mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-29 22:20:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
29,426 Commits 172 Branches 267 Tags
Commit Graph

29426 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ryan Everett
eb8c665a53 Reformat wrapper generation code 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
5d2e82f0ce Guard memcpy so that it won't fail on null input pointer 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
b41c3c9582 Guard the exit to stop unused label warning 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
0f54727bf4 Restructure wrapper script 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
198a4d98d5 Generate test wrappers for key derivation 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
da9227de7c Fix psa_key_derivation_output_bytes 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
f943e22bb9 Protect key_derivation_output_bytes 
If the alloc fails I belive it is okay to preserve the algorithm.
The alloc cannot fail with BAD_STATE, and this setting is only used
to differentiate between a exhausted and blank.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
d1e398c374 Protect psa_key_derivation_input_bytes 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
David Horstmann
2f387e98a0
Merge pull request #1174 from davidhorstmann-arm/cipher-multipart-test-fix 
Fix a multipart test that overwrites the same buffer twice
 2024-02-07 17:18:48 +00:00
David Horstmann
b8dc2453f1 Update buffer start and length in multipart test 
This fixes a test failure in which the buffer was not properly filled.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 17:03:13 +00:00
David Horstmann
30a61f2ec8 Add testcase to fail multipart cipher tests 
Encrypt more than 2 blocks of data, causing both update() calls to
output data as well as the call to finish().

This exposes a test bug where the pointer to a buffer is not updated
as it is filled with data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 16:55:19 +00:00
David Horstmann
86e6fe0cce Generate poisoning wrappers for AEAD 
Modify wrapper generation script to generate poisoning calls and
regenerate wrappers.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
18dc032fb4 Prevent unused warnings in psa_aead_set_nonce() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
e000a0aedf Add buffer copying to psa_aead_verify() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
6db0e73dc4 Add buffer copying to psa_aead_finish() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
2914fac28a Add buffer copying to psa_aead_update() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
25dac6edc1 Add buffer copying to psa_aead_update_ad() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
fed23777f3 Refactor: Use wrapper around internal set_nonce() 
* Rename psa_aead_set_nonce() to psa_aead_set_nonce_internal()
* Recreate psa_aead_set_nonce() as a wrapper that copies buffers before
  calling the internal function.

This is because psa_aead_set_nonce() is currently called by
psa_aead_generate_nonce(). Refactoring this to call the static internal
function avoids an extra set of buffer copies as well as simplifying
future memory poisoning testing.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
8f0ef519d4 Add buffer copying to psa_aead_set_nonce() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
52402ec0fe Fix bug in PSA AEAD test 
Resize buffer used to hold the nonce to twice the maximum nonce size.
Some test cases were requesting more than the maximum nonce size
without actually having backing space. This caused a buffer overflow
when PSA buffer-copying code was added.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
d3cad8b017 Add buffer copying to psa_aead_generate_nonce() 
Note that this is not strictly necessary as this function only copies to
the output buffer at the end. However, it simplifies testing for the
time being.

Future optimisation work could consider removing this copying.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:02 +00:00
David Horstmann
7f2e040a9b Add buffer copying to psa_aead_decrypt() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:39:00 +00:00
David Horstmann
9d09a020c9 Copy buffers in psa_aead_encrypt() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 13:38:20 +00:00
Dave Rodgman
fe4f7e5fc0
Merge pull request #1165 from daverodgman/update-development-r 2024-02-02 22:00:49 +00:00
Dave Rodgman
e883870cc7
Merge branch 'development-restricted' into update-development-r 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-02 18:03:29 +00:00
David Horstmann
52ff236a98
Merge pull request #1137 from Ryan-Everett-arm/key-management-buffer-protection 
Add buffer copying to the Key Management API
 2024-02-02 17:43:14 +00:00
Ryan Everett
8d606857da Remove unnecessary dependencies from psa_crypto_helpers.h 
The psa_test_wrappers.h inclusion was breaking the examples in programs/
on functions with poisoning added

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
4c74c4fe84 Fix line-too-long in script 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
35f68533d8 Conditionally guard exit label to deter unused label error 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
84a666daa8 Re-add cipher_encrypt to test wrapper script 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
77b91e3930 Generate test wrappers for key management 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
b1d2c67ee0 Protect buffer in psa_export_public_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
45ac526592 Protect the buffer in psa_export_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
f028fe195b Protect buffer in psa_import_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
David Horstmann
8a35fd58ee
Merge pull request #1151 from tom-daubney-arm/asymmetric_sign_buffer_protection 
Implement safe buffer copying in asymmetric signature API
 2024-02-02 10:04:21 +00:00
David Horstmann
b2c9f0e2df Disable poisoning with PSA_CRYPTO_DRIVER_TEST 
This option causes nested calls to PSA functions, so is not compatible
with memory poisoning as it currently stands.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-01-31 14:38:15 +00:00
Thomas Daubney
3e65f52130 Conditionally guard exit label 
...on functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-01-30 12:37:25 +00:00
Thomas Daubney
f430f47434 Generate test wrappers 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-01-30 12:25:35 +00:00
Thomas Daubney
4f8847bb5d Implement safe buffer copying in asymmetric signature API 
Use local copy buffer macros to implement safe
copy mechanism in asymmetric signature API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-01-30 12:17:54 +00:00
Tom Cosgrove
f35d24479e
Merge pull request #1166 from daverodgman/ct-cmac 
Use ct module from cmac
 2024-01-30 09:54:02 +01:00
Dave Rodgman
64172bc2ec Use constant_time module from cmac 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-29 12:41:02 +00:00
David Horstmann
eec797a0a7
Merge pull request #1162 from gabor-mezei-arm/buffer_sharing_copy_output_buffer 
Add allocate and copy style output buffer protection
 2024-01-29 11:08:20 +00:00
Dave Rodgman
fc587a337f Remove already-assmebled Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-26 12:48:33 +00:00
Dave Rodgman
047c724c22 Merge remote-tracking branch 'restricted/development-restricted' into update-development-r 
Conflicts:
	programs/Makefile
	tests/scripts/check-generated-files.sh
 2024-01-26 12:42:51 +00:00
Dave Rodgman
935182fe2b
Merge pull request #1158 from daverodgman/mbedtls-3.5.2rc 
Mbedtls 3.5.2rc
 2024-01-25 12:22:54 +00:00
Dave Rodgman
f5e231ca84
Merge pull request #8719 from daverodgman/iar-codegen 
Improve codegen of unaligned access for IAR and gcc
 2024-01-25 08:31:45 +00:00
David Horstmann
9c5c9c351d
Merge pull request #1141 from davidhorstmann-arm/memory-poisoning-runtime-enable 
Enable and disable memory poisoning at runtime
 2024-01-24 14:46:43 +00:00
Gabor Mezei
1882c51cb3
Add allocate and copy style output buffer handling 
Add a new macro `LOCAL_OUTPUT_ALLOC_WITH_COPY` to support the output buffer
handling of the multipart operations like `psa_cipher_update`. This will
allocate a local buffer and copy the content of the original buffer.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-01-24 13:51:33 +01:00
Dave Rodgman
13f2f4e7f1 Merge remote-tracking branch 'restricted/development' into mbedtls-3.5.2rc 2024-01-24 09:49:15 +00:00
Dave Rodgman
daca7a3979 Update BRANCHES.md 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
v3.5.2 mbedtls-3.5.2 		2024-01-24 09:49:11 +00:00