TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-27 14:03:50 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,582 Commits 179 Branches 280 Tags
26bbd8dd4ea1edd99004e759bf3a0f4b9423675a
Commit Graph

7533 Commits

Author SHA1 Message Date
Gábor Mezei
26bbd8dd4e Merge branch 'mbedtls-2.28-restricted' into bp228_buffer_protection_for_cipher 
Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>
 2024-03-04 15:39:35 +00:00
Gabor Mezei
ff783e0bda Do not copy the content to the local output buffer with allocation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:46:12 +00:00
Gabor Mezei
8677edda6e Fix buffer protection handling for cipher_generate_iv 
Use the `LOCAL_OUTPUT_` macros for buffer protection instead of the existing
local variable.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:44:24 +00:00
Gabor Mezei
282bb53edc Add buffer protection for cipher_generate_iv and cipher_set_iv 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:44:23 +00:00
Gabor Mezei
ed96d687d7 Move local buffer allocation just before usage 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:50 +00:00
Gabor Mezei
69f680ac9c Add LOCAL_OUTPUT_ALLOC_WITH_COPY macro if buffer protection is disabled 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:49 +00:00
Gabor Mezei
92905be298 Fix ASAN error for psa_cipher_update 
The ASAN gives an error for `psa_cipher_update` when the `input_length`
is 0 and the `input` buffer is `NULL`. The root cause of this issue is
`mbedtls_cipher_update` always need a valid pointer for the
input buffer even if the length is 0.
This fix avoids the `mbedtls_cipher_update` to be called if the
input buffer length is 0.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:49 +00:00
Gabor Mezei
13a15c2390 Add buffer protection for cipher functions 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:03 +00:00
David Horstmann
98397f0bba Merge branch 'mbedtls-2.28-restricted' into generate-random-buffer-protection-backport 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 14:27:16 +00:00
tom-daubney-arm
24d60ad716 Merge branch 'mbedtls-2.28-restricted' into backport_asymmetric_encrypt_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-02-28 15:43:48 +00:00
David Horstmann
10e44f3fd1 Add missing guards around exit label 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-28 14:17:49 +00:00
David Horstmann
65bf12ce6b Add buffer copying to psa_generate_random() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-26 18:26:00 +00:00
tom-daubney-arm
8eafe1525d Merge branch 'mbedtls-2.28-restricted' into backport_mac_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-02-22 15:28:49 +00:00
David Horstmann
0ce9589e36 Merge pull request #1133 from davidhorstmann-arm/copying-aead-2.28 
[Backport 2.28] Copy buffers in AEAD
 2024-02-20 16:07:36 +00:00
David Horstmann
a9cc4cd1cb Merge pull request #1179 from Ryan-Everett-arm/key-derivation-buffer-protection-backport 
[Backport] Add buffer copying to the Key Derivation API
 2024-02-15 11:54:28 +00:00
Thomas Daubney
1a6137bbac Implement safe buffer copying in asymm. encryption 
Use local copy buffer macros to implement safe
copy mechanism in asymmetric encryption API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 13:03:16 +00:00
Thomas Daubney
480347d682 Add mac not NULL check before calling memset 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:21:46 +00:00
Thomas Daubney
301491d70c Modify allocation in sign_finish 
Allocate immediately after declaration.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:21:46 +00:00
Thomas Daubney
f298f657c4 Fix code style 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:21:46 +00:00
Thomas Daubney
2bb3a1fa25 Conditionally include exit label 
...on functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:21:46 +00:00
Thomas Daubney
324f7de1dd Implement safe buffer copying in MAC API 
Use buffer local copy macros to implement safe
copy mechanism in MAC API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:20:39 +00:00
Thomas Daubney
cbf0921530 Fix code style 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:51:41 +00:00
Thomas Daubney
5e6b84ae12 Conditionally include exit label 
...on hash functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:51:41 +00:00
Thomas Daubney
62cb36a5f2 Implement safe buffer copying in hash API 
Use local copy buffer macros to implement safe
copy mechanism in hash API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:50:51 +00:00
Ryan Everett
d0d12fb42f Conditionally guard exit label to deter unused label error 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-12 09:19:29 +00:00
Ryan Everett
6f68206b18 Add buffer copying to psa_key_derivation_input_bytes 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-09 16:18:39 +00:00
Ryan Everett
08bd24635d Add buffer copying to psa_key_derivation_output_bytes 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-09 16:15:32 +00:00
Dave Rodgman
5a2e95dcfa Merge pull request #1164 from daverodgman/update-2.28-restricted 2024-02-02 17:45:18 +00:00
Ryan Everett
3a4153a768 Conditionally guard exit label to stop unused label error 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
Ryan Everett
30827915a4 Protect buffer in psa_export_public_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
Ryan Everett
e3e760cddb Protect buffer in psa_export_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
Ryan Everett
6b97025466 Protect buffer in psa_import_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
David Horstmann
90b94ff85f Allow GCM IV to be NULL if zero-length 
The operation will still return an error, but the assert-based
validation checks will pass. This allows GCM to work with buffer
copies / local inputs, which may be NULL when they are zero-length.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-01 19:38:22 +00:00
Thomas Daubney
f446b8917d Conditionally include exit label 
...on functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-01-30 13:36:01 +00:00
Thomas Daubney
290aac472a Implement safe buffer copying in asymmetric signature API 
Use local copy buffer macros to implement safe
copy mechanism in asymmetric signature API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-01-30 12:45:26 +00:00
Dave Rodgman
9d52c713b2 Merge remote-tracking branch 'restricted/mbedtls-2.28' into mbedtls-2.28-restricted 2024-01-26 10:27:26 +00:00
Gabor Mezei
3b0c371c04 Add allocate and copy style output buffer handling 
Add a new macro `LOCAL_OUTPUT_ALLOC_WITH_COPY` to support the output buffer
handling of the multipart operations like `psa_cipher_update`. This will
allocate a local buffer and copy the content of the original buffer.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-01-24 17:28:33 +01:00
David Horstmann
6baf6e9a06 Add buffer copying to psa_aead_decrypt() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-01-24 14:58:05 +00:00
David Horstmann
21c1a94813 Copy buffers in psa_aead_encrypt() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-01-24 14:58:05 +00:00
Dave Rodgman
2866a6bb20 Merge remote-tracking branch 'restricted/mbedtls-2.28' into mbedtls-2.28.7rc 2024-01-22 16:48:18 +00:00
Dave Rodgman
f154831067 bump version 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-22 16:47:12 +00:00
Jonathan Winzig
e90cbc3d12 Fix Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 16:00:07 +00:00
Janos Follath
1a9a69778e Fix 'missing prototype' warnings 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
8cdb6064de Align Montgomery init with development 
The signature and naming of the Montgomrey initialisation function in
development and in the LTS was different. Align them for easier
readability and maintenance.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
601bffc4ce Extend blinding to RSA result check 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
aa6760d7b5 Make RSA unblinding constant flow 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
4fe396f1e1 Move some bignum functions to internal header 
We will need a couple of low level functions to implement safe
unblinding in RSA.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Janos Follath
42175031ca Move calculating RR into a separate function 
So far we needed it only locally here, but we will need calculating RR
for safe unblinding in RSA as well.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:58:57 +00:00
Tom Cosgrove
c7e208d2fa Merge pull request #8662 from LocutusOfBorg/mbedtls-2.28 
timing.c fix build failure with -O3 optimization level
 2024-01-18 13:52:02 +00:00
Gianfranco Costamagna
d7768235da Update library/timing.c 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
 2024-01-18 12:25:18 +01:00