1e23f938cb
Merge pull request #8817 from daverodgman/iar-pk-fix
...
Compiler warning fixes
2024-02-13 16:33:24 +00:00
8fe2e36de5
Merge pull request #8801 from gilles-peskine-arm/sha3-no-table
...
Inline the SHA3 parameters table into a switch
2024-02-13 14:06:44 +00:00
b4cb8bef42
Fix remaining warnings from -Wshorten-64-to-32
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2024-02-13 13:41:16 +00:00
aa74165948
Fix IAR cast warning
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2024-02-13 13:40:26 +00:00
1d33876d37
Fix some preprocessor guards
...
Fix the build in some configurations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-02-12 19:07:45 +01:00
fc3d866ad2
mbedtls_pk_import_into_psa: implement and test
...
Implement mbedtls_pk_import_into_psa for all PK types except RSA_ALT.
This covers importing a key pair, importing a public key and importing
the public part of a key pair.
Test mbedtls_pk_import_into_psa() with the output of
mbedtls_pk_get_psa_attributes(). Also unit-test mbedtls_pk_import_into_psa()
on its own to get extra coverage, mostly for negative cases.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-02-12 17:32:44 +01:00
6adbb2a351
Implement safe buffer copying in asymm. encryption
...
Use local copy buffer macros to implement safe
copy mechanism in asymmetric encryption API.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:48:36 +00:00
91ce792253
Fix return code error when locking mutex
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com >
2024-02-12 12:17:28 +00:00
03f1ea3624
Change condition on wiping tag buffer
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:07:38 +00:00
1ffc5cb4a5
Modify allocation and buffer wiping in sign_finish
...
Allocate immediately after declaration and only wipe
tag buffer if allocation didn't fail.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:07:38 +00:00
7480a74cba
Fix code style
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:07:38 +00:00
c6705c6cb2
Conditionally include exit label
...
... on MAC functions where the label was only added
due to the modifications required by this PR.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:07:38 +00:00
8db8d1a83e
Implement safe buffer copying in MAC API
...
Use buffer local copy macros to implement safe
copy mechanism in MAC API.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:07:02 +00:00
d2411565ce
Fix code style
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 11:43:07 +00:00
dedd1006b6
Conditionally include exit label
...
...on hash functions where the label was only added
due to the modifications required by this PR.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 11:43:07 +00:00
51ffac9f40
Implement buffer copy code in psa_hash_compare
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 11:34:02 +00:00
31d8c0bdb4
Make new internal function static
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 11:34:02 +00:00
1c5118e58c
Implement safe buffer copying in hash API
...
Use local copy buffer macros to implement safe
copy mechanism in hash API.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 11:34:02 +00:00
92fb604139
Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes
...
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-02-12 11:24:08 +01:00
19f1adfc69
New function mbedtls_rsa_get_bitlen()
...
Document, implement and test mbedtls_rsa_get_bitlen().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-02-12 11:23:05 +01:00
e02b63ac89
Merge branch 'Mbed-TLS:development' into threadsafe-key-locking
2024-02-12 10:04:07 +00:00
f741db3d6e
Merge pull request #8764 from Ryan-Everett-arm/threadsafe-key-wiping
...
Make key destruction thread safe
2024-02-12 09:37:59 +00:00
2e2af414d0
Merge pull request #7604 from zvolin/feature/pkcs5-aes
...
Add AES encrypted keys support for PKCS5 PBES2
2024-02-10 08:46:18 +00:00
7175d71328
Remove unnecessary setting of status variable
...
The status is guaranteed to be PSA_SUCCESS at these points, so setting
them is redundant.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2024-02-09 18:20:05 +00:00
a6ac0f1330
Replaced MBEDTLS_GCM_LARGETABLE by MBEDTLS_GCM_LARGE_TABLE. Removed empty comment line in doc block.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com >
2024-02-09 17:11:54 +01:00
ee5920a7d5
Fix error path in psa_key_derivation_output_bytes
...
Co-authored-by: David Horstmann <david.horstmann@arm.com >
Signed-off-by: Ryan Everett <ryan.everett@arm.com >
2024-02-09 15:09:28 +00:00
9dc076b4f4
Fix issue with lock failures returning CORRUPTION_DETECTED
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com >
2024-02-09 14:20:09 +00:00
7fee4f7318
Fix mutex unlock error handling in psa_destroy_key
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com >
2024-02-09 14:11:27 +00:00
10902c5640
Use NULL for pointer initialization
...
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com >
Signed-off-by: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com >
2024-02-09 11:14:50 +01:00
a93e25e749
tls12: Fix documentation of TLS 1.2 session serialized data
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-09 10:01:30 +01:00
2653e92a57
pem: fix valid data length returned by mbedtls_pem_read_buffer()
...
ctx->buflen now returns the amount of valid data in ctx->buf.
Unencrypted buffers were already ok, but encrypted ones were
used to return the length of the encrypted buffer, not the
unencrypted one.
This commit fix this behavior for encrypted buffers.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-02-09 06:42:18 +01:00
b1f6d2ad6f
asn1: enable mbedtls_asn1_get_tag() when PEM_PARSE_C is defined
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-02-09 06:42:18 +01:00
9de84bd677
rsa: reject buffers with data outside main SEQUENCE when parsing keys
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-02-09 06:42:18 +01:00
791fc2e24c
Merge remote-tracking branch 'upstream/development' into pkcs5_aes_new
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com >
2024-02-08 14:26:29 +00:00
782667883a
Fix:
...
- Remove unnecessary tests.
- Update description of MBEDTLS_GCM_LARGETABLE parameter.
- Move acceleration defines from gcm.h to gcm.c.
- Remove unnecessary zero setting after shift.
- Fix implementation for big-endian architectures.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com >
2024-02-08 13:59:15 +01:00
7a28738205
Merge pull request #8636 from paul-elliott-arm/new_test_thread_interface
...
New test thread interface
2024-02-08 12:35:40 +00:00
195c0bc24e
tls: Reset TLS maximum negotiable version
...
When reseting an SSL context with
mbedtls_ssl_session_reset() reset
the TLS maximum negotiable version
as configured.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-08 11:54:55 +01:00
a3172d1e96
Inline the SHA3 parameters table into a switch
...
This saves a few bytes of code size.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-02-08 10:47:08 +01:00
b7307630bb
Merge pull request #8703 from valeriosetti/issue7765-guards-in-asn1
...
Conversion function between raw and DER ECDSA signatures (guards in ASN1)
2024-02-08 08:45:30 +00:00
7bf1e98f44
Merge pull request #8740 from valeriosetti/issue8647
...
Move RSA basic key parsing/writing to rsa.c
2024-02-08 08:35:42 +00:00
c8de362202
Merge pull request #8665 from ivq/reduce_static_mem
...
Reduce many unnecessary static memory consumption
2024-02-07 23:26:27 +00:00
5d2e82f0ce
Guard memcpy so that it won't fail on null input pointer
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com >
2024-02-07 17:32:16 +00:00
b41c3c9582
Guard the exit to stop unused label warning
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com >
2024-02-07 17:32:16 +00:00
da9227de7c
Fix psa_key_derivation_output_bytes
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com >
2024-02-07 17:32:16 +00:00
f943e22bb9
Protect key_derivation_output_bytes
...
If the alloc fails I belive it is okay to preserve the algorithm.
The alloc cannot fail with BAD_STATE, and this setting is only used
to differentiate between a exhausted and blank.
Signed-off-by: Ryan Everett <ryan.everett@arm.com >
2024-02-07 17:32:16 +00:00
d1e398c374
Protect psa_key_derivation_input_bytes
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com >
2024-02-07 17:32:16 +00:00
1910390b4a
psa_util: improve leading zeros check in convert_der_to_raw_single_int()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-02-07 16:16:58 +01:00
0767fdadbf
Enhance GCM throughput using larger precalculated tables. Also refactored the code for shorter tables and moved the check for available accelerators to the context initialization code.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com >
2024-02-07 13:17:50 +01:00
1d7bc1ecdf
Merge pull request #8717 from valeriosetti/issue8030
...
PSA FFDH: feature macros for parameters
2024-02-07 10:06:03 +00:00
57a0957938
Merge pull request #8788 from daverodgman/old-gcc-alignment-bug
...
Change unaligned access method for old gcc
2024-02-07 09:31:45 +00:00
