Lines Matching refs:not

12 … specification). Legacy crypto, X.509, TLS, or any other function which is not called `psa_xxx` is…
35 …his models an ideal world where the content of input and output buffers is not accessible outside …
58 …s the calculation, leading to an outcome that would not be possible if the intermediate data had n…
60 …badly formatted data into the buffer, so that the private-key operation is not a valid signature (…
62 …are under the attestation application's control, and the final client must not be able to obtain a…
72 …encrypts some data, and lets its clients store the ciphertext. Clients may not have access to the …
74 …vice on behalf of multiple clients, using a single shared key. Clients are not allowed to access e…
84 … This is a security violation if the key policy only allowed the client to encrypt, not to decrypt.
96 …ly with whole-program optimization) may optimize the copy away, if it does not understand that cop…
107 …rcumstances. It is ok to write data that is independent of the inputs (and not otherwise confident…
128 …inst buffers in shared memory. The responsibility shifts to (1) or (2), but this is not documented.
136 …ence, especially with output buffers. However, as of Mbed TLS 3.5.0, it is not done systematically.
138not in shared memory. However, the location of the buffer is not under the control of Mbed TLS. Th…
142 …thm.) It also increases the risk to the ecosystem since some drivers might not protect correctly. …
152 … **small buffers**, the cost of copying is low. For many of those, the risk of not copying is high:
157 …l enough that copying the data is not prohibitive. For example, an RSA key fits in a small buffer.…
162 …* Note that this does not include inputs or outputs that are not processed by an asymmetric primit…
180 (Note that this is about raw byte output, not about cooked key derivation, i.e. deriving a structur…
186 …yption is at risk of [write-write disclosure](#write-write-disclosure) when the tag does not match.
192 * with SIV modes (not yet present in the PSA API, but likely to come one day) (one full pass to cal…
194 …rlapping cases correctly, which is otherwise hard to do portably (C99 does not offer an efficient,…
198 …ed to, since it is supposed to support arbitrary overlap, although this is not always the case in …
202 … at which point the dispatch layer shall copy the input for modes that are not known to be low-ris…
206 …echanism implemented in Mbed TLS 3.5. This is not true for PureEdDSA (`#PSA_ALG_PURE_EDDSA`), whic…
208 …patch layer shall copy the input for algorithms such as PureEdDSA that are not known to be low-ris…
216 * The core (dispatch layer) shall make a copy of the following buffers, so that drivers do not rece…
246 …aviour is preserved by all major compilers then assume that compiler optimization is not a problem.
248 …tile` keyword to force the compiler not to optimize accesses to the copied buffers. If the `volati…
259 * Any complexity needed to prevent the compiler optimizing copies away does not have to be duplicat…
271 …d for performance. Multipart APIs are designed in part for systems that do not have time to perfor…
279 … the intermediate calls to the driver's `update()` returns an error, it is not possible for the dr…
293 …st drivers check that needs-copying arguments are within the library pool, not within the test poo…
316 …is would not be the case if we relied on the library's copy function to do the poisoning: that wou…
323 …ffers only, since it allows us to detect when a poisoned buffer is read but not when it is written.
326 …copy of random data with the original to ensure that the output buffer has not been written direct…
330not use any sanitizers. However, it requires the memory poisoning test hooks to maintain extra cop…
336 > This function is not guaranteed to poison the whole region - it may poison only subregion of [add…
340 … it's remotely possible that this will cause other problems. Valgrind does not appear to have this…
355 …s of parameters passed to the driver, so extra coverage in these parameters does not gain anything.
363 …ieve, the extra coverage and time saved on new tests will be a benefit. If not, writing new tests …
371 * Does not require complex linking against different versions of `malloc()` (as is the case with th…
382not copied, it is important that we validate that the builtin drivers are correctly accessing thei…
399 Checking that a memory location is not accessed more than once may be achieved by using `mprotect()…
405 …includes changing parameters of a syscall that's about to be executed, but not directly cause the …
477 With this complexity in mind it does not seem feasible to run careful-access tests using existing t…
494 …hanisms to bypass the copy and process buffers directly in builds that are not affected by shared …
568 Some PSA functions may not use these convenience functions as they may have local optimizations tha…
616 …passed to PSA functions, it is useful to be able to disable it where it is not needed, to save cod…
618 …put buffers. When `MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS` is set, the macros do not perform copying.
666 The test wrappers are generated by a script, although they are not automatically generated as part …