mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-20 21:39:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
29,391 Commits 172 Branches 263 Tags
Commit Graph

29391 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Horstmann
cf3457ef26
Merge pull request #1132 from davidhorstmann-arm/copying-aead 
Copy buffers in AEAD
 2024-02-20 16:07:30 +00:00
David Horstmann
b539126670
Merge pull request #1156 from Ryan-Everett-arm/key-derivation-buffer-protection 
Add buffer copying to the Key Derivation API
 2024-02-15 11:54:20 +00:00
David Horstmann
2e7db3c0dd
Merge pull request #1142 from tom-daubney-arm/hash_buffer_protection 
Add secure buffer copying to PSA Hash API
 2024-02-13 18:17:52 +00:00
Thomas Daubney
d2411565ce Fix code style 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:43:07 +00:00
Thomas Daubney
dedd1006b6 Conditionally include exit label 
...on hash functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:43:07 +00:00
Thomas Daubney
45c8586a91 Generate test wrappers for hash functions 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:43:03 +00:00
Thomas Daubney
51ffac9f40 Implement buffer copy code in psa_hash_compare 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:34:02 +00:00
Thomas Daubney
31d8c0bdb4 Make new internal function static 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:34:02 +00:00
Thomas Daubney
1c5118e58c Implement safe buffer copying in hash API 
Use local copy buffer macros to implement safe
copy mechanism in hash API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:34:02 +00:00
Janos Follath
ad736991bb
Merge pull request #1177 from ronald-cron-arm/tls-max-version-reset 
Reset properly the TLS maximum negotiable version
 2024-02-09 16:04:59 +00:00
Ryan Everett
ee5920a7d5
Fix error path in psa_key_derivation_output_bytes 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-09 15:09:28 +00:00
Ronald Cron
c522255e33 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-09 08:26:58 +01:00
Ronald Cron
90abb224f7 ssl-opt.sh: Establish TLS 1.3 then TLS 1.2 session 
Add a test where first we establish a
TLS 1.3 session, then a TLS 1.2 one
with the same server.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-08 12:12:58 +01:00
Ronald Cron
587cfe65ca ssl-opt.sh: Establish TLS 1.2 then TLS 1.3 connection 
Add a test where first we establish a
TLS 1.2 session, then a TLS 1.3 one
with the same server.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-08 12:09:42 +01:00
Ronald Cron
195c0bc24e tls: Reset TLS maximum negotiable version 
When reseting an SSL context with
mbedtls_ssl_session_reset() reset
the TLS maximum negotiable version
as configured.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-08 11:54:55 +01:00
Ryan Everett
eb8c665a53 Reformat wrapper generation code 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
5d2e82f0ce Guard memcpy so that it won't fail on null input pointer 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
b41c3c9582 Guard the exit to stop unused label warning 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
0f54727bf4 Restructure wrapper script 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
198a4d98d5 Generate test wrappers for key derivation 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
da9227de7c Fix psa_key_derivation_output_bytes 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
f943e22bb9 Protect key_derivation_output_bytes 
If the alloc fails I belive it is okay to preserve the algorithm.
The alloc cannot fail with BAD_STATE, and this setting is only used
to differentiate between a exhausted and blank.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
d1e398c374 Protect psa_key_derivation_input_bytes 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
David Horstmann
2f387e98a0
Merge pull request #1174 from davidhorstmann-arm/cipher-multipart-test-fix 
Fix a multipart test that overwrites the same buffer twice
 2024-02-07 17:18:48 +00:00
David Horstmann
b8dc2453f1 Update buffer start and length in multipart test 
This fixes a test failure in which the buffer was not properly filled.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 17:03:13 +00:00
David Horstmann
30a61f2ec8 Add testcase to fail multipart cipher tests 
Encrypt more than 2 blocks of data, causing both update() calls to
output data as well as the call to finish().

This exposes a test bug where the pointer to a buffer is not updated
as it is filled with data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 16:55:19 +00:00
David Horstmann
86e6fe0cce Generate poisoning wrappers for AEAD 
Modify wrapper generation script to generate poisoning calls and
regenerate wrappers.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
18dc032fb4 Prevent unused warnings in psa_aead_set_nonce() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
e000a0aedf Add buffer copying to psa_aead_verify() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
6db0e73dc4 Add buffer copying to psa_aead_finish() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
2914fac28a Add buffer copying to psa_aead_update() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
25dac6edc1 Add buffer copying to psa_aead_update_ad() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
fed23777f3 Refactor: Use wrapper around internal set_nonce() 
* Rename psa_aead_set_nonce() to psa_aead_set_nonce_internal()
* Recreate psa_aead_set_nonce() as a wrapper that copies buffers before
  calling the internal function.

This is because psa_aead_set_nonce() is currently called by
psa_aead_generate_nonce(). Refactoring this to call the static internal
function avoids an extra set of buffer copies as well as simplifying
future memory poisoning testing.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
8f0ef519d4 Add buffer copying to psa_aead_set_nonce() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
52402ec0fe Fix bug in PSA AEAD test 
Resize buffer used to hold the nonce to twice the maximum nonce size.
Some test cases were requesting more than the maximum nonce size
without actually having backing space. This caused a buffer overflow
when PSA buffer-copying code was added.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
d3cad8b017 Add buffer copying to psa_aead_generate_nonce() 
Note that this is not strictly necessary as this function only copies to
the output buffer at the end. However, it simplifies testing for the
time being.

Future optimisation work could consider removing this copying.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
7f2e040a9b Add buffer copying to psa_aead_decrypt() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:00 +00:00
David Horstmann
9d09a020c9 Copy buffers in psa_aead_encrypt() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:38:20 +00:00
Dave Rodgman
fe4f7e5fc0
Merge pull request #1165 from daverodgman/update-development-r 2024-02-02 22:00:49 +00:00
Dave Rodgman
e883870cc7
Merge branch 'development-restricted' into update-development-r 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-02 18:03:29 +00:00
David Horstmann
52ff236a98
Merge pull request #1137 from Ryan-Everett-arm/key-management-buffer-protection 
Add buffer copying to the Key Management API
 2024-02-02 17:43:14 +00:00
Ryan Everett
8d606857da Remove unnecessary dependencies from psa_crypto_helpers.h 
The psa_test_wrappers.h inclusion was breaking the examples in programs/
on functions with poisoning added

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
4c74c4fe84 Fix line-too-long in script 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
35f68533d8 Conditionally guard exit label to deter unused label error 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
84a666daa8 Re-add cipher_encrypt to test wrapper script 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
77b91e3930 Generate test wrappers for key management 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
b1d2c67ee0 Protect buffer in psa_export_public_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
45ac526592 Protect the buffer in psa_export_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
f028fe195b Protect buffer in psa_import_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
David Horstmann
8a35fd58ee
Merge pull request #1151 from tom-daubney-arm/asymmetric_sign_buffer_protection 
Implement safe buffer copying in asymmetric signature API
 2024-02-02 10:04:21 +00:00