polarssl

mirror of https://github.com/cuberite/polarssl.git synced 2025-09-12 00:26:27 -04:00

Author	SHA1	Message	Date
David Horstmann	b3301390bd	Mention the CVE number that is fixed Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-13 13:36:43 +00:00
David Horstmann	3aff45584b	Reword ChangeLog entry. Specifically: * Fix a grammatical typo * Mention shared memory * Mention overlap support in the security section * Improve wording Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-13 13:36:43 +00:00
David Horstmann	8b4cea2710	Add bugfix section about buffer sharing Mention that arbitrary overlap is now supported, except whenever MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-12 17:00:37 +00:00
David Horstmann	59c1f53088	Reword ChangeLog entry for shared memory work Specifically: * Clarify that passing shared buffers is now secure by default (not newly supported) * Remove spurious hyphen * Clarify that we do not guarantee copying, but rather guarantee protection, allowing us to implement this differently in future if required. * Mention both protection of inputs from modification and outputs from exposure of intermediate results. * Invert the config option, from an enable-option to a disable-option. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-12 17:00:37 +00:00
David Horstmann	c14cd0dc12	Add ChangeLog for PSA buffer sharing fix Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-11 17:37:01 +00:00
David Horstmann	479448dbc8	Merge pull request #1182 from tom-daubney-arm/backport_key_agreement_buffer_protection [Backport] Implement safe buffer copying in key agreement	2024-03-11 15:10:51 +00:00
tom-daubney-arm	7c89d1f8de	Merge branch 'mbedtls-2.28-restricted' into backport_key_agreement_buffer_protection Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>	2024-03-06 17:35:59 +00:00
Thomas Daubney	9d0fe6e8df	Fix issue with large allocation in tests In test_suite_psa_crypto_op_fail.generated.function the function key_agreement_fail was setting the public_key_length variable to SIZE_MAX which meant that a huge allocation was being attempted. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-03-06 17:34:35 +00:00
David Horstmann	81a14e0dfd	Merge pull request #1168 from gabor-mezei-arm/bp228_buffer_protection_for_cipher [Backport] Buffer protection for cipher functions	2024-03-05 18:43:01 +00:00
Gabor Mezei	f3c3504f5a	Fix merge Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-03-04 17:17:51 +01:00
Gábor Mezei	26bbd8dd4e	Merge branch 'mbedtls-2.28-restricted' into bp228_buffer_protection_for_cipher Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>	2024-03-04 15:39:35 +00:00
David Horstmann	126dc1cd52	Merge pull request #1173 from davidhorstmann-arm/generate-random-buffer-protection-backport [Backport 2.28] Add secure buffer copying to `psa_generate_random()`	2024-03-04 13:23:50 +00:00
Gabor Mezei	ff783e0bda	Do not copy the content to the local output buffer with allocation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-29 16:46:12 +00:00
Gabor Mezei	7f4b7dd382	Remove write check in driver wrappers tests This check is intended to ensure that we do not write intermediate results to the shared output buffer. This check will be made obselete by generic memory-poisoning-based testing for all functions. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-29 16:44:24 +00:00
Gabor Mezei	8677edda6e	Fix buffer protection handling for `cipher_generate_iv` Use the `LOCAL_OUTPUT_` macros for buffer protection instead of the existing local variable. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-29 16:44:24 +00:00
Gabor Mezei	50bcca26b3	Update test wrapper functions for ciper buffer protection Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-29 16:44:23 +00:00
Gabor Mezei	282bb53edc	Add buffer protection for `cipher_generate_iv` and `cipher_set_iv` Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-29 16:44:23 +00:00
Gabor Mezei	ed96d687d7	Move local buffer allocation just before usage Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-29 16:41:50 +00:00
Gabor Mezei	69f680ac9c	Add `LOCAL_OUTPUT_ALLOC_WITH_COPY` macro if buffer protection is disabled Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-29 16:41:49 +00:00
Gabor Mezei	92905be298	Fix ASAN error for `psa_cipher_update` The ASAN gives an error for `psa_cipher_update` when the `input_length` is 0 and the `input` buffer is `NULL`. The root cause of this issue is `mbedtls_cipher_update` always need a valid pointer for the input buffer even if the length is 0. This fix avoids the `mbedtls_cipher_update` to be called if the input buffer length is 0. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-29 16:41:49 +00:00
Gabor Mezei	143864c121	Add test wrapper functions for cipher buffer protection Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-29 16:41:49 +00:00
Gabor Mezei	13a15c2390	Add buffer protection for cipher functions Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-29 16:41:03 +00:00
David Horstmann	98397f0bba	Merge branch 'mbedtls-2.28-restricted' into generate-random-buffer-protection-backport Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 14:27:16 +00:00
David Horstmann	be49b6b239	Merge pull request #1154 from tom-daubney-arm/backport_asymmetric_encrypt_buffer_protection [Backport] Asymmetric encrypt buffer protection	2024-02-29 14:17:10 +00:00
tom-daubney-arm	24d60ad716	Merge branch 'mbedtls-2.28-restricted' into backport_asymmetric_encrypt_buffer_protection Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>	2024-02-28 15:43:48 +00:00
David Horstmann	80de1475a1	Fix incorrect conflict resolution A return statement was missing in the wrapper generation script. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-28 15:16:44 +00:00
David Horstmann	10e44f3fd1	Add missing guards around exit label Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-28 14:17:49 +00:00
David Horstmann	6b01954e09	Merge pull request #1150 from tom-daubney-arm/backport_mac_buffer_protection [Backport] - MAC buffer protection	2024-02-26 19:06:45 +00:00
David Horstmann	4e8215057c	Generate test wrappers for psa_generate_random() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-26 18:26:06 +00:00
David Horstmann	65bf12ce6b	Add buffer copying to psa_generate_random() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-26 18:26:00 +00:00
Thomas Daubney	be060f1e85	Suppress pylint Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-26 13:55:42 +00:00
tom-daubney-arm	8eafe1525d	Merge branch 'mbedtls-2.28-restricted' into backport_mac_buffer_protection Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>	2024-02-22 15:28:49 +00:00
Thomas Daubney	09cf4f2e78	Decouple if statement in psa_raw_key_agreement exit. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-22 11:08:22 +00:00
Thomas Daubney	2ea8d8fa3c	Revise how output allocation is checked Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-21 15:16:01 +00:00
Thomas Daubney	0736df33ac	Check for output allocation before randomising Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-21 12:28:20 +00:00
David Horstmann	0ce9589e36	Merge pull request #1133 from davidhorstmann-arm/copying-aead-2.28 [Backport 2.28] Copy buffers in AEAD	2024-02-20 16:07:36 +00:00
Thomas Daubney	26d1c43821	Check output allocated before randomising Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-20 11:26:55 +00:00
Thomas Daubney	3c0c6b1c4b	Conditionally include exit label Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-15 14:25:08 +00:00
Thomas Daubney	db5d607cb1	Generate test wrappers Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-15 14:18:02 +00:00
Thomas Daubney	9da359fc65	Add buffer protection to psa_key_derivation_key_agreement Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-15 14:15:46 +00:00
Thomas Daubney	4304276539	Add buffer protection to psa_raw_key_agreement Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-15 13:47:08 +00:00
David Horstmann	a9cc4cd1cb	Merge pull request #1179 from Ryan-Everett-arm/key-derivation-buffer-protection-backport [Backport] Add buffer copying to the Key Derivation API	2024-02-15 11:54:28 +00:00
David Horstmann	a2fd778868	Merge pull request #1148 from tom-daubney-arm/backport_hash_buffer_protection [Backport] - Hash buffer protection	2024-02-13 18:17:57 +00:00
Thomas Daubney	2b614f9dad	Generate all test wrappers One was missed due to typo Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 13:07:48 +00:00
Thomas Daubney	d8adccf45d	Generate test wrappers Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 13:07:43 +00:00
Thomas Daubney	1a6137bbac	Implement safe buffer copying in asymm. encryption Use local copy buffer macros to implement safe copy mechanism in asymmetric encryption API. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 13:03:16 +00:00
Thomas Daubney	480347d682	Add mac not NULL check before calling memset Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:21:46 +00:00
Thomas Daubney	301491d70c	Modify allocation in sign_finish Allocate immediately after declaration. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:21:46 +00:00
Thomas Daubney	f298f657c4	Fix code style Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:21:46 +00:00
Thomas Daubney	2bb3a1fa25	Conditionally include exit label ...on functions where the label was only added due to the modifications required by this PR. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-02-12 12:21:46 +00:00

1 2 3 4 5 ...

18600 Commits