polarssl

mirror of https://github.com/cuberite/polarssl.git synced 2025-09-30 17:09:41 -04:00

Author	SHA1	Message	Date
David Horstmann	bf4ec79085	Make return statuses unique in FREE_LOCAL_OUTPUT() Previously the return from psa_crypto_local_output_free() had a fixed name, which meant that multiple outputs would cause redefinitions of the same variable. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-11 17:58:56 +00:00
David Horstmann	3e72db4f51	Improve FREE_LOCAL_INPUT() and FREE_LOCAL_OUTPUT() * Set swapped pointers to NULL when the buffers are freed. * Change example name <buffer> to <input> and <output> to reduce confusion. * Document assumptions of FREE_LOCAL_ macros. * Add comment on error case in FREE_LOCAL_OUTPUT(), explaining why it's okay to mask the existing status code. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-11 17:58:56 +00:00
David Horstmann	b7a5b6ed35	Add comment explaining the purpose of header Explain why we have the wrappers in psa_memory_poisoning_wrappers.h Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-11 17:58:56 +00:00
David Horstmann	00d7a04b82	Add more information to comment on test hooks Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-11 17:58:56 +00:00
David Horstmann	bbd44a767f	Add missing license header Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-11 17:58:56 +00:00
David Horstmann	d596862418	Remove unnecessary include directory from CMake Since psa_crypto.c does not include tests/include/test/memory.h, we do not need the tests/include include path. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-11 17:58:56 +00:00
David Horstmann	513101b00f	Add MBEDTLS_PSA_COPY_CALLER_BUFFERS config option This allows us to entirely remove copying code, where the convenience macros are used for copying. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-11 17:58:56 +00:00
David Horstmann	e9a88ab0d5	Use macros to manage buffer copies Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-11 17:58:56 +00:00
David Horstmann	410823730b	Remove write check in driver wrappers tests This check is intended to ensure that we do not write intermediate results to the shared output buffer. This check will be made obselete by generic memory-poisoning-based testing for all functions. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-11 17:58:56 +00:00
David Horstmann	e138dce329	Change to use test-hook-based approach Since we are applying hooks transparently to all tests, we cannot setup and teardown test hooks in the tests. Instead we must do this in the test wrappers which are used to pre-poison and unpoison memory. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-11 17:58:56 +00:00
David Horstmann	c6977b4899	Copy input and output in psa_cipher_encrypt() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-11 17:58:56 +00:00
David Horstmann	8f35a4f003	Create memory poisoning wrapper for cipher encrypt Use the preprocessor to wrap psa_cipher_encrypt in a wrapper that poisons the input and output buffers. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-11 17:58:56 +00:00
David Horstmann	38e4e9c499	Add explicit UNPOISON calls to memory tests These are needed to allow them to operate on buffer copies without triggering ASan use-after-poison detection. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-11 17:58:56 +00:00
David Horstmann	372b8bb6c5	Add memory poisoning hooks Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-11 17:58:56 +00:00
David Horstmann	dbbfdabfd8	Merge pull request #1121 from gilles-peskine-arm/psa-buffers-test-poison Memory poisoning function for Asan	2023-12-11 17:56:13 +00:00
Xiaokang Qian	a9581d2d5f	Fix CI failure of uninitialized fp Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-12-11 01:50:34 +00:00
Tom Cosgrove	656d4b3c74	Avoid use of `ip_len` as it clashes with a macro in AIX system headers Fixes #8624 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-12-08 21:51:15 +00:00
David Horstmann	e04a97a1eb	Move MPI initialization to start of function This prevents a call to mbedtls_mpi_free() on uninitialized data when USE_PSA_INIT() fails. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-08 18:34:15 +00:00
Paul Elliott	0f60c673f0	Merge pull request #8619 from davidhorstmann-arm/fix-selftest-doublefree Fix potential double-free in calloc selftest	2023-12-08 12:23:13 +00:00
Xiaokang Qian	aedfc0932b	Revert to ae952174a7 and addressing some comments Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-12-08 10:43:24 +00:00
Thomas Daubney	f05b768457	Use existing variable containing full path Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2023-12-08 09:47:48 +00:00
Pengyu Lv	f75893bb36	Update comments Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 17:40:00 +08:00
Pengyu Lv	d90fbf7769	Adjuest checks in generate_key_rsa suite Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 17:30:33 +08:00
Pengyu Lv	e9efbc2aa5	Error out when get domain_parameters is not supported From time being, domain_parameters could not be extracted from driver. We need to return error to indicate this situation. This is temporary and would be fixed after #6494. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 17:30:26 +08:00
Janos Follath	f7f88d6443	Fix style Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-12-08 08:41:08 +00:00
Janos Follath	8209ff335e	Make local function static Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-12-08 08:41:08 +00:00
Janos Follath	aa5cc7b930	Add Changelog for the Marvin attack fix Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-12-08 08:41:08 +00:00
Pengyu Lv	94a42ccb3e	Add tls13 in ticket flags helper function names ``` sed -i \ "s/\(mbedtls_ssl\)_\(session_\(\w_\)\?ticket\)/\1_tls13_\2/g" \ library/.[ch] ``` Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 11:12:46 +08:00
Yanray Wang	e9be2a259e	fix-tls13-server-min-version-check.txt: rephrase ChangeLog Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-08 11:00:41 +08:00
Yanray Wang	90acdc65e5	tl13: srv: improve comment Improve comment when received version 1.2 of the protocol while TLS 1.2 is disabled on server side. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-08 11:00:38 +08:00
Yanray Wang	2bef917a3c	tls13: srv: return BAD_PROTOCOL_VERSION if chosen unsupported version Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-08 11:00:35 +08:00
Yanray Wang	177e49ad7a	tls13: srv: improve DEBUG_MSG in case of TLS 1.2 disabled Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-08 11:00:33 +08:00
Yanray Wang	408ba6f7b8	tls13: srv: replace with internal API to check is_tls12_enabled Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-08 11:00:30 +08:00
Pengyu Lv	abd844f379	Fix wrong format in the function doc Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	02e72f65da	Reword return value description for mbedtls_ssl_tls13_is_kex_mode_supported Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	bc4aab7673	Add "_is_" to functions ssl_tls13_key_exchange_._available Done by command: ``` sed -i \ "s/ssl_tls13_key_exchange_\(.\)_available/ssl_tls13_key_exchange_is_\1_available/g" \ library/*.[ch] ``` Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	b2cfafbb9e	Consistent renaming Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	2333b826f4	tls13: srv: rename mbedtls_ssl_tls13_check_kex_modes The function is renamed to `mbedtls_ssl_tls13_is_kex_mode_supported` and the behaviour is reversed. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	0a1ff2b969	Consistent renaming Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	4f537f73fa	tls13: rename mbedtls_ssl_session_check_ticket_flags The function is renamed to mbedtls_ssl_session_ticket_has_flags. Descriptions are added. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	d72e858fd1	tls13: srv: rename ssl_tls13_ticket_permission_check The function is renamed to ssl_tls13_ticket_is_kex_mode_permitted Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:57 +08:00
Pengyu Lv	fc2cb9632b	tls13: rename mbedtls_ssl_conf_tls13_check_kex_modes The function is renamed to mbedtls_ssl_conf_tls13_is_kex_mode_enabled. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:57 +08:00
Pengyu Lv	60a22567e4	tls13: change return value of mbedtls_ssl_conf_tls13_check_kex_modes To keep the convention in TLS code, check functions should return 0 when check is successful. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:57 +08:00
Pengyu Lv	981ec14744	tls13: rename ssl_tls13_check_*_key_exchange functions Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:57 +08:00
Waleed Elmelegy	419f841511	Skip checking on maximum fragment length during handshake MbedTLS currently does not support maximum fragment length during handshake so we skip it for now. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-12-07 18:33:42 +00:00
David Horstmann	64cd2f21ed	Fix potential double-free in calloc selftest Where calloc returns two references to the same buffer, avoid calling free() on both references by setting one to NULL. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-07 14:26:44 +00:00
Ryan Everett	177a45f556	Small clarifications in documentation Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2023-12-07 11:24:30 +00:00
Manuel Pégourié-Gonnard	b8c4254f44	Update cipher light -> block cipher definition Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-12-07 12:12:39 +01:00
Ryan Everett	204c852442	Move psa-thread-safety.md Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2023-12-07 11:05:37 +00:00
Ryan Everett	1e9733c6a8	Add graph Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2023-12-07 11:05:37 +00:00

... 10 11 12 13 14 ...

29406 Commits