lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-11-20 01:02:18 +03:00
Code Activity
18,895 Commits 176 Branches 276 Tags
ae59c5232274df36b1b58dd52eb74cb153829a1a
Commit Graph

7603 Commits

Author SHA1 Message Date
David Horstmann
363db7759a Add config guards to ssl session comment 
Show which members of the session structure are dependent on
configuration options and which aren't.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 12:11:24 +00:00
Gabor Mezei
ff783e0bda Do not copy the content to the local output buffer with allocation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:46:12 +00:00
Gabor Mezei
8677edda6e Fix buffer protection handling for cipher_generate_iv 
Use the `LOCAL_OUTPUT_` macros for buffer protection instead of the existing
local variable.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:44:24 +00:00
Gabor Mezei
282bb53edc Add buffer protection for cipher_generate_iv and cipher_set_iv 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:44:23 +00:00
Gabor Mezei
ed96d687d7 Move local buffer allocation just before usage 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:50 +00:00
Gabor Mezei
69f680ac9c Add LOCAL_OUTPUT_ALLOC_WITH_COPY macro if buffer protection is disabled 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:49 +00:00
Gabor Mezei
92905be298 Fix ASAN error for psa_cipher_update 
The ASAN gives an error for `psa_cipher_update` when the `input_length`
is 0 and the `input` buffer is `NULL`. The root cause of this issue is
`mbedtls_cipher_update` always need a valid pointer for the
input buffer even if the length is 0.
This fix avoids the `mbedtls_cipher_update` to be called if the
input buffer length is 0.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:49 +00:00
Gabor Mezei
13a15c2390 Add buffer protection for cipher functions 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 16:41:03 +00:00
David Horstmann
98397f0bba Merge branch 'mbedtls-2.28-restricted' into generate-random-buffer-protection-backport 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 14:27:16 +00:00
Signed-off-by: Steven WdV
ffdd957049 Fix compilation on macOS without apple-clang 
Signed-off-by: Steven WdV <swdv@cs.ru.nl>
 2024-02-29 15:23:01 +01:00
tom-daubney-arm
24d60ad716 Merge branch 'mbedtls-2.28-restricted' into backport_asymmetric_encrypt_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-02-28 15:43:48 +00:00
David Horstmann
10e44f3fd1 Add missing guards around exit label 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-28 14:17:49 +00:00
David Horstmann
65bf12ce6b Add buffer copying to psa_generate_random() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-26 18:26:00 +00:00
Gilles Peskine
9721b868a2 Allow null buffers when the length is 0 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 12:38:16 +01:00
Gilles Peskine
c2c74b9cef mbedtls_ecp_write_key: no FEATURE_UNAVAILABLE error 
When exporting a key, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE should not happen.
This error indicates that the curve is not supported, but that would prevent
the creation of the key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 08:54:25 +01:00
tom-daubney-arm
8eafe1525d Merge branch 'mbedtls-2.28-restricted' into backport_mac_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-02-22 15:28:49 +00:00
Thomas Daubney
09cf4f2e78 Decouple if statement in psa_raw_key_agreement exit. 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-22 11:08:22 +00:00
Thomas Daubney
2ea8d8fa3c Revise how output allocation is checked 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-21 15:16:01 +00:00
Thomas Daubney
0736df33ac Check for output allocation before randomising 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-21 12:28:20 +00:00
David Horstmann
0ce9589e36 Merge pull request #1133 from davidhorstmann-arm/copying-aead-2.28 
[Backport 2.28] Copy buffers in AEAD
 2024-02-20 16:07:36 +00:00
Thomas Daubney
26d1c43821 Check output allocated before randomising 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-20 11:26:55 +00:00
Thomas Daubney
3c0c6b1c4b Conditionally include exit label 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-15 14:25:08 +00:00
Thomas Daubney
9da359fc65 Add buffer protection to psa_key_derivation_key_agreement 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-15 14:15:46 +00:00
Thomas Daubney
4304276539 Add buffer protection to psa_raw_key_agreement 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-15 13:47:08 +00:00
David Horstmann
a9cc4cd1cb Merge pull request #1179 from Ryan-Everett-arm/key-derivation-buffer-protection-backport 
[Backport] Add buffer copying to the Key Derivation API
 2024-02-15 11:54:28 +00:00
Tom Cosgrove
75c8e61ce0 Merge pull request #8814 from gilles-peskine-arm/rsa-bitlen-fix-2.28 
Backport 2.28: Fix mbedtls_pk_get_bitlen for a key size that is not a multiple of 8
 2024-02-14 11:18:28 +00:00
David Horstmann
eb77b6f418 Add session config bit for KEEP_PEER_CERTIFICATE 
This config option decides whether the session stores the entire
certificate or just a digest of it, but was missing from the
serialization config bitflag.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-13 18:59:07 +00:00
Janos Follath
09cd7dd96a Merge pull request #8660 from ivq/fix_ecp_comment 
Fix a comment in ecp
 2024-02-13 12:12:10 +00:00
Gilles Peskine
0196f4886a Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes 
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 17:00:48 +01:00
Thomas Daubney
1a6137bbac Implement safe buffer copying in asymm. encryption 
Use local copy buffer macros to implement safe
copy mechanism in asymmetric encryption API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 13:03:16 +00:00
Thomas Daubney
480347d682 Add mac not NULL check before calling memset 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:21:46 +00:00
Thomas Daubney
301491d70c Modify allocation in sign_finish 
Allocate immediately after declaration.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:21:46 +00:00
Thomas Daubney
f298f657c4 Fix code style 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:21:46 +00:00
Thomas Daubney
2bb3a1fa25 Conditionally include exit label 
...on functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:21:46 +00:00
Thomas Daubney
324f7de1dd Implement safe buffer copying in MAC API 
Use buffer local copy macros to implement safe
copy mechanism in MAC API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:20:39 +00:00
Thomas Daubney
cbf0921530 Fix code style 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:51:41 +00:00
Thomas Daubney
5e6b84ae12 Conditionally include exit label 
...on hash functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:51:41 +00:00
Thomas Daubney
62cb36a5f2 Implement safe buffer copying in hash API 
Use local copy buffer macros to implement safe
copy mechanism in hash API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:50:51 +00:00
Ryan Everett
d0d12fb42f Conditionally guard exit label to deter unused label error 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-12 09:19:29 +00:00
Ryan Everett
6f68206b18 Add buffer copying to psa_key_derivation_input_bytes 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-09 16:18:39 +00:00
Ryan Everett
08bd24635d Add buffer copying to psa_key_derivation_output_bytes 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-09 16:15:32 +00:00
Chien Wong
b6d57934bc Reduce many unnecessary static memory consumption 
.data section of ssl_client1 becomes 128 bytes smaller on AMD64.

Signed-off-by: Chien Wong <m@xv97.com>
 2024-02-07 21:48:12 +08:00
Dave Rodgman
5a2e95dcfa Merge pull request #1164 from daverodgman/update-2.28-restricted 2024-02-02 17:45:18 +00:00
Kusumit Ghoderao
bfa27e33ff Fix kdf incorrect initial capacity 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-02-02 19:56:37 +05:30
Ryan Everett
3a4153a768 Conditionally guard exit label to stop unused label error 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
Ryan Everett
30827915a4 Protect buffer in psa_export_public_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
Ryan Everett
e3e760cddb Protect buffer in psa_export_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
Ryan Everett
6b97025466 Protect buffer in psa_import_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:50:51 +00:00
David Horstmann
90b94ff85f Allow GCM IV to be NULL if zero-length 
The operation will still return an error, but the assert-based
validation checks will pass. This allows GCM to work with buffer
copies / local inputs, which may be NULL when they are zero-length.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-01 19:38:22 +00:00
Ørjan Malde
670100f475 fix build for midipix 
Signed-off-by: Ørjan Malde <red@foxi.me>
 2024-01-31 14:14:27 +01:00