lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-23 01:52:40 +03:00
Code Activity
Files
3b380daedbce9fae3e7ed7e84f18e97876e7e6f3
mbedtls/library
History
Gilles Peskine 3b380daedb psa_cipher_finish: treat status and output length as sensitive 
In `psa_cipher_finish()` and in the corresponding function in our built-in
implementation `mbedtls_psa_cipher_finish()`, treat `status` and
`*output_length` as sensitive variables whose value must not leak through a
timing side channel. This is important when doing decryption with unpadding,
where leaking the validity or amount of padding can enable a padding oracle
attack.

With this change, `psa_cipher_finish()` should be constant-time if the
underlying legacy function (including the cipher implementation) is.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-09-08 12:22:39 +02:00
..
.gitignore
Revert "Added generated files"
2025-06-30 18:33:00 +01:00
aes.c
Use optimised counter increment in AES-CTR and CTR-DRBG
2024-01-15 11:45:01 +00:00
aesce.c
Fix remaining warnings from -Wshorten-64-to-32
2024-02-13 13:41:16 +00:00
aesce.h
Merge remote-tracking branch 'origin/development' into msft-aarch64
2023-11-30 11:01:50 +00:00
aesni.c
Add a note about processor memory reordering
2025-06-12 18:30:45 +02:00
aesni.h
Merge pull request #8124 from yanrayw/support_cipher_encrypt_only
2023-11-23 17:43:00 +00:00
alignment.h
Pacify check-names
2024-02-06 15:00:58 +00:00
aria.c
aria: remove leftover in comments
2024-01-30 16:28:09 +01:00
asn1parse.c
pem: do not parse ASN1 data after decryption (removes ASN1 dependency)
2024-02-16 15:26:12 +01:00
asn1write.c
Fix possible UB in mbedtls_asn1_write_raw_buffer()
2025-06-03 11:23:19 +02:00
base64_internal.h
Header updates
2023-11-03 12:21:36 +00:00
base64.c
Improve some explanations
2025-06-11 18:47:31 +02:00
bignum_core_invasive.h
Unit-test mpi_core_div2_mod_odd()
2025-07-18 09:40:14 +02:00
bignum_core.c
Try again to clarify connection with the paper
2025-07-24 12:22:16 +02:00
bignum_core.h
Gracefully handle A_limbs > N_limbs and test it
2025-07-24 11:10:59 +02:00
bignum_internal.h
Update mpi_gcd_invmod_odd() related comments/documentation
2025-08-05 14:33:32 +01:00
bignum_mod_raw_invasive.h
Header updates
2023-11-03 12:21:36 +00:00
bignum_mod_raw.c
Header updates
2023-11-03 12:21:36 +00:00
bignum_mod_raw.h
Header updates
2023-11-03 12:21:36 +00:00
bignum_mod.c
Header updates
2023-11-03 12:21:36 +00:00
bignum_mod.h
Header updates
2023-11-03 12:21:36 +00:00
bignum.c
Merge pull request #1408 from mpg/improve-gcd-3.6
2025-08-13 19:44:57 +01:00
block_cipher_internal.h
block_cipher: add encrypt()
2023-11-10 12:14:53 +01:00
block_cipher.c
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-03-22 14:46:04 -04:00
bn_mul.h
Header updates
2023-11-03 12:21:36 +00:00
camellia.c
Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only
2023-11-23 10:31:26 +08:00
ccm.c
ccm.c: Return early when ccm* is used without tag.
2024-08-22 16:39:10 +01:00
chacha20.c
Header updates
2023-11-03 12:21:36 +00:00
chachapoly.c
Header updates
2023-11-03 12:21:36 +00:00
check_crypto_config.h
Header updates
2023-11-03 12:21:36 +00:00
cipher_invasive.h
Switch legacy cipher to constant-time invalid padding reporting
2025-08-08 15:14:47 +02:00
cipher_wrap.c
Constify cipher_wrap:mbedtls_cipher_base_lookup_table
2025-04-18 09:24:36 +02:00
cipher_wrap.h
Constify cipher_wrap:mbedtls_cipher_base_lookup_table
2025-04-18 09:24:36 +02:00
cipher.c
Switch legacy cipher to constant-time invalid padding reporting
2025-08-08 15:14:47 +02:00
cmac.c
Merge branch 'development' into 'development-restricted'
2024-03-19 22:24:40 +00:00
CMakeLists.txt
Version bump 3.6.4
2025-06-25 14:07:55 +01:00
common.h
Replace __attribute__((nonstring)) with macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING
2025-06-12 11:13:33 +01:00
constant_time_impl.h
Tiny fix in library/constant_time_impl.h
2024-08-06 16:26:41 +01:00
constant_time_internal.h
Header updates
2023-11-03 12:21:36 +00:00
constant_time.c
Remove unused code
2023-12-01 13:53:45 +00:00
ctr_drbg.c
Reorder blocks to avoid double negations
2024-07-17 12:21:21 +02:00
ctr.h
Add header guards
2024-01-17 11:06:31 +00:00
debug_internal.h
debug: move internal functions declarations to an internal header file
2024-01-18 15:30:46 +01:00
debug.c
debug: move internal functions declarations to an internal header file
2024-01-18 15:30:46 +01:00
des.c
Header updates
2023-11-03 12:21:36 +00:00
dhm.c
Use MBEDTLS_GET_UINTxx_BE macro
2023-11-21 17:09:46 +00:00
ecdh.c
echd: Added mbedtls_ecdh_get_grp_id getter.
2024-02-29 13:31:34 +00:00
ecdsa.c
Header updates
2023-11-03 12:21:36 +00:00
ecjpake.c
Use size_t cast for pointer subtractions
2023-11-21 17:09:46 +00:00
ecp_curves_new.c
lib: remove NULL pointer checks performed with MBEDTLS_INTERNAL_VALIDATE[_RET]
2024-01-29 12:00:15 +01:00
ecp_curves.c
Merge pull request #8665 from ivq/reduce_static_mem
2024-02-07 23:26:27 +00:00
ecp_internal_alt.h
Header updates
2023-11-03 12:21:36 +00:00
ecp_invasive.h
Header updates
2023-11-03 12:21:36 +00:00
ecp.c
Update tf-psa-crypto/drivers/builtin/src/ecp.c
2025-01-23 15:31:35 +00:00
entropy_poll.c
Fixed issue of redefinition warning messages for _GNU_SOURCE
2024-05-02 14:27:44 +05:30
entropy_poll.h
Header updates
2023-11-03 12:21:36 +00:00
entropy.c
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-03-22 14:46:04 -04:00
gcm.c
Check gcc version
2024-03-13 09:55:33 +00:00
hkdf.c
Header updates
2023-11-03 12:21:36 +00:00
hmac_drbg.c
Header updates
2023-11-03 12:21:36 +00:00
lmots.c
Built-in lms/lmots driver: Harden public key import against enum truncation
2025-06-04 15:54:46 +01:00
lmots.h
Use standard byte conversion fns in lms
2023-11-21 17:09:46 +00:00
lms.c
lms.c: Updated documentation
2025-06-06 14:35:07 +01:00
Makefile
Revert "Added generated files"
2025-06-30 18:33:00 +01:00
md5.c
Header updates
2023-11-03 12:21:36 +00:00
md_psa.h
md: move PSA conversion functions from md_psa.h to psa_util.h
2024-01-02 13:26:04 +01:00
md_wrap.h
Header updates
2023-11-03 12:21:36 +00:00
md.c
md: fix guards for mbedtls_md_error_from_psa()
2024-05-02 18:18:45 +02:00
memory_buffer_alloc.c
Header updates
2023-11-03 12:21:36 +00:00
mps_common.h
Fix some non-standard headers
2023-11-03 12:24:58 +00:00
mps_error.h
Fix some non-standard headers
2023-11-03 12:24:58 +00:00
mps_reader.c
Fix some non-standard headers
2023-11-03 12:24:58 +00:00
mps_reader.h
Fix some non-standard headers
2023-11-03 12:24:58 +00:00
mps_trace.c
Fix some non-standard headers
2023-11-03 12:24:58 +00:00
mps_trace.h
Fix some non-standard headers
2023-11-03 12:24:58 +00:00
net_sockets.c
Make mbedTLS compile with MS-DOS DJGPP
2024-12-01 10:31:50 +01:00
nist_kw.c
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-03-22 14:46:04 -04:00
oid.c
Merge remote-tracking branch 'upstream/development' into pkcs5_aes_new
2024-02-08 14:26:29 +00:00
padlock.c
Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only
2023-11-23 10:31:26 +08:00
padlock.h
Header updates
2023-11-03 12:21:36 +00:00
pem.c
Add fix for PEM underflow
2025-06-04 10:06:26 +01:00
pk_ecc.c
pk_ecc: fix documentation
2024-03-11 09:48:40 +01:00
pk_internal.h
pk_ecc: fix documentation
2024-03-11 09:48:40 +01:00
pk_wrap.c
pk_wrap: fix algorithm selection in rsa_opaque_decrypt()
2024-03-20 15:42:55 +01:00
pk_wrap.h
pk_wrap: remove last references to MBEDTLS_PSA_CRYPTO_C
2023-12-20 12:59:57 +02:00
pk.c
psa: allow to use static key buffers instead of dynamic ones
2024-10-22 13:31:19 +02:00
pkcs5.c
pkcs[5/12]: add CIPHER_C for [en/de]crypting functions
2023-12-21 16:39:04 +01:00
pkcs7.c
x509: move internal functions declarations to a private header
2024-01-19 09:07:35 +01:00
pkcs12.c
pkcs[5/12]: add CIPHER_C for [en/de]crypting functions
2023-12-21 16:39:04 +01:00
pkparse.c
pk: move ECC setters to a separate file
2024-03-11 09:48:40 +01:00
pkwrite.c
pkwrite: fix buffer overrun
2024-10-14 10:37:00 +02:00
pkwrite.h
pkwrite: add new internal symbol for the max supported public key DER length
2024-03-20 17:10:35 +01:00
platform_util.c
Fix typo in platform_util.c
2024-07-11 17:31:22 +03:00
platform.c
Header updates
2023-11-03 12:21:36 +00:00
poly1305.c
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_aead.c
Don't access psa_key_attributes_t.core
2024-02-28 01:30:24 +01:00
psa_crypto_aead.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_cipher.c
psa_cipher_finish: treat status and output length as sensitive
2025-09-08 12:22:39 +02:00
psa_crypto_cipher.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_client.c
Remove domain parameters from psa_key_attributes_t
2024-02-26 16:57:30 +01:00
psa_crypto_core_common.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_core.h
psa: move definition of psa_can_do_hash() to crypto_extra.h
2025-02-21 15:01:04 +01:00
psa_crypto_driver_wrappers_no_static.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_ecp.c
mbedtls_psa_ecp_generate_key: don't calculate the public key
2024-10-30 12:18:16 +01:00
psa_crypto_ecp.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_ffdh.c
Don't access psa_key_attributes_t.core
2024-02-28 01:30:24 +01:00
psa_crypto_ffdh.h
psa_crypto_ffdh: move dhm.h inclusion to c file
2024-01-26 09:35:18 +01:00
psa_crypto_hash.c
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_hash.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_invasive.h
Change to use test-hook-based approach
2023-12-11 17:58:56 +00:00
psa_crypto_its.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_mac.c
Grammar in comments
2025-05-13 11:53:31 +02:00
psa_crypto_mac.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_pake.c
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_pake.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_random_impl.h
Force MBEDTLS_PSA_HMAC_DRBG_MD_TYPE based on CTR_DRBG
2024-07-25 18:24:59 +02:00
psa_crypto_rsa.c
Free allocated memory where methods were returning without freeing
2024-08-19 11:50:10 +01:00
psa_crypto_rsa.h
Documentation improvements
2024-08-06 13:13:05 +02:00
psa_crypto_se.c
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_se.h
Header updates
2023-11-03 12:21:36 +00:00
psa_crypto_slot_management.c
fix: additional MSVC v142 build issue with tls1.3 configuration enabled.
2025-06-18 10:13:54 +02:00
psa_crypto_slot_management.h
Clarify some internal documentation
2024-08-09 14:04:46 +02:00
psa_crypto_storage.c
Switch key slots to psa_key_attributes_t
2024-02-28 01:30:24 +01:00
psa_crypto_storage.h
psa: move default definition of MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
2024-10-22 13:31:19 +02:00
psa_crypto.c
psa_cipher_finish: treat status and output length as sensitive
2025-09-08 12:22:39 +02:00
psa_its_file.c
Use MBEDTLS_GET_UINTxx_BE macro
2023-11-21 17:09:46 +00:00
psa_util_internal.h
psa_util: change guard for mbedtls_psa_get_random() to CRYPTO_CLIENT
2024-02-29 16:14:29 +01:00
psa_util.c
mbedtls_ecdsa_raw_to_der and mbedtls_ecdsa_der_to_raw: reject bits==0
2024-10-28 10:09:18 +01:00
ripemd160.c
Header updates
2023-11-03 12:21:36 +00:00
rsa_alt_helpers.c
Header updates
2023-11-03 12:21:36 +00:00
rsa_alt_helpers.h
rsa: introduce rsa_internal_rsassa_pss_sign_no_mode_check()
2023-12-20 12:59:57 +02:00
rsa_internal.h
rsa_internal: fix documentation for mbedtls_rsa_parse_key()
2024-02-05 08:48:39 +01:00
rsa.c
Add header for mbedtls_mpi_exp_mod_unsafe()
2024-08-22 15:00:09 +01:00
sha1.c
Header updates
2023-11-03 12:21:36 +00:00
sha3.c
Merge pull request #8822 from daverodgman/sha3-perf
2024-03-12 13:14:40 +00:00
sha256.c
Fix Mbed-TLS build when WIN32_LEAN_AND_MEAN macro is defined globally
2024-08-14 15:22:37 -07:00
sha512.c
Support SHA-512 hwcap detection on old libc
2024-01-30 15:31:42 +00:00
ssl_cache.c
Header updates
2023-11-03 12:21:36 +00:00
ssl_ciphersuites_internal.h
ssl_ciphersuites: move internal functions declarations to a private header
2024-01-18 15:08:28 +01:00
ssl_ciphersuites.c
library/tests: replace md_psa.h with psa_util.h as include file for MD conversion
2024-01-02 13:27:32 +01:00
ssl_client.c
Access ssl->hostname through abstractions
2025-02-13 21:24:01 +01:00
ssl_client.h
Header updates
2023-11-03 12:21:36 +00:00
ssl_cookie.c
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-03-22 14:46:04 -04:00
ssl_debug_helpers.h
tls13: cli: Split early data user status and internal state
2024-03-12 17:48:15 +01:00
ssl_misc.h
Fix #endif comment
2025-04-16 11:20:50 +02:00
ssl_msg.c
Fixed some minor typos in comments.
2025-06-19 15:15:30 +01:00
ssl_ticket.c
Fix NULL argument handling in mbedtls_xxx_free() functions
2024-03-22 14:46:04 -04:00
ssl_tls12_client.c
Fixed some minor typos in comments.
2025-06-19 15:15:30 +01:00
ssl_tls12_server.c
Always call mbedtls_ssl_handshake_set_state
2025-04-01 10:39:04 +02:00
ssl_tls13_client.c
Added debug print in tls13 ssl_tls13_write_key_share_ext
2024-12-09 20:16:48 +01:00
ssl_tls13_generic.c
Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.1rc0-pr
2024-08-28 20:48:27 +01:00
ssl_tls13_invasive.h
Header updates
2023-11-03 12:21:36 +00:00
ssl_tls13_keys.c
Replace __attribute__((nonstring)) with macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING
2025-06-12 11:13:33 +01:00
ssl_tls13_keys.h
Replace __attribute__((nonstring)) with macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING
2025-06-12 11:13:33 +01:00
ssl_tls13_server.c
Reduce the level of logging used in tests
2025-03-14 09:21:59 +01:00
ssl_tls.c
Mark ssl_tls12_preset_suiteb_sig_algs const
2025-05-19 20:48:13 +01:00
threading.c
Update references to test helpers
2024-11-14 14:19:40 +00:00
timing.c
Header updates
2023-11-03 12:21:36 +00:00
version.c
Header updates
2023-11-03 12:21:36 +00:00
x509_create.c
Fix undocumented free() in x509_string_to_names()
2025-05-05 16:44:18 +02:00
x509_crl.c
x509: move internal functions declarations to a private header
2024-01-19 09:07:35 +01:00
x509_crt.c
Fix Mbed-TLS build when WIN32_LEAN_AND_MEAN macro is defined globally
2024-08-14 15:22:37 -07:00
x509_csr.c
x509: move internal functions declarations to a private header
2024-01-19 09:07:35 +01:00
x509_internal.h
Un-unrestore mbedtls_x509_string_to_names()
2024-02-26 13:59:43 +00:00
x509.c
x509: move internal functions declarations to a private header
2024-01-19 09:07:35 +01:00
x509write_crt.c
Restore behaviour of mbedtls_x509write_set_foo_name()
2025-05-05 16:49:45 +02:00
x509write_csr.c
Restore behaviour of mbedtls_x509write_set_foo_name()
2025-05-05 16:49:45 +02:00
x509write.c
x509: move internal functions declarations to a private header
2024-01-19 09:07:35 +01:00