TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-29 14:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,680 Commits 179 Branches 280 Tags
751dc022f401270dbf4e5cc33ec423c2c1515deb
Commit Graph

7562 Commits

Author SHA1 Message Date
David Horstmann
5bada225eb Update generated files with inverted option 
Achieved by running:

tests/scripts/check-generated-files.sh -u

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-14 11:21:34 +00:00
David Horstmann
4201533196 Invert and rename config option 
Replace MBEDTLS_PSA_COPY_CALLER_BUFFERS with inverse:
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. This ensures that buffer
protection is enabled by default without any change to the Mbed TLS
config file.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-14 11:17:56 +00:00
Thomas Daubney
28fe6654d8 Remove LOCAL_OUTPUT_ALLOC_WITH_COPY 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-03-12 17:54:55 +00:00
Thomas Daubney
ca92831a60 Add missing semicolon 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-03-12 17:53:30 +00:00
David Horstmann
f06494dc9e Merge branch 'mbedtls-2.28' into buffer-sharing-merge-2.28 2024-03-11 16:28:50 +00:00
tom-daubney-arm
7c89d1f8de Merge branch 'mbedtls-2.28-restricted' into backport_key_agreement_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-03-06 17:35:59 +00:00
Gilles Peskine
a19f6bfcad Merge pull request #8823 from davidhorstmann-arm/fix-config-bitflag-2.28 
[Backport 2.28] Update `SSL_SERIALIZED_SESSION_CONFIG_BITFLAG` with new flags
 2024-03-05 13:17:43 +00:00
David Horstmann
fc8cacf9a2 Add missing config guards in comment 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-05 10:46:26 +00:00
Gabor Mezei
f3c3504f5a Fix merge 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-03-04 17:17:51 +01:00
Gábor Mezei
26bbd8dd4e Merge branch 'mbedtls-2.28-restricted' into bp228_buffer_protection_for_cipher 
Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>
 2024-03-04 15:39:35 +00:00
David Horstmann
f5a6fa2e4a Fix code style 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 12:31:35 +00:00
David Horstmann
11def97472 Fix naming inconsistencies in config bits 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 12:15:56 +00:00
David Horstmann
363db7759a Add config guards to ssl session comment 
Show which members of the session structure are dependent on
configuration options and which aren't.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 12:11:24 +00:00
Gabor Mezei
ff783e0bda Do not copy the content to the local output buffer with allocation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:46:12 +00:00
Gabor Mezei
8677edda6e Fix buffer protection handling for cipher_generate_iv 
Use the `LOCAL_OUTPUT_` macros for buffer protection instead of the existing
local variable.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:44:24 +00:00
Gabor Mezei
282bb53edc Add buffer protection for cipher_generate_iv and cipher_set_iv 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:44:23 +00:00
Gabor Mezei
ed96d687d7 Move local buffer allocation just before usage 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:50 +00:00
Gabor Mezei
69f680ac9c Add LOCAL_OUTPUT_ALLOC_WITH_COPY macro if buffer protection is disabled 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:49 +00:00
Gabor Mezei
92905be298 Fix ASAN error for psa_cipher_update 
The ASAN gives an error for `psa_cipher_update` when the `input_length`
is 0 and the `input` buffer is `NULL`. The root cause of this issue is
`mbedtls_cipher_update` always need a valid pointer for the
input buffer even if the length is 0.
This fix avoids the `mbedtls_cipher_update` to be called if the
input buffer length is 0.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:49 +00:00
Gabor Mezei
13a15c2390 Add buffer protection for cipher functions 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:03 +00:00
David Horstmann
98397f0bba Merge branch 'mbedtls-2.28-restricted' into generate-random-buffer-protection-backport 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 14:27:16 +00:00
tom-daubney-arm
24d60ad716 Merge branch 'mbedtls-2.28-restricted' into backport_asymmetric_encrypt_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-02-28 15:43:48 +00:00
David Horstmann
10e44f3fd1 Add missing guards around exit label 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-28 14:17:49 +00:00
David Horstmann
65bf12ce6b Add buffer copying to psa_generate_random() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-26 18:26:00 +00:00
Gilles Peskine
9721b868a2 Allow null buffers when the length is 0 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 12:38:16 +01:00
Gilles Peskine
c2c74b9cef mbedtls_ecp_write_key: no FEATURE_UNAVAILABLE error 
When exporting a key, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE should not happen.
This error indicates that the curve is not supported, but that would prevent
the creation of the key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 08:54:25 +01:00
tom-daubney-arm
8eafe1525d Merge branch 'mbedtls-2.28-restricted' into backport_mac_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-02-22 15:28:49 +00:00
Thomas Daubney
09cf4f2e78 Decouple if statement in psa_raw_key_agreement exit. 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-22 11:08:22 +00:00
Thomas Daubney
2ea8d8fa3c Revise how output allocation is checked 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-21 15:16:01 +00:00
Thomas Daubney
0736df33ac Check for output allocation before randomising 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-21 12:28:20 +00:00
David Horstmann
0ce9589e36 Merge pull request #1133 from davidhorstmann-arm/copying-aead-2.28 
[Backport 2.28] Copy buffers in AEAD
 2024-02-20 16:07:36 +00:00
Thomas Daubney
26d1c43821 Check output allocated before randomising 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-20 11:26:55 +00:00
Thomas Daubney
3c0c6b1c4b Conditionally include exit label 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-15 14:25:08 +00:00
Thomas Daubney
9da359fc65 Add buffer protection to psa_key_derivation_key_agreement 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-15 14:15:46 +00:00
Thomas Daubney
4304276539 Add buffer protection to psa_raw_key_agreement 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-15 13:47:08 +00:00
David Horstmann
a9cc4cd1cb Merge pull request #1179 from Ryan-Everett-arm/key-derivation-buffer-protection-backport 
[Backport] Add buffer copying to the Key Derivation API
 2024-02-15 11:54:28 +00:00
Tom Cosgrove
75c8e61ce0 Merge pull request #8814 from gilles-peskine-arm/rsa-bitlen-fix-2.28 
Backport 2.28: Fix mbedtls_pk_get_bitlen for a key size that is not a multiple of 8
 2024-02-14 11:18:28 +00:00
David Horstmann
eb77b6f418 Add session config bit for KEEP_PEER_CERTIFICATE 
This config option decides whether the session stores the entire
certificate or just a digest of it, but was missing from the
serialization config bitflag.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-13 18:59:07 +00:00
Janos Follath
09cd7dd96a Merge pull request #8660 from ivq/fix_ecp_comment 
Fix a comment in ecp
 2024-02-13 12:12:10 +00:00
Gilles Peskine
0196f4886a Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes 
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 17:00:48 +01:00
Thomas Daubney
1a6137bbac Implement safe buffer copying in asymm. encryption 
Use local copy buffer macros to implement safe
copy mechanism in asymmetric encryption API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 13:03:16 +00:00
Thomas Daubney
480347d682 Add mac not NULL check before calling memset 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:21:46 +00:00
Thomas Daubney
301491d70c Modify allocation in sign_finish 
Allocate immediately after declaration.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:21:46 +00:00
Thomas Daubney
f298f657c4 Fix code style 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:21:46 +00:00
Thomas Daubney
2bb3a1fa25 Conditionally include exit label 
...on functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:21:46 +00:00
Thomas Daubney
324f7de1dd Implement safe buffer copying in MAC API 
Use buffer local copy macros to implement safe
copy mechanism in MAC API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:20:39 +00:00
Thomas Daubney
cbf0921530 Fix code style 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:51:41 +00:00
Thomas Daubney
5e6b84ae12 Conditionally include exit label 
...on hash functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:51:41 +00:00
Thomas Daubney
62cb36a5f2 Implement safe buffer copying in hash API 
Use local copy buffer macros to implement safe
copy mechanism in hash API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:50:51 +00:00
Ryan Everett
d0d12fb42f Conditionally guard exit label to deter unused label error 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-12 09:19:29 +00:00