffer that is too
small, this error code is intended to indicate that a user-supplied
buffer is too small, not an internal one.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This removes some gubbins related to making sure the buffer is not NULL
that was previously cluttering the test case.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Test that a buffer pair can be created with psa_crypto_alloc_and_copy()
and destroyed with psa_crypto_copy_and_free() correctly.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Zero-length buffers should be represented in the
psa_crypto_buffer_copy_t struct as NULL if it was created in
psa_crypto_alloc_and_copy(), so reject non-NULL zero-length buffers.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
If we have a copy buffer but no original to copy back to, there is not
much sensible we can do. The psa_crypto_buffer_copy_t state is invalid.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Since it is implementation-dependent whether
malloc(0) returns NULL or a pointer, explicitly
represent zero-length buffers as NULL in the
buffer-copy struct, so as to have a uniform
behaviour.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Restore guards from the previous release, instead of the new, more
permissive guards.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Separate the fits-in-buffer check (*data_length <= data_size) from the
we-think-it's-a-sensible-size check (*data_length <=
MBEDTLS_X509_MAX_DN_NAME_SIZE).
This requires using an intermediate buffer for the DER data, since its
maximum sensible size has to be larger than the maximum sensible size for
the payload, due to the overhead of the ASN.1 tag+length.
Remove test cases focusing on the DER length since the implementation no
longer has a threshold for it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix the expected output in some test cases.
Add a few more test cases to exercise both a payload length around 256 bytes
and a DER length around 256 bytes, since both are placed in a 256-byte
buffer (value of MBEDTLS_X509_MAX_DN_NAME_SIZE).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Due to differing validations amongst X.509 library functions, there are
inputs that mbedtls_x509_string_to_names() accepts, but it produces output
that some library functions can't parse. Accept this for now. Do call the
functions, even when we don't care about their return code: we're ok with
returning errors, but not with e.g. a buffer overflow.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In particular, "X509 String to Names: long hexstring (DER=258 bytes, too long)"
causes a buffer overflow in parse_attribute_value_der_encoded().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
