mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-14 18:40:50 +00:00

Author	SHA1	Message	Date
Thomas Daubney	dca796b966	Remove further instance of LOCAL_OUTPUT_WITH_COPY Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-03-13 10:59:19 +00:00
Thomas Daubney	4bc77c402d	Remove LOCAL_OUTPUT_ALLOC_WITH_COPY It is no longer needed and should be removed. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-03-12 17:01:11 +00:00
Thomas Daubney	692fb3c11c	Fix missing semicolon Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-03-12 16:20:41 +00:00
David Horstmann	c5064c83a1	Do not attempt to wipe output buffer if it is NULL If the output buffer is NULL, it either: * Does not need wiping because it is zero-length. * Has failed allocation of a copy. * Has not yet been written to as a copy hasn't been allocated. In any of these circumstances, we should not try to write the buffer, so perform a NULL check before wiping it. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-11 17:02:03 +00:00
David Horstmann	0fea6a52b4	Add buffer copying to psa_verify_hash_start() Protect input buffers to psa_verify_hash_start(), namely the hash and signature parameters. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-11 15:56:13 +00:00
David Horstmann	4a523a608e	Add buffer copying to psa_sign_hash_start/complete Add buffer protection to: * psa_sign_hash_start(), which takes an input buffer for the hash. * psa_sign_hash_complete(), which takes an output buffer for the calculated signature. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-11 15:56:13 +00:00
David Horstmann	63dfb45e5e	Merge pull request #1181 from tom-daubney-arm/key_agreement_buffer_protection Implement safe buffer copying in key agreement	2024-03-11 15:10:49 +00:00
tom-daubney-arm	d4c57c0ad2	Merge branch 'development-restricted' into key_agreement_buffer_protection Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>	2024-03-06 16:47:13 +00:00
David Horstmann	a5175634b0	Merge branch 'development-restricted' into copying-pake Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-06 11:18:28 +00:00
Gabor Mezei	1b5b58d4d9	Fix merge Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-03-04 17:15:08 +01:00
Gábor Mezei	716cf2d4e0	Merge branch 'development-restricted' into buffer_protection_for_cipher Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>	2024-03-04 15:38:05 +00:00
David Horstmann	c5688a2629	Merge branch 'development-restricted' into generate-random-buffer-protection Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 14:25:56 +00:00
Gabor Mezei	0b04116cc8	Do not copy the content to the local output buffer with allocation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-29 10:08:16 +00:00
tom-daubney-arm	840dfe8b41	Merge branch 'development-restricted' into asymmetric_encrypt_buffer_protection Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>	2024-02-28 15:42:38 +00:00
Gabor Mezei	358eb218ab	Fix buffer protection handling for `cipher_generate_iv` Use the `LOCAL_OUTPUT_` macros for buffer protection instead of the existing local variable. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:19 +00:00
Gabor Mezei	7abf8ee51b	Add buffer protection for `cipher_generate_iv` and `cipher_set_iv` Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:18 +00:00
Gabor Mezei	8b8e485961	Move local buffer allocation just before usage Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:18 +00:00
Gabor Mezei	4892d75e9b	Add `LOCAL_OUTPUT_ALLOC_WITH_COPY` macro if buffer protection is disabled Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:17 +00:00
Gabor Mezei	c25fbd2cc1	Fix ASAN error for `psa_cipher_update` The ASAN gives an error for `psa_cipher_update` when the `input_length` is 0 and the `input` buffer is `NULL`. The root cause of this issue is `mbedtls_cipher_update` always need a valid pointer for the input buffer even if the length is 0. This fix avoids the `mbedtls_cipher_update` to be called if the input buffer length is 0. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:17 +00:00
Gabor Mezei	212eb08884	Add buffer protection for cipher functions Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:15:49 +00:00
David Horstmann	e097bbdcf3	Add missing guards around exit label Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-28 14:17:10 +00:00
David Horstmann	6e99bb203f	Add buffer copying to psa_generate_random() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-26 17:12:34 +00:00
tom-daubney-arm	5cd611d144	Merge branch 'development-restricted' into mac_buffer_protection Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>	2024-02-22 15:26:06 +00:00
Thomas Daubney	5390acada9	Decouple if statements in psa_raw_key_agreement exit. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-22 11:06:04 +00:00
Thomas Daubney	0576a6a174	Revise how output allocation is checked Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-21 15:15:00 +00:00
Thomas Daubney	89d8c2a1b4	Rework check for failed output allocation Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-21 12:14:57 +00:00
David Horstmann	cf3457ef26	Merge pull request #1132 from davidhorstmann-arm/copying-aead Copy buffers in AEAD	2024-02-20 16:07:30 +00:00
Thomas Daubney	d997e7ad9a	Check output allocated before randomising Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-20 11:24:07 +00:00
Thomas Daubney	50f58fc3e4	Conditionally include exit label Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-15 14:24:03 +00:00
Thomas Daubney	9739ac047a	Add buffer protection to psa_key_derivation_key_agreement Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-15 13:15:47 +00:00
Thomas Daubney	81899aba11	Add buffer protection to psa_raw_key_agreement Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-15 12:57:26 +00:00
David Horstmann	b539126670	Merge pull request #1156 from Ryan-Everett-arm/key-derivation-buffer-protection Add buffer copying to the Key Derivation API	2024-02-15 11:54:20 +00:00
Thomas Daubney	6adbb2a351	Implement safe buffer copying in asymm. encryption Use local copy buffer macros to implement safe copy mechanism in asymmetric encryption API. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:48:36 +00:00
Thomas Daubney	03f1ea3624	Change condition on wiping tag buffer Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:38 +00:00
Thomas Daubney	1ffc5cb4a5	Modify allocation and buffer wiping in sign_finish Allocate immediately after declaration and only wipe tag buffer if allocation didn't fail. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:38 +00:00
Thomas Daubney	7480a74cba	Fix code style Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:38 +00:00
Thomas Daubney	c6705c6cb2	Conditionally include exit label ... on MAC functions where the label was only added due to the modifications required by this PR. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:38 +00:00
Thomas Daubney	8db8d1a83e	Implement safe buffer copying in MAC API Use buffer local copy macros to implement safe copy mechanism in MAC API. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:07:02 +00:00
Thomas Daubney	d2411565ce	Fix code style Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:43:07 +00:00
Thomas Daubney	dedd1006b6	Conditionally include exit label ...on hash functions where the label was only added due to the modifications required by this PR. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:43:07 +00:00
Thomas Daubney	51ffac9f40	Implement buffer copy code in psa_hash_compare Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:34:02 +00:00
Thomas Daubney	31d8c0bdb4	Make new internal function static Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:34:02 +00:00
Thomas Daubney	1c5118e58c	Implement safe buffer copying in hash API Use local copy buffer macros to implement safe copy mechanism in hash API. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 11:34:02 +00:00
David Horstmann	7175d71328	Remove unnecessary setting of status variable The status is guaranteed to be PSA_SUCCESS at these points, so setting them is redundant. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-09 18:20:05 +00:00
Ryan Everett	ee5920a7d5	Fix error path in `psa_key_derivation_output_bytes` Co-authored-by: David Horstmann <david.horstmann@arm.com> Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-09 15:09:28 +00:00
Ronald Cron	195c0bc24e	tls: Reset TLS maximum negotiable version When reseting an SSL context with mbedtls_ssl_session_reset() reset the TLS maximum negotiable version as configured. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-08 11:54:55 +01:00
Ryan Everett	5d2e82f0ce	Guard memcpy so that it won't fail on null input pointer Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	b41c3c9582	Guard the exit to stop unused label warning Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	da9227de7c	Fix psa_key_derivation_output_bytes Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00
Ryan Everett	f943e22bb9	Protect key_derivation_output_bytes If the alloc fails I belive it is okay to preserve the algorithm. The alloc cannot fail with BAD_STATE, and this setting is only used to differentiate between a exhausted and blank. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-07 17:32:16 +00:00

1 2 3 4 5 ...

12834 Commits