mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-17 02:43:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
29,387 Commits 172 Branches 267 Tags
Commit Graph

29387 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Daubney
a4866945b8 Fix issue with large allocation in tests 
In test_suite_psa_crypto_op_fail.generated.function
the function key_agreement_fail was setting the
public_key_length variable to SIZE_MAX which meant that
a huge allocation was being attempted.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-03-06 16:32:25 +00:00
Thomas Daubney
5390acada9 Decouple if statements in psa_raw_key_agreement exit. 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-22 11:06:04 +00:00
Thomas Daubney
0576a6a174 Revise how output allocation is checked 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-21 15:15:00 +00:00
Thomas Daubney
89d8c2a1b4 Rework check for failed output allocation 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-21 12:14:57 +00:00
Thomas Daubney
d997e7ad9a Check output allocated before randomising 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-20 11:24:07 +00:00
Thomas Daubney
50f58fc3e4 Conditionally include exit label 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-15 14:24:03 +00:00
Thomas Daubney
fe2bda3257 Generate test wrappers 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-15 13:35:06 +00:00
Thomas Daubney
9739ac047a Add buffer protection to psa_key_derivation_key_agreement 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-15 13:15:47 +00:00
Thomas Daubney
81899aba11 Add buffer protection to psa_raw_key_agreement 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-15 12:57:26 +00:00
David Horstmann
b539126670
Merge pull request #1156 from Ryan-Everett-arm/key-derivation-buffer-protection 
Add buffer copying to the Key Derivation API
 2024-02-15 11:54:20 +00:00
David Horstmann
2e7db3c0dd
Merge pull request #1142 from tom-daubney-arm/hash_buffer_protection 
Add secure buffer copying to PSA Hash API
 2024-02-13 18:17:52 +00:00
Thomas Daubney
d2411565ce Fix code style 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:43:07 +00:00
Thomas Daubney
dedd1006b6 Conditionally include exit label 
...on hash functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:43:07 +00:00
Thomas Daubney
45c8586a91 Generate test wrappers for hash functions 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:43:03 +00:00
Thomas Daubney
51ffac9f40 Implement buffer copy code in psa_hash_compare 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:34:02 +00:00
Thomas Daubney
31d8c0bdb4 Make new internal function static 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:34:02 +00:00
Thomas Daubney
1c5118e58c Implement safe buffer copying in hash API 
Use local copy buffer macros to implement safe
copy mechanism in hash API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:34:02 +00:00
Janos Follath
ad736991bb
Merge pull request #1177 from ronald-cron-arm/tls-max-version-reset 
Reset properly the TLS maximum negotiable version
 2024-02-09 16:04:59 +00:00
Ryan Everett
ee5920a7d5
Fix error path in psa_key_derivation_output_bytes 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-09 15:09:28 +00:00
Ronald Cron
c522255e33 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-09 08:26:58 +01:00
Ronald Cron
90abb224f7 ssl-opt.sh: Establish TLS 1.3 then TLS 1.2 session 
Add a test where first we establish a
TLS 1.3 session, then a TLS 1.2 one
with the same server.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-08 12:12:58 +01:00
Ronald Cron
587cfe65ca ssl-opt.sh: Establish TLS 1.2 then TLS 1.3 connection 
Add a test where first we establish a
TLS 1.2 session, then a TLS 1.3 one
with the same server.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-08 12:09:42 +01:00
Ronald Cron
195c0bc24e tls: Reset TLS maximum negotiable version 
When reseting an SSL context with
mbedtls_ssl_session_reset() reset
the TLS maximum negotiable version
as configured.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-08 11:54:55 +01:00
Ryan Everett
eb8c665a53 Reformat wrapper generation code 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
5d2e82f0ce Guard memcpy so that it won't fail on null input pointer 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
b41c3c9582 Guard the exit to stop unused label warning 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
0f54727bf4 Restructure wrapper script 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
198a4d98d5 Generate test wrappers for key derivation 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
da9227de7c Fix psa_key_derivation_output_bytes 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
f943e22bb9 Protect key_derivation_output_bytes 
If the alloc fails I belive it is okay to preserve the algorithm.
The alloc cannot fail with BAD_STATE, and this setting is only used
to differentiate between a exhausted and blank.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
d1e398c374 Protect psa_key_derivation_input_bytes 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
David Horstmann
2f387e98a0
Merge pull request #1174 from davidhorstmann-arm/cipher-multipart-test-fix 
Fix a multipart test that overwrites the same buffer twice
 2024-02-07 17:18:48 +00:00
David Horstmann
b8dc2453f1 Update buffer start and length in multipart test 
This fixes a test failure in which the buffer was not properly filled.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 17:03:13 +00:00
David Horstmann
30a61f2ec8 Add testcase to fail multipart cipher tests 
Encrypt more than 2 blocks of data, causing both update() calls to
output data as well as the call to finish().

This exposes a test bug where the pointer to a buffer is not updated
as it is filled with data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 16:55:19 +00:00
Dave Rodgman
fe4f7e5fc0
Merge pull request #1165 from daverodgman/update-development-r 2024-02-02 22:00:49 +00:00
Dave Rodgman
e883870cc7
Merge branch 'development-restricted' into update-development-r 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-02 18:03:29 +00:00
David Horstmann
52ff236a98
Merge pull request #1137 from Ryan-Everett-arm/key-management-buffer-protection 
Add buffer copying to the Key Management API
 2024-02-02 17:43:14 +00:00
Ryan Everett
8d606857da Remove unnecessary dependencies from psa_crypto_helpers.h 
The psa_test_wrappers.h inclusion was breaking the examples in programs/
on functions with poisoning added

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
4c74c4fe84 Fix line-too-long in script 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
35f68533d8 Conditionally guard exit label to deter unused label error 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
84a666daa8 Re-add cipher_encrypt to test wrapper script 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
77b91e3930 Generate test wrappers for key management 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
b1d2c67ee0 Protect buffer in psa_export_public_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
45ac526592 Protect the buffer in psa_export_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
f028fe195b Protect buffer in psa_import_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
David Horstmann
8a35fd58ee
Merge pull request #1151 from tom-daubney-arm/asymmetric_sign_buffer_protection 
Implement safe buffer copying in asymmetric signature API
 2024-02-02 10:04:21 +00:00
David Horstmann
b2c9f0e2df Disable poisoning with PSA_CRYPTO_DRIVER_TEST 
This option causes nested calls to PSA functions, so is not compatible
with memory poisoning as it currently stands.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-01-31 14:38:15 +00:00
Thomas Daubney
3e65f52130 Conditionally guard exit label 
...on functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-01-30 12:37:25 +00:00
Thomas Daubney
f430f47434 Generate test wrappers 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-01-30 12:25:35 +00:00
Thomas Daubney
4f8847bb5d Implement safe buffer copying in asymmetric signature API 
Use local copy buffer macros to implement safe
copy mechanism in asymmetric signature API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-01-30 12:17:54 +00:00