1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Commit Graph

7617 Commits

Author SHA1 Message Date
5bada225eb Update generated files with inverted option
Achieved by running:

tests/scripts/check-generated-files.sh -u

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-14 11:21:34 +00:00
4201533196 Invert and rename config option
Replace MBEDTLS_PSA_COPY_CALLER_BUFFERS with inverse:
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. This ensures that buffer
protection is enabled by default without any change to the Mbed TLS
config file.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-14 11:17:56 +00:00
28fe6654d8 Remove LOCAL_OUTPUT_ALLOC_WITH_COPY
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-03-12 17:54:55 +00:00
ca92831a60 Add missing semicolon
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-03-12 17:53:30 +00:00
40895498b7 Merge pull request #8851 from billatarm/mbedtls-2.28-add-pc-files
Mbedtls 2.28 add pc files
2024-03-12 11:30:30 +00:00
f06494dc9e Merge branch 'mbedtls-2.28' into buffer-sharing-merge-2.28 2024-03-11 16:28:50 +00:00
7c89d1f8de Merge branch 'mbedtls-2.28-restricted' into backport_key_agreement_buffer_protection
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
2024-03-06 17:35:59 +00:00
a19f6bfcad Merge pull request #8823 from davidhorstmann-arm/fix-config-bitflag-2.28
[Backport 2.28] Update `SSL_SERIALIZED_SESSION_CONFIG_BITFLAG` with new flags
2024-03-05 13:17:43 +00:00
fc8cacf9a2 Add missing config guards in comment
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-05 10:46:26 +00:00
f3c3504f5a Fix merge
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-03-04 17:17:51 +01:00
26bbd8dd4e Merge branch 'mbedtls-2.28-restricted' into bp228_buffer_protection_for_cipher
Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>
2024-03-04 15:39:35 +00:00
5e5056d6ab cmake: Use GnuInstallDirs to customize install directories
Replace custom LIB_INSTALL_DIR with standard CMAKE_INSTALL_LIBDIR variable.
For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set.

Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
2024-03-01 12:05:00 -06:00
f5a6fa2e4a Fix code style
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-01 12:31:35 +00:00
11def97472 Fix naming inconsistencies in config bits
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-01 12:15:56 +00:00
363db7759a Add config guards to ssl session comment
Show which members of the session structure are dependent on
configuration options and which aren't.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-01 12:11:24 +00:00
ff783e0bda Do not copy the content to the local output buffer with allocation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-02-29 16:46:12 +00:00
8677edda6e Fix buffer protection handling for cipher_generate_iv
Use the `LOCAL_OUTPUT_` macros for buffer protection instead of the existing
local variable.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-02-29 16:44:24 +00:00
282bb53edc Add buffer protection for cipher_generate_iv and cipher_set_iv
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-02-29 16:44:23 +00:00
ed96d687d7 Move local buffer allocation just before usage
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-02-29 16:41:50 +00:00
69f680ac9c Add LOCAL_OUTPUT_ALLOC_WITH_COPY macro if buffer protection is disabled
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-02-29 16:41:49 +00:00
92905be298 Fix ASAN error for psa_cipher_update
The ASAN gives an error for `psa_cipher_update` when the `input_length`
is 0 and the `input` buffer is `NULL`. The root cause of this issue is
`mbedtls_cipher_update` always need a valid pointer for the
input buffer even if the length is 0.
This fix avoids the `mbedtls_cipher_update` to be called if the
input buffer length is 0.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-02-29 16:41:49 +00:00
13a15c2390 Add buffer protection for cipher functions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-02-29 16:41:03 +00:00
98397f0bba Merge branch 'mbedtls-2.28-restricted' into generate-random-buffer-protection-backport
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-29 14:27:16 +00:00
ffdd957049 Fix compilation on macOS without apple-clang
Signed-off-by: Steven WdV <swdv@cs.ru.nl>
2024-02-29 15:23:01 +01:00
24d60ad716 Merge branch 'mbedtls-2.28-restricted' into backport_asymmetric_encrypt_buffer_protection
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
2024-02-28 15:43:48 +00:00
10e44f3fd1 Add missing guards around exit label
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-28 14:17:49 +00:00
65bf12ce6b Add buffer copying to psa_generate_random()
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-26 18:26:00 +00:00
9721b868a2 Allow null buffers when the length is 0
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-26 12:38:16 +01:00
c2c74b9cef mbedtls_ecp_write_key: no FEATURE_UNAVAILABLE error
When exporting a key, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE should not happen.
This error indicates that the curve is not supported, but that would prevent
the creation of the key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-26 08:54:25 +01:00
8eafe1525d Merge branch 'mbedtls-2.28-restricted' into backport_mac_buffer_protection
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
2024-02-22 15:28:49 +00:00
09cf4f2e78 Decouple if statement in psa_raw_key_agreement exit.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-22 11:08:22 +00:00
2ea8d8fa3c Revise how output allocation is checked
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-21 15:16:01 +00:00
0736df33ac Check for output allocation before randomising
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-21 12:28:20 +00:00
0ce9589e36 Merge pull request #1133 from davidhorstmann-arm/copying-aead-2.28
[Backport 2.28] Copy buffers in AEAD
2024-02-20 16:07:36 +00:00
26d1c43821 Check output allocated before randomising
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-20 11:26:55 +00:00
3c0c6b1c4b Conditionally include exit label
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-15 14:25:08 +00:00
9da359fc65 Add buffer protection to psa_key_derivation_key_agreement
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-15 14:15:46 +00:00
4304276539 Add buffer protection to psa_raw_key_agreement
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-15 13:47:08 +00:00
a9cc4cd1cb Merge pull request #1179 from Ryan-Everett-arm/key-derivation-buffer-protection-backport
[Backport] Add buffer copying to the Key Derivation API
2024-02-15 11:54:28 +00:00
75c8e61ce0 Merge pull request #8814 from gilles-peskine-arm/rsa-bitlen-fix-2.28
Backport 2.28: Fix mbedtls_pk_get_bitlen for a key size that is not a multiple of 8
2024-02-14 11:18:28 +00:00
eb77b6f418 Add session config bit for KEEP_PEER_CERTIFICATE
This config option decides whether the session stores the entire
certificate or just a digest of it, but was missing from the
serialization config bitflag.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-13 18:59:07 +00:00
09cd7dd96a Merge pull request #8660 from ivq/fix_ecp_comment
Fix a comment in ecp
2024-02-13 12:12:10 +00:00
0196f4886a Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:00:48 +01:00
1a6137bbac Implement safe buffer copying in asymm. encryption
Use local copy buffer macros to implement safe
copy mechanism in asymmetric encryption API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 13:03:16 +00:00
480347d682 Add mac not NULL check before calling memset
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 12:21:46 +00:00
301491d70c Modify allocation in sign_finish
Allocate immediately after declaration.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 12:21:46 +00:00
f298f657c4 Fix code style
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 12:21:46 +00:00
2bb3a1fa25 Conditionally include exit label
...on functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 12:21:46 +00:00
324f7de1dd Implement safe buffer copying in MAC API
Use buffer local copy macros to implement safe
copy mechanism in MAC API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 12:20:39 +00:00
cbf0921530 Fix code style
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 11:51:41 +00:00