mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00

Author	SHA1	Message	Date
David Horstmann	730dea31cb	Rewrite incorrect description of psa_exercise_key And clarify our potential use of it as a starting point for writing memory poisoning tests from scratch. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-23 20:35:35 +01:00
David Horstmann	6c51207602	Add notes about configuration of poisoning tests Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-23 20:25:14 +01:00
David Horstmann	8f905c289d	Add reference to test hooks in detailed design Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-23 20:08:38 +01:00
David Horstmann	806055edbf	Refactor note on preferred poison-test approach Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-23 19:53:30 +01:00
David Horstmann	52df620736	Use ASan for memory poisoning as well as Valgrind Also add information about ASan from Microsoft docs. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-23 19:49:00 +01:00
David Horstmann	c61ddb2089	Add C language annotation to code block Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-23 19:18:50 +01:00
David Horstmann	cbf068dbee	Fix broken reference Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-23 19:03:10 +01:00
David Horstmann	f889e0fa0a	Replace vague 'above' with a reference for ease-of-navigation Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-23 19:01:21 +01:00
David Horstmann	ded14a2c02	Add example wrapper function implementation Give an example wrapper foir psa_aead_update for the transparent testing option. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-23 18:58:41 +01:00
David Horstmann	16dac00cb9	Add skeleton of detailed design rewrite In light of choosing Valgrind/ASan over mprotect()-based poisoning, update the detailed design of copy validation. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-23 18:57:01 +01:00
David Horstmann	be868347f4	Rewrite design exploration of copy validation Main changes: * New tests are easier to write than first stated * Use of existing tests is ledd beneficial * But using existing tests is a benefit if it can be done transparently Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-20 19:25:11 +01:00
David Horstmann	51fc6cf378	Explore sanitizers for memory poisoning Consider MSan, ASan and Valgrind as options for implementing memory poisoning tests. Come to the altered conclusion that Valgrind is the best option. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-20 18:40:15 +01:00
David Horstmann	17b3716c5a	Tweak compiler optimization evaluation section * Remove references to the platform - this is unlikely to affect whether copies are optimized. * Note that the evaluation should test extreme optimisation settings. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-20 18:39:14 +01:00
David Horstmann	4e54abf182	Add section on possible use of Valgrind tracing Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-19 17:59:45 +01:00
David Horstmann	05ca3d9a1b	Expand design for validation of careful access Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-19 16:45:37 +01:00
David Horstmann	a72b4ca734	Modify optimize-testing instructions Mention -flto and whole-program optimization as this is the most important aspect. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-19 15:22:15 +01:00
David Horstmann	3f7e42a750	Move implementation by module table earlier Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-19 15:14:50 +01:00
David Horstmann	dae0ad439f	Add more detail in design of memory poisoning Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-19 15:12:34 +01:00
David Horstmann	0bd87f5959	Change unsigned int to uint8_t Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-19 13:45:21 +01:00
David Horstmann	23661cc232	Detailed design of memory protection strategy Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-10-18 18:20:33 +01:00
Gilles Peskine	df62f1a010	Merge pull request #1106 from gilles-peskine-arm/psa-shared-buffers-requirements PSA shared buffers requirements	2023-10-17 20:38:00 +02:00
Gilles Peskine	8ebeb9c180	Test for read-read inconsistency with mprotect and ptrace/gdb Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-16 18:37:02 +02:00
Gilles Peskine	87889ebe86	Fix editorial error with semantic consequences Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-16 15:40:02 +02:00
Gilles Peskine	a3ce6437bf	Typos Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-16 15:39:37 +02:00
Gilles Peskine	1f2802c403	Suggest validating copy by memory poisoning Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-13 21:49:17 +02:00
Gilles Peskine	6998721c69	Add a section skeleton for copy bypass It's something we're likely to want to do at some point. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-13 20:05:32 +02:00
Gilles Peskine	7bc1bb65e9	Short explanations of what is expected in the design sections Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-13 20:05:25 +02:00
Gilles Peskine	35de1f7a7d	Distinguish whole-message signature from other asymmetric cryptography Whole-message signature may process the message multiple times (EdDSA signature does it). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-13 20:04:16 +02:00
Gilles Peskine	9cad3b3a70	Design change for cipher/AEAD There are many reasons why a driver might violate the security requirements for plaintext or ciphertext buffers, so mandate copying. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-13 20:03:18 +02:00
Gilles Peskine	2859267a27	Clarify terminology: built-in driver Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-13 20:02:00 +02:00
Gilles Peskine	db00543b3a	Add a section on write-read feedback It's a security violation, although it's not clear whether it really needs to influence the design. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-13 19:57:53 +02:00
Gilles Peskine	352095ca86	Simplify the relaxed output-output rule Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-13 19:56:22 +02:00
Gilles Peskine	60c453ee72	Expand explanations of the vulnerabilities Add a few more examples. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-13 19:07:56 +02:00
Gilles Peskine	8daedaeac9	Fix typos and copypasta Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-13 18:47:29 +02:00
Gilles Peskine	f7806ca782	Analyze requirements for protection of arguments in shared memory Propose a dual-approach strategy where some buffers are copied and others can remain shared. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-12 16:00:11 +02:00
Gilles Peskine	bb5d907aa9	Automatically pick up all Markdown files Assume GNU make. We already do with the toplevel makefile. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-11 20:47:44 +02:00
Gilles Peskine	32743619a2	Merge pull request #8114 from yanesca/threading_requirements_update Refine thread safety requirements	2023-10-09 11:22:59 +00:00
Manuel Pégourié-Gonnard	8c40f3dfad	Formatting fixes Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 11:06:09 +02:00
Manuel Pégourié-Gonnard	140c08e325	Minor clarifications. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 11:02:37 +02:00
Manuel Pégourié-Gonnard	89ae266e5a	Update docs/driver-only-builds.md Latest changes: - logic about the relationship between curves, key types and algs (8075) - building without bignum is no longer "coming soon", it's there :) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 08:53:05 +02:00
Manuel Pégourié-Gonnard	dfa42b34ab	Improve documentation about driver-only p256-m. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 08:53:05 +02:00
Manuel Pégourié-Gonnard	789000b2be	Update list of p256-m entry points There was a bit of a race condition between #8041 which introduced the new entry points, and #8203 which documented the list of entry points. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 08:51:51 +02:00
Dave Rodgman	0fc86b2ddf	Merge pull request #8075 from valeriosetti/issue8016 driver-only ECC: curve acceleration macros	2023-09-27 14:39:02 +00:00
Manuel Pégourié-Gonnard	f7dc6cfef1	Document limitation on "mixed" builds Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-27 10:34:52 +02:00
Xiaokang Qian	db3035b8bc	Fix a typo in psa-crypto-implementation-structure.md Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Xiaokang Qian	76e55a20dd	Change the documenti about psa_crypto_driver_wrappers.c{h} Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Xiaokang Qian	1198e43644	Change the description of auto-generated driver dispatch files Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Xiaokang Qian	845693c513	Change comments to psa_crypto_driver_wrappers.h Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Manuel Pégourié-Gonnard	030f11b0b1	Type fixes and wording improvements Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-24 09:48:47 +02:00
Manuel Pégourié-Gonnard	1f61b7b8ea	Document driver-only hashes Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-24 09:48:46 +02:00

1 2 3 4 5 ...

769 Commits