mbedtls

Author	SHA1	Message	Date
Paul Elliott	88f2eb664f	Remove multiplication from conditional assignments Multiplication is not constant flow on any CPU we are generally targetting, so replace this with bit twiddling. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-03-03 15:31:17 +00:00
Gilles Peskine	9264e01730	Update error codes listed in the net_sockets documentation Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-03-03 12:27:17 +01:00
Steven Cooreman	4ff9a29686	Check truncation length explicitly Comparing algorithm with its FULL_LENGTH_MAC version doesn't work in cases where algorithm is a wildcard. Wildcard input is not specified in the documentation of the function, but in order to test the function using the same test as PSA_MAC_LENGTH we're mimicking that behaviour here. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-03 12:07:20 +01:00
Steven Cooreman	58c94d39ae	Make psa_get_mac_output_length testable and test it Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-03 10:37:35 +01:00
Paul Elliott	c48cb80b1f	Prevent false positive CF Test Failures Marked dirty memory ends up in the result buffer after encoding (due to the input having been marked dirty), and then the final comparison to make sure that we got what we expected was triggering the constant flow checker. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-03-02 22:48:40 +00:00
Paul Elliott	c1a895d897	Add further more rigorous tests for base64 Original author was gilles.peskine@arm.com Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-03-02 22:44:37 +00:00
Steven Cooreman	7d4b0d778f	Reuse PSA_MAC_LENGTH in psa_get_mac_output_length Avoid code duplication. Also update the guarantees made by the function doc to match the guarantees given by PSA_MAC_LENGTH. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-02 21:40:03 +01:00
Steven Cooreman	5a17267442	Add a note about why key_type is required Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-02 21:40:03 +01:00
Steven Cooreman	1ac5ce3b91	Make psa_key_policy_algorithm_intersection MAC-length aware This makes it more in-line with how psa_key_policy_permits works. It also adds consistency: the intersection of MAC with default length and MAC with exact-length is now computed correctly in case the exact length equals the default length of the algorithm when used with the given key type. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-02 21:39:26 +01:00
Steven Cooreman	15472f8c70	Clean up psa_mac_setup now that we have an output length calculator Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-02 21:36:33 +01:00
Steven Cooreman	5ad4bf75e3	Move MAC default length checking into psa_key_policy_permits Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-02 21:36:33 +01:00
Steven Cooreman	328f11c50e	Language & readability touchups Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-02 11:44:51 +01:00
Steven Cooreman	e538896ad8	Remove unreferenced static functions when ECP_NO_FALLBACK is used Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-02 10:14:24 +01:00
Ronald Cron	2a0278734b	Merge pull request #4148 from stevew817/add_missing_non_12b_gcm_test_skip Add missing test skip for ALT-implemented GCM (#4010 fix-up)	2021-03-02 09:18:41 +01:00
Paul Elliott	0544d49330	Fix Non CF access to table in base64 decrypt Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-03-01 19:15:43 +00:00
Paul Elliott	6e152fa362	Optimise unneccesary cf table accesses away Also fix missed bare access of base_64_dec_map Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-03-01 18:33:09 +00:00
Paul Elliott	717ba77e52	Fix incorrect assumptions about the size of size_t Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-03-01 17:49:42 +00:00
Steven Cooreman	d788fab4ff	Clarify usage of psa_key_policy_permits Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-01 16:09:24 +01:00
Steven Cooreman	16a05f5881	Add metadata tests intertwining truncated and at-least-length algos Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-01 16:09:24 +01:00
Steven Cooreman	947bb0b06f	Code readability improvements Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-01 16:09:24 +01:00
Steven Cooreman	a1d8322f74	Fix typos & copy-paste errors Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-01 16:09:24 +01:00
Steven Cooreman	fb9cb92055	Move wildcard-to-exercisable conversion to exercise_key in test suite Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-01 16:09:24 +01:00
Steven Cooreman	7e39f05929	Using a wildcard as a specific algorithm now reports invalid argument Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-01 16:03:40 +01:00
Steven Cooreman	ae3f13bf5e	Add more test cases and fix AT_LEAST_THIS_LENGTH against base algorithm Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-01 16:03:40 +01:00
Steven Cooreman	a96e2410e7	Test _AT_LEAST_THIS_LENGTH macros in the PSA Crypto metadata test suite Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-01 16:03:40 +01:00
Steven Cooreman	2c2efa488b	Fix dependency-setting script and test dependencies for new tests Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-01 16:03:39 +01:00
Steven Cooreman	d927ed7901	Rename _MINIMUM_LENGTH flags to _AT_LEAST_THIS_LENGTH Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-01 16:03:39 +01:00
Steven Cooreman	4400c3a44a	Add _AT_LEAST_THIS_LENGTH_ macros to PSA constants test Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-01 16:03:39 +01:00
Steven Cooreman	7de9e2db1f	Language / verbiage fixes Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-01 16:03:39 +01:00
Steven Cooreman	aaec341c9b	Exercise CCM with the right amount of IV bytes in test Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-01 16:03:39 +01:00
Steven Cooreman	5d81481a1c	Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com> # Conflicts: # include/psa/crypto_values.h # tests/suites/test_suite_psa_crypto.data	2021-03-01 16:00:31 +01:00
Steven Cooreman	caad49316b	rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-01 16:00:31 +01:00
Steven Cooreman	37389c768d	Update validity domain of min_tag_length / min_mac_length Review indicated explicit validity domain should be [1, max_alg_length] Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com> # Conflicts: # include/psa/crypto_values.h	2021-03-01 16:00:31 +01:00
Steven Cooreman	0348802247	Remove generic wildcard checks after review feedback Applied specific wildcard checks instead. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com> # Conflicts: # library/psa_crypto.c	2021-03-01 16:00:31 +01:00
Steven Cooreman	ee18b1f5a4	Style and language updates after review Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-03-01 16:00:31 +01:00
Steven Cooreman	b3ce8156ce	Add support for minimum-tag-length AEAD and MAC policies Includes tests. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com> # Conflicts: # include/psa/crypto_values.h # tests/suites/test_suite_psa_crypto.function	2021-03-01 16:00:31 +01:00
gabor-mezei-arm	c6f2480854	Fix documentation Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-03-01 13:57:21 +01:00
gabor-mezei-arm	ceface2247	Add test for ouput buffer size macros Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-03-01 13:57:21 +01:00
Gilles Peskine	34045c1d6a	Merge pull request #4145 from stevew817/fix_return_code Return NOT_SUPPORTED according to the API contract for psa_key_derivation_setup	2021-03-01 13:20:50 +01:00
Gilles Peskine	574cf7b59f	Clarify how a file descriptor could still be more than the limit It can happen if the file descriptor was opened before lowering the limit. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-03-01 11:43:56 +01:00
Gilles Peskine	97c57fe439	Fix sloppiness around stricly less-than vs less or equal Fix sloppy wording around stricly less-than vs less or equal in comments. Also fix an off-by-one error in a comparison which led to calling setrlimit if the limit was exactly the minimum required for the test, which was unnecessary but harmless. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-03-01 11:40:56 +01:00
Gilles Peskine	c8dab5b41e	Fix sloppy wording around stricly less-than vs less or equal Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-03-01 11:39:21 +01:00
Gilles Peskine	e28f236b6b	Document FD_SETSIZE limitation for mbedtls_net_{poll,recv_timeout} Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-02-25 15:56:48 +01:00
Gilles Peskine	ddf4374879	Fix stack buffer overflow in net functions with large file descriptor Fix a stack buffer overflow with mbedtls_net_poll() and mbedtls_net_recv_timeout() when given a file descriptor that is beyond FD_SETSIZE. The bug was due to not checking that the file descriptor is within the range of an fd_set object. Fix #4169 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-02-25 15:56:48 +01:00
Gilles Peskine	6667a78c9b	Add test for mbedtls_net_poll beyond FD_SETSIZE mbedtls_net_poll() and mbedtls_net_recv_timeout() rely on select(), which represents sets of file descriptors through the fd_set type. This type cannot hold file descriptors larger than FD_SETSIZE. Make sure that these functions identify this failure code. Without a proper range check of the file descriptor in the mbedtls_net_xxx function, this test fails when running with UBSan: ``` net_poll beyond FD_SETSIZE ........................................ source/library/net_sockets.c:482:9: runtime error: index 16 out of bounds for type '__fd_mask [16]' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior source/library/net_sockets.c:482:9 in ``` This is a non-regression test for https://github.com/ARMmbed/mbedtls/issues/4169 . The implementation of this test is specific to Unix-like platforms. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-02-25 15:56:48 +01:00
Paul Elliott	3e7908189a	Fixes for MSVC warnings Also added a couple of missing comment blocks. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-02-25 12:28:49 +00:00
gabor-mezei-arm	e86bdcaa11	Fix size macros and its documentation Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-02-25 12:28:32 +01:00
gabor-mezei-arm	fbd9f1e683	Add and update macros for output buffer sizes Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-02-25 12:28:32 +01:00
gabor-mezei-arm	ee6bb560a6	Remove out of scope macros Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-02-25 11:51:46 +01:00
gabor-mezei-arm	8809fb64eb	Add and update size macros for ciphers and keys Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-02-25 11:51:46 +01:00

... 2 3 4 5 6 ...

15015 commits