Merge pull request #1196 from davidhorstmann-arm/buffer-sharing-merge
Update development-restricted after buffer-sharing work
diff --git a/ChangeLog.d/tls-max-version-reset.txt b/ChangeLog.d/tls-max-version-reset.txt
index 2fa5816..b7c81eb 100644
--- a/ChangeLog.d/tls-max-version-reset.txt
+++ b/ChangeLog.d/tls-max-version-reset.txt
@@ -4,3 +4,4 @@
An attacker was able to prevent an Mbed TLS server from establishing any
TLS 1.3 connection potentially resulting in a Denial of Service or forced
version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e.
+ Fixes CVE-2024-28755.
diff --git a/ChangeLog.d/tls13-only-server.txt b/ChangeLog.d/tls13-only-server.txt
index 9583bfb..736896e 100644
--- a/ChangeLog.d/tls13-only-server.txt
+++ b/ChangeLog.d/tls13-only-server.txt
@@ -8,3 +8,4 @@
- If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
was able to successfully establish a TLS 1.2 connection with the server.
Reported by alluettiv on GitHub.
+ Fixes CVE-2024-28836.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 9d772fc..5ba94c4 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -181,23 +181,6 @@
} \
output_copy = LOCAL_OUTPUT_COPY_OF_##output.buffer;
-/* Allocate a copy of the buffer output and set the pointer output_copy to
- * point to the start of the copy.
- *
- * Assumptions:
- * - psa_status_t status exists
- * - An exit label is declared
- * - output is the name of a pointer to the buffer to be copied
- * - LOCAL_OUTPUT_DECLARE(output, output_copy) has previously been called
- */
-#define LOCAL_OUTPUT_ALLOC_WITH_COPY(output, length, output_copy) \
- status = psa_crypto_local_output_alloc_with_copy(output, length, \
- &LOCAL_OUTPUT_COPY_OF_##output); \
- if (status != PSA_SUCCESS) { \
- goto exit; \
- } \
- output_copy = LOCAL_OUTPUT_COPY_OF_##output.buffer;
-
/* Free the local output copy allocated previously by LOCAL_OUTPUT_ALLOC()
* after first copying back its contents to the original buffer.
*
@@ -229,8 +212,6 @@
uint8_t *output_copy_name = NULL;
#define LOCAL_OUTPUT_ALLOC(output, length, output_copy) \
output_copy = output;
-#define LOCAL_OUTPUT_ALLOC_WITH_COPY(output, length, output_copy) \
- output_copy = output;
#define LOCAL_OUTPUT_FREE(output, output_copy) \
output_copy = NULL;
#endif /* MBEDTLS_PSA_COPY_CALLER_BUFFERS */
@@ -7541,7 +7522,7 @@
return status;
}
- LOCAL_INPUT_ALLOC(peer_key_external, peer_key_length, peer_key)
+ LOCAL_INPUT_ALLOC(peer_key_external, peer_key_length, peer_key);
status = psa_key_agreement_internal(operation, step,
slot,
peer_key, peer_key_length);
@@ -8923,39 +8904,6 @@
return PSA_SUCCESS;
}
-psa_status_t psa_crypto_local_output_alloc_with_copy(uint8_t *output, size_t output_len,
- psa_crypto_local_output_t *local_output)
-{
- psa_status_t status;
- *local_output = PSA_CRYPTO_LOCAL_OUTPUT_INIT;
-
- if (output_len == 0) {
- return PSA_SUCCESS;
- }
- local_output->buffer = mbedtls_calloc(output_len, 1);
- if (local_output->buffer == NULL) {
- /* Since we dealt with the zero-length case above, we know that
- * a NULL return value means a failure of allocation. */
- return PSA_ERROR_INSUFFICIENT_MEMORY;
- }
- local_output->length = output_len;
- local_output->original = output;
-
- status = psa_crypto_copy_input(output, output_len,
- local_output->buffer, local_output->length);
- if (status != PSA_SUCCESS) {
- goto error;
- }
-
- return PSA_SUCCESS;
-
-error:
- mbedtls_free(local_output->buffer);
- local_output->buffer = NULL;
- local_output->length = 0;
- return status;
-}
-
psa_status_t psa_crypto_local_output_free(psa_crypto_local_output_t *local_output)
{
psa_status_t status;
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 4d47594..9462d2e 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -941,25 +941,6 @@
psa_status_t psa_crypto_local_output_alloc(uint8_t *output, size_t output_len,
psa_crypto_local_output_t *local_output);
-/** Allocate a local copy of an output buffer and copy the contents into it.
- *
- * \note This allocates and copies a buffer
- * whose contents will be copied back to the
- * original in a future call to
- * psa_crypto_local_output_free().
- *
- * \param[in] output Pointer to output buffer.
- * \param[in] output_len Length of the output buffer.
- * \param[out] local_output Pointer to a psa_crypto_local_output_t struct to
- * populate with the local output copy.
- * \return #PSA_SUCCESS, if the buffer was successfully
- * copied.
- * \return #PSA_ERROR_INSUFFICIENT_MEMORY, if a copy of
- * the buffer cannot be allocated.
- */
-psa_status_t psa_crypto_local_output_alloc_with_copy(uint8_t *output, size_t output_len,
- psa_crypto_local_output_t *local_output);
-
/** Copy from a local copy of an output buffer back to the original, then
* free the local copy.
*