ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-30 09:42:32 +08:00
Code Issues Releases Wiki Activity
mbedtls/library
History
Gilles Peskine a1684f42d3 PSA: Reject curves that are not enabled in the PSA configuration 
If an elliptic curve was enabled in the Mbed TLS classic API (#define
MBEDTLS_ECP_DP_xxx), but not enabled in the PSA configuration (#define
PSA_WANT_ECC_xxx), it would still work if you tried to use it through
PSA.

This is generally benign, but could be a security issue if you want to
disable a curve in PSA for some security reason (such as a known bug
in its implementation, which may not matter in the classic API if Mbed
TLS is running in a secure enclave and is only reachable from
untrusted callers through the PSA API). More urgently, this broke
test_suite_psa_crypto_not_supported.generated.

So if a curve is not enabled in the PSA configuration, ensure that
it's treated as unsupported through the PSA software implementation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 13:12:34 +01:00
..
.gitignore
aes.c
Merge pull request #3823 from gabor-mezei-arm/3818_MBEDTLS_AES_SETKEY_DEC_ALT_excludes_MBEDTLS_CIPHER_MODE_XTS
2020-11-09 20:44:08 +01:00
aesni.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
arc4.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
aria.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
asn1parse.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
asn1write.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
base64.c
Code style fixups
2021-03-04 14:34:50 +00:00
bignum.c
mbedtls_mpi_sub_abs: fix buffer overflow in error case
2021-02-01 17:28:03 +01:00
blowfish.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
camellia.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
ccm.c
Fix additional data length field check for CCM
2020-10-08 12:09:44 +02:00
certs.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
chacha20.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
chachapoly.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
check_crypto_config.h
Minor updates to address review comments
2020-11-30 21:06:05 -08:00
cipher_wrap.c
Do not set IV size for ECB mode ciphers
2020-11-06 09:40:21 +01:00
cipher.c
Fix unused param warnings in auth_xxcrypt_ext()
2020-12-07 10:42:21 +01:00
cmac.c
Update comment to only apply to AES-192
2021-01-29 11:09:50 +01:00
CMakeLists.txt
Merge pull request #4157 from stevew817/dispatch_hash_operations
2021-03-17 21:50:00 +01:00
common.h
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
ctr_drbg.c
Document mutex invariant for CTR_DRBG
2021-02-22 19:24:03 +01:00
debug.c
Declare mbedtls_debug_print_msg as printf-like
2021-03-10 17:00:32 +00:00
des.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
dhm.c
Merge development into development-restricted
2020-08-20 11:07:12 +01:00
ecdh.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
ecdsa.c
Fix unused argument when compiling with MBEDTLS_ECDSA_SIGN_ALT
2021-02-10 17:07:20 +01:00
ecjpake.c
Skip tests requiring known entropy for ECJPAKE ALT implementations
2021-01-22 14:23:08 +01:00
ecp_curves.c
Fix uncaught error if fix_negative fails
2020-12-06 22:32:02 +01:00
ecp.c
Remove unreferenced static functions when ECP_NO_FALLBACK is used
2021-03-02 10:14:24 +01:00
entropy_poll.c
Merge pull request #4110 from gilles-peskine-arm/psa-external-random-in-mbedtls
2021-02-22 14:47:29 +00:00
entropy.c
Make entropy double-free work
2021-02-23 11:27:03 +01:00
error.c
Simplify conditional guards in error.c
2020-11-16 15:02:16 +01:00
gcm.c
Allow GCM selftest to skip non-12-byte IVs for ALT implementations
2021-02-10 15:34:52 +01:00
havege.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
hkdf.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
hmac_drbg.c
Document mutex invariant for HMAC_DRBG
2021-02-22 19:24:03 +01:00
Makefile
Merge pull request #4157 from stevew817/dispatch_hash_operations
2021-03-17 21:50:00 +01:00
md2.c
Merge branch 'development' into development-restricted
2020-12-03 09:59:42 +01:00
md4.c
Merge branch 'development' into development-restricted
2020-12-03 09:59:42 +01:00
md5.c
Merge branch 'development' into development-restricted
2020-12-03 09:59:42 +01:00
md.c
Fix wrong \file name in Doxygen comments
2021-02-23 20:29:38 +01:00
memory_buffer_alloc.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
net_sockets.c
Fix sloppy wording around stricly less-than vs less or equal
2021-03-01 11:39:21 +01:00
nist_kw.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
oid.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
padlock.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
pem.c
Remove Extraneous bytes from buffer post pem write
2020-12-07 17:29:42 +00:00
pk_wrap.c
psa: Move from key handle to key identifier
2020-11-10 16:00:41 +01:00
pk.c
psa: Move from key handle to key identifier
2020-11-10 16:00:41 +01:00
pkcs5.c
Merge pull request #731 from gabor-mezei-arm/692_missing_zeroizations_of_sensitive_data
2020-09-18 16:20:13 +02:00
pkcs11.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
pkcs12.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
pkparse.c
fix return code
2020-09-22 11:57:16 +02:00
pkwrite.c
adding parentheses to macro definitions, to avoid confusion and possible mistakes in usage.
2021-02-01 14:26:08 +01:00
platform_util.c
Fixes two _POSIX_C_SOURCE typos.
2020-11-13 09:20:18 +00:00
platform.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
poly1305.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
psa_crypto_client.c
psa: Make sure MBEDTLS_PSA_CRYPTO_CLIENT is defined
2021-02-09 15:36:08 +01:00
psa_crypto_core.h
Move mbedtls_md_info_from_psa into the mbedtls hash driver
2021-03-15 12:14:40 +01:00
psa_crypto_driver_wrappers.c
Simplify compilation guards around hash driver testing
2021-03-16 11:07:55 +01:00
psa_crypto_driver_wrappers.h
Change the way driver context structures are used
2021-03-10 13:00:25 +01:00
psa_crypto_ecp.c
Move mbedtls_md_info_from_psa into the mbedtls hash driver
2021-03-15 12:14:40 +01:00
psa_crypto_ecp.h
psa: Rework ECDSA sign/verify support in the transparent test driver
2021-02-18 15:45:12 +01:00
psa_crypto_hash.c
Simplify compilation guards around hash driver testing
2021-03-16 11:07:55 +01:00
psa_crypto_hash.h
Move mbedtls_md_info_from_psa into the mbedtls hash driver
2021-03-15 12:14:40 +01:00
psa_crypto_invasive.h
Rework MAC algorithm / key type validation
2021-03-03 19:58:02 +01:00
psa_crypto_its.h
Update documentation
2020-11-25 13:10:50 +01:00
psa_crypto_random_impl.h
Work around MSVC bug with duplicate static declarations
2021-02-16 18:55:05 +01:00
psa_crypto_rsa.c
Move mbedtls_md_info_from_psa into the mbedtls hash driver
2021-03-15 12:14:40 +01:00
psa_crypto_rsa.h
psa: Add RSA sign/verify hash support to the transparent test driver
2021-02-18 15:45:06 +01:00
psa_crypto_se.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
psa_crypto_se.h
Update documentation
2020-11-25 13:10:50 +01:00
psa_crypto_service_integration.h
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
psa_crypto_slot_management.c
Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT
2021-02-15 14:26:44 +01:00
psa_crypto_slot_management.h
Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT
2021-02-15 14:26:44 +01:00
psa_crypto_storage.c
Merge pull request #3872 from gabor-mezei-arm/3275_use_PSA_ERROR_DATA_INVALID_where_warranted
2021-02-03 20:54:46 +01:00
psa_crypto_storage.h
Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT
2021-02-15 14:26:44 +01:00
psa_crypto.c
PSA: Reject curves that are not enabled in the PSA configuration
2021-03-23 13:12:34 +01:00
psa_its_file.c
Correct fix for potential truncation
2021-03-10 17:00:32 +00:00
ripemd160.c
Merge branch 'development' into development-restricted
2020-12-03 09:59:42 +01:00
rsa_internal.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
rsa.c
Fix mutex leak in RSA
2021-02-22 19:24:03 +01:00
sha1.c
Merge pull request #731 from gabor-mezei-arm/692_missing_zeroizations_of_sensitive_data
2020-09-18 16:20:13 +02:00
sha256.c
Merge pull request #731 from gabor-mezei-arm/692_missing_zeroizations_of_sensitive_data
2020-09-18 16:20:13 +02:00
sha512.c
Merge branch 'development' into development-restricted
2020-12-03 09:59:42 +01:00
ssl_cache.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
ssl_ciphersuites.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
ssl_cli.c
Fix size_t and longlong specifiers for MinGW
2021-03-10 17:00:32 +00:00
ssl_cookie.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
ssl_invasive.h
Merge pull request #736 from mpg/cf-varpos-copy-dev-restricted
2020-08-25 14:35:55 +01:00
ssl_msg.c
Fix size_t and longlong specifiers for MinGW
2021-03-10 17:00:32 +00:00
ssl_srv.c
Fix size_t and longlong specifiers for MinGW
2021-03-10 17:00:32 +00:00
ssl_ticket.c
Stop using deprecated functions in the library
2020-12-03 12:25:10 +01:00
ssl_tls13_keys.c
Comment on hardcoding of maximum HKDF key expansion of 255 Bytes
2020-09-16 09:50:17 +01:00
ssl_tls13_keys.h
Comment on hardcoding of maximum HKDF key expansion of 255 Bytes
2020-09-16 09:50:17 +01:00
ssl_tls.c
Fix missed size_t printf
2021-03-10 18:17:12 +00:00
threading.c
Explain the usage of is_valid in pthread mutexes
2021-02-22 19:24:03 +01:00
timing.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
version_features.c
Add MBEDTLS_PSA_CRYPTO_CLIENT configuration option
2021-02-01 13:16:01 +01:00
version.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
x509_create.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
x509_crl.c
Merge development into development-restricted
2020-08-20 11:07:12 +01:00
x509_crt.c
Fix memsan build with clang 11
2021-03-05 14:24:03 +00:00
x509_csr.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
x509.c
x509.c: Remove one unnecessary cast
2020-09-01 11:04:53 +02:00
x509write_crt.c
Mark basic constraints critical as appropriate.
2020-09-21 18:25:35 -07:00
x509write_csr.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00
xtea.c
Update copyright notices to use Linux Foundation guidance
2020-08-19 10:35:41 +02:00