lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity
18,772 Commits 174 Branches 272 Tags
91773db3315f07d3a162bb997b650db767bb830e
Commit Graph

18772 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
4fef9337a9 Merge pull request #1189 from davidhorstmann-arm/buffer-sharing-merge-2.28 
Update mbedtls-2.28-restricted after buffer sharing work completion
 2024-03-12 11:36:14 +01:00
David Horstmann
c14cd0dc12 Add ChangeLog for PSA buffer sharing fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-11 17:37:01 +00:00
David Horstmann
f06494dc9e Merge branch 'mbedtls-2.28' into buffer-sharing-merge-2.28 2024-03-11 16:28:50 +00:00
David Horstmann
479448dbc8 Merge pull request #1182 from tom-daubney-arm/backport_key_agreement_buffer_protection 
[Backport] Implement safe buffer copying in key agreement
 2024-03-11 15:10:51 +00:00
Dave Rodgman
b75b47563a Avoid recursion for relative paths 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-07 17:26:16 +00:00
Dave Rodgman
ec84093ae6 Follow-up for less verbose logging 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-07 17:26:16 +00:00
Mingjie Shen
cfe1be3bee ssl_mail_client: Fix unbounded write of sprintf() 
These calls to sprintf may overflow buf because opt.mail_from and opt.mail_to
are controlled by users. Fix by replacing sprintf with snprintf.

Signed-off-by: Mingjie Shen <shen497@purdue.edu>
 2024-03-06 22:28:52 +00:00
tom-daubney-arm
7c89d1f8de Merge branch 'mbedtls-2.28-restricted' into backport_key_agreement_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-03-06 17:35:59 +00:00
Thomas Daubney
9d0fe6e8df Fix issue with large allocation in tests 
In test_suite_psa_crypto_op_fail.generated.function
the function key_agreement_fail was setting the
public_key_length variable to SIZE_MAX which meant that
a huge allocation was being attempted.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-03-06 17:34:35 +00:00
David Horstmann
81a14e0dfd Merge pull request #1168 from gabor-mezei-arm/bp228_buffer_protection_for_cipher 
[Backport] Buffer protection for cipher functions
 2024-03-05 18:43:01 +00:00
Gilles Peskine
5bc604f33c Merge pull request #8873 from daverodgman/quietbuild-2.28 
Make builds less verbose - 2.28 backport
 2024-03-05 18:04:11 +00:00
Gilles Peskine
a19f6bfcad Merge pull request #8823 from davidhorstmann-arm/fix-config-bitflag-2.28 
[Backport 2.28] Update `SSL_SERIALIZED_SESSION_CONFIG_BITFLAG` with new flags
 2024-03-05 13:17:43 +00:00
David Horstmann
fc8cacf9a2 Add missing config guards in comment 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-05 10:46:26 +00:00
Gabor Mezei
f3c3504f5a Fix merge 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-03-04 17:17:51 +01:00
Gábor Mezei
26bbd8dd4e Merge branch 'mbedtls-2.28-restricted' into bp228_buffer_protection_for_cipher 
Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>
 2024-03-04 15:39:35 +00:00
David Horstmann
126dc1cd52 Merge pull request #1173 from davidhorstmann-arm/generate-random-buffer-protection-backport 
[Backport 2.28] Add secure buffer copying to `psa_generate_random()`
 2024-03-04 13:23:50 +00:00
Biswapriyo Nath
5e5056d6ab cmake: Use GnuInstallDirs to customize install directories 
Replace custom LIB_INSTALL_DIR with standard CMAKE_INSTALL_LIBDIR variable.
For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set.

Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
 2024-03-01 12:05:00 -06:00
Dave Rodgman
dff18da29a fix zlib test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-01 15:53:52 +00:00
David Horstmann
f5a6fa2e4a Fix code style 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 12:31:35 +00:00
David Horstmann
ec8a5b175e Add ChangeLog entry for ssl serialization bitflags 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 12:19:00 +00:00
David Horstmann
11def97472 Fix naming inconsistencies in config bits 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 12:15:56 +00:00
David Horstmann
363db7759a Add config guards to ssl session comment 
Show which members of the session structure are dependent on
configuration options and which aren't.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 12:11:24 +00:00
Dave Rodgman
e264a7dcd1 Fix generate_visualc_files.pl 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 21:22:59 +00:00
Dave Rodgman
422f9bcea0 Fix formatting 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 18:42:07 +00:00
Gabor Mezei
ff783e0bda Do not copy the content to the local output buffer with allocation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:46:12 +00:00
Gabor Mezei
7f4b7dd382 Remove write check in driver wrappers tests 
This check is intended to ensure that we do not write intermediate
results to the shared output buffer. This check will be made obselete
by generic memory-poisoning-based testing for all functions.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:44:24 +00:00
Gabor Mezei
8677edda6e Fix buffer protection handling for cipher_generate_iv 
Use the `LOCAL_OUTPUT_` macros for buffer protection instead of the existing
local variable.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:44:24 +00:00
Gabor Mezei
50bcca26b3 Update test wrapper functions for ciper buffer protection 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:44:23 +00:00
Gabor Mezei
282bb53edc Add buffer protection for cipher_generate_iv and cipher_set_iv 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:44:23 +00:00
Gabor Mezei
ed96d687d7 Move local buffer allocation just before usage 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:50 +00:00
Gabor Mezei
69f680ac9c Add LOCAL_OUTPUT_ALLOC_WITH_COPY macro if buffer protection is disabled 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:49 +00:00
Gabor Mezei
92905be298 Fix ASAN error for psa_cipher_update 
The ASAN gives an error for `psa_cipher_update` when the `input_length`
is 0 and the `input` buffer is `NULL`. The root cause of this issue is
`mbedtls_cipher_update` always need a valid pointer for the
input buffer even if the length is 0.
This fix avoids the `mbedtls_cipher_update` to be called if the
input buffer length is 0.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:49 +00:00
Gabor Mezei
143864c121 Add test wrapper functions for cipher buffer protection 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:49 +00:00
Gabor Mezei
13a15c2390 Add buffer protection for cipher functions 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:03 +00:00
Dave Rodgman
9f1003b381 blank line for readability 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 15:01:29 +00:00
Dave Rodgman
7a659102f5 Use export to set VERBOSE_LOGS 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:59:40 +00:00
David Horstmann
98397f0bba Merge branch 'mbedtls-2.28-restricted' into generate-random-buffer-protection-backport 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 14:27:16 +00:00
Signed-off-by: Steven WdV
ffdd957049 Fix compilation on macOS without apple-clang 
Signed-off-by: Steven WdV <swdv@cs.ru.nl>
 2024-02-29 15:23:01 +01:00
David Horstmann
be49b6b239 Merge pull request #1154 from tom-daubney-arm/backport_asymmetric_encrypt_buffer_protection 
[Backport] Asymmetric encrypt buffer protection
 2024-02-29 14:17:10 +00:00
Dave Rodgman
f4aa1ce006 Fix docs 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:14:53 +00:00
Dave Rodgman
c2a27492bc simplify printf call 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:13:35 +00:00
Dave Rodgman
b93ae3b453 improve docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:50 +00:00
Dave Rodgman
03b232ae4e Add editor hint for emacs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:50 +00:00
Dave Rodgman
7c84471ed7 Rename quiet to quiet.sh 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:50 +00:00
Dave Rodgman
04e0f41f08 Send printed command to stderr 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:50 +00:00
Dave Rodgman
cdf57d1ddc remove trailing space from printed command 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:50 +00:00
Dave Rodgman
f57529903d Improve simplified quoting 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:50 +00:00
Dave Rodgman
a8e671d7bb remove shebang from quiet 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:50 +00:00
Dave Rodgman
043325d191 Improve docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:50 +00:00
Dave Rodgman
6122cb1013 Quote directory name from cmake wrapper 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:11:50 +00:00