5bada225eb
Update generated files with inverted option
...
Achieved by running:
tests/scripts/check-generated-files.sh -u
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2024-03-14 11:21:34 +00:00
4201533196
Invert and rename config option
...
Replace MBEDTLS_PSA_COPY_CALLER_BUFFERS with inverse:
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. This ensures that buffer
protection is enabled by default without any change to the Mbed TLS
config file.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2024-03-14 11:17:56 +00:00
28fe6654d8
Remove LOCAL_OUTPUT_ALLOC_WITH_COPY
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-03-12 17:54:55 +00:00
ca92831a60
Add missing semicolon
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-03-12 17:53:30 +00:00
40895498b7
Merge pull request #8851 from billatarm/mbedtls-2.28-add-pc-files
...
Mbedtls 2.28 add pc files
2024-03-12 11:30:30 +00:00
f06494dc9e
Merge branch 'mbedtls-2.28' into buffer-sharing-merge-2.28
2024-03-11 16:28:50 +00:00
7c89d1f8de
Merge branch 'mbedtls-2.28-restricted' into backport_key_agreement_buffer_protection
...
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com >
2024-03-06 17:35:59 +00:00
a19f6bfcad
Merge pull request #8823 from davidhorstmann-arm/fix-config-bitflag-2.28
...
[Backport 2.28] Update `SSL_SERIALIZED_SESSION_CONFIG_BITFLAG` with new flags
2024-03-05 13:17:43 +00:00
fc8cacf9a2
Add missing config guards in comment
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2024-03-05 10:46:26 +00:00
f3c3504f5a
Fix merge
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2024-03-04 17:17:51 +01:00
26bbd8dd4e
Merge branch 'mbedtls-2.28-restricted' into bp228_buffer_protection_for_cipher
...
Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com >
2024-03-04 15:39:35 +00:00
5e5056d6ab
cmake: Use GnuInstallDirs to customize install directories
...
Replace custom LIB_INSTALL_DIR with standard CMAKE_INSTALL_LIBDIR variable.
For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set.
Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com >
2024-03-01 12:05:00 -06:00
f5a6fa2e4a
Fix code style
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2024-03-01 12:31:35 +00:00
11def97472
Fix naming inconsistencies in config bits
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2024-03-01 12:15:56 +00:00
363db7759a
Add config guards to ssl session comment
...
Show which members of the session structure are dependent on
configuration options and which aren't.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2024-03-01 12:11:24 +00:00
ff783e0bda
Do not copy the content to the local output buffer with allocation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2024-02-29 16:46:12 +00:00
8677edda6e
Fix buffer protection handling for cipher_generate_iv
...
Use the `LOCAL_OUTPUT_` macros for buffer protection instead of the existing
local variable.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2024-02-29 16:44:24 +00:00
282bb53edc
Add buffer protection for cipher_generate_iv
and cipher_set_iv
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2024-02-29 16:44:23 +00:00
ed96d687d7
Move local buffer allocation just before usage
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2024-02-29 16:41:50 +00:00
69f680ac9c
Add LOCAL_OUTPUT_ALLOC_WITH_COPY
macro if buffer protection is disabled
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2024-02-29 16:41:49 +00:00
92905be298
Fix ASAN error for psa_cipher_update
...
The ASAN gives an error for `psa_cipher_update` when the `input_length`
is 0 and the `input` buffer is `NULL`. The root cause of this issue is
`mbedtls_cipher_update` always need a valid pointer for the
input buffer even if the length is 0.
This fix avoids the `mbedtls_cipher_update` to be called if the
input buffer length is 0.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2024-02-29 16:41:49 +00:00
13a15c2390
Add buffer protection for cipher functions
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2024-02-29 16:41:03 +00:00
98397f0bba
Merge branch 'mbedtls-2.28-restricted' into generate-random-buffer-protection-backport
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2024-02-29 14:27:16 +00:00
ffdd957049
Fix compilation on macOS without apple-clang
...
Signed-off-by: Steven WdV <swdv@cs.ru.nl >
2024-02-29 15:23:01 +01:00
24d60ad716
Merge branch 'mbedtls-2.28-restricted' into backport_asymmetric_encrypt_buffer_protection
...
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com >
2024-02-28 15:43:48 +00:00
10e44f3fd1
Add missing guards around exit label
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2024-02-28 14:17:49 +00:00
65bf12ce6b
Add buffer copying to psa_generate_random()
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2024-02-26 18:26:00 +00:00
9721b868a2
Allow null buffers when the length is 0
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-02-26 12:38:16 +01:00
c2c74b9cef
mbedtls_ecp_write_key: no FEATURE_UNAVAILABLE error
...
When exporting a key, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE should not happen.
This error indicates that the curve is not supported, but that would prevent
the creation of the key.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-02-26 08:54:25 +01:00
8eafe1525d
Merge branch 'mbedtls-2.28-restricted' into backport_mac_buffer_protection
...
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com >
2024-02-22 15:28:49 +00:00
09cf4f2e78
Decouple if statement in psa_raw_key_agreement exit.
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-22 11:08:22 +00:00
2ea8d8fa3c
Revise how output allocation is checked
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-21 15:16:01 +00:00
0736df33ac
Check for output allocation before randomising
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-21 12:28:20 +00:00
0ce9589e36
Merge pull request #1133 from davidhorstmann-arm/copying-aead-2.28
...
[Backport 2.28] Copy buffers in AEAD
2024-02-20 16:07:36 +00:00
26d1c43821
Check output allocated before randomising
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-20 11:26:55 +00:00
3c0c6b1c4b
Conditionally include exit label
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-15 14:25:08 +00:00
9da359fc65
Add buffer protection to psa_key_derivation_key_agreement
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-15 14:15:46 +00:00
4304276539
Add buffer protection to psa_raw_key_agreement
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-15 13:47:08 +00:00
a9cc4cd1cb
Merge pull request #1179 from Ryan-Everett-arm/key-derivation-buffer-protection-backport
...
[Backport] Add buffer copying to the Key Derivation API
2024-02-15 11:54:28 +00:00
75c8e61ce0
Merge pull request #8814 from gilles-peskine-arm/rsa-bitlen-fix-2.28
...
Backport 2.28: Fix mbedtls_pk_get_bitlen for a key size that is not a multiple of 8
2024-02-14 11:18:28 +00:00
eb77b6f418
Add session config bit for KEEP_PEER_CERTIFICATE
...
This config option decides whether the session stores the entire
certificate or just a digest of it, but was missing from the
serialization config bitflag.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2024-02-13 18:59:07 +00:00
09cd7dd96a
Merge pull request #8660 from ivq/fix_ecp_comment
...
Fix a comment in ecp
2024-02-13 12:12:10 +00:00
0196f4886a
Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes
...
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-02-12 17:00:48 +01:00
1a6137bbac
Implement safe buffer copying in asymm. encryption
...
Use local copy buffer macros to implement safe
copy mechanism in asymmetric encryption API.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 13:03:16 +00:00
480347d682
Add mac not NULL check before calling memset
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:21:46 +00:00
301491d70c
Modify allocation in sign_finish
...
Allocate immediately after declaration.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:21:46 +00:00
f298f657c4
Fix code style
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:21:46 +00:00
2bb3a1fa25
Conditionally include exit label
...
...on functions where the label was only added
due to the modifications required by this PR.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:21:46 +00:00
324f7de1dd
Implement safe buffer copying in MAC API
...
Use buffer local copy macros to implement safe
copy mechanism in MAC API.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:20:39 +00:00
cbf0921530
Fix code style
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 11:51:41 +00:00