7fc0751f78
Restore build options for mbedtls_ecc_group_of_psa() and related functions
...
Additional issue created to simplifiy usage of BUILTIN_KEY_TYPE_xxx && BUILTIN_ALG_yy macros https://github.com/ARMmbed/mbedtls/issues/5596
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-06 20:43:46 +01:00
dcf2ff53c8
Ensure files get closed when they go out of scope
...
This is automatic in CPython but not guaranteed by the language. Be friendly
to other Python implementations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-03-04 20:02:00 +01:00
4a9630a651
Fix typo and align on US spelling
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-03-04 20:00:29 +01:00
70245bee01
Add ChangeLog entry for fix to mbedtls_md_process() test
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-03-04 16:48:49 +00:00
0df1ecd5fd
Fix test_suite_md API violation
...
Add a call to `mbedtls_md_starts()` in the `mbedtls_md_process()`
test, as it violates the API usage. Fixes #2227 .
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-03-04 16:48:17 +00:00
77b69ab971
Remove non-PSA MAC key in mbedtls_ssl_cookie_ctx
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-04 14:45:45 +01:00
23d34ce372
Use PSA HMAC API in ssl_cookie_hmac()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-04 14:45:45 +01:00
d633201279
Import PSA HMAC key in mbedtls_ssl_cookie_setup()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-04 14:45:18 +01:00
f25b16cadd
test_psa_compliance: update tag to fix-pr-5139-3
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-04 14:25:09 +01:00
541318ad70
Refactor ssl_context_info time printing
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-03-04 05:07:45 -05:00
554b820747
Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-03-04 05:07:45 -05:00
469fa95cbc
Add the timing test dependency on MBEDTLS_HAVE_TIME
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-03-04 05:07:45 -05:00
6056e7af4f
Fix benchmark and udp_proxy dependency on MBEDTLS_HAVE_TIME
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-03-04 05:07:45 -05:00
09e803ce0d
Provide a dummy implementation of timing.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-03-04 05:07:45 -05:00
06a00afeec
Fix requirement mismatch in fuzz/common.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-03-04 05:07:45 -05:00
108bf520e0
Add a missing guard for time.h in net_sockets.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-03-04 05:07:45 -05:00
3475b26375
Add a changelog entry
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-03-04 05:07:45 -05:00
61faf665e6
Use $PWD instead of $(pwd) for consistency
...
Change the new baremetal all.sh tests to use $PWD rather than
calling pwd again directly.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2022-03-04 05:07:45 -05:00
ca53459bed
programs/fuzz: Remove superfluous MBEDTLS_HAVE_TIME
...
MBEDTLS_HAVE_TIME_ALT implies MBEDTLS_HAVE_TIME, so an extra
check for MBEDTLS_HAVE_TIME is not needed.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2022-03-04 05:07:45 -05:00
4e0cc40d0f
programs/fuzz: Use build_info.h in common.h
...
Remove direct inclusion of mbedtls_config.h and replace with
build_info.h, as is the convention in Mbed TLS 3.0.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2022-03-04 05:07:45 -05:00
5b9cb9e8ca
programs/test: fix build without MBEDTLS_HAVE_TIME
...
Allow programs/test/udp_proxy.c to build when MBEDTLS_HAVE_TIME is
not defined. In this case, do not attempt to seed the pseudo-random
number generator used to sometimes produce corrupt packets and other
erroneous data.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2022-03-04 05:07:45 -05:00
814c8133c8
tests: add baremetal full config build
...
To be able to test utility programs for an absence of time.h, we need a
baremetal config that is not crypto only. Add one.
Signed-off-by: Daniel Axtens <dja@axtens.net >
2022-03-04 05:07:45 -05:00
9ed9bc9377
programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined
...
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com >
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net >
2022-03-04 05:07:45 -05:00
446af202f6
tests: prevent inclusion of time.h in baremetal compiles
...
baremetal compiles should not include time.h, as MBEDTLS_HAVE_TIME is
undefined. To test this, provide an overriding include directory that
has a time.h which throws a meaningful error if included.
Signed-off-by: Daniel Axtens <dja@axtens.net >
2022-03-04 05:07:45 -05:00
f071024bf8
Do not include time.h without MBEDTLS_HAVE_TIME
...
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."
If that is not defined, do not attempt to include time.h.
A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.
Signed-off-by: Daniel Axtens <dja@axtens.net >
2022-03-04 05:07:45 -05:00
09e34b78ee
Add header guard around malloc(0) returning NULL implementation
...
Make it safe to import the config multiple times without having
multiple definition errors.
(This prevents errors in the fuzzers in a later patch.)
Signed-off-by: Daniel Axtens <dja@axtens.net >
2022-03-04 05:07:45 -05:00
bca99ee0ac
Add PSA key in mbedtls_ssl_cookie_ctx
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-04 10:20:20 +01:00
3f076dfb6d
Fix comments for conditional compilation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-04 09:36:46 +01:00
e87804920a
Use new PSA to mbedtls PK error mapping functions in rsa_decrypt_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:54:16 +01:00
b556a42656
Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:52:47 +01:00
f47135756c
Map INVALID_PADDING from PSA to MbedTLS error in rsa_decrypt_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:52:47 +01:00
0d46786034
Fix style issue in rsa_decrypt_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:52:47 +01:00
f1b564bb8d
Check psa_destroy_key() return in rsa_decrypt_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:52:47 +01:00
18f43c7304
PK: RSA decrypt PSA wrap implementation
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:52:47 +01:00
502da11df1
Initialize PSA crypto in test_suite_pk pk_rsa_decrypt_test_vec() when USE_PSA_CRYPTO is enabled
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:52:47 +01:00
e4edcf761d
Use new PSA to mbedtls PK error mapping functions in ecdsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:46:41 +01:00
ff70f0bf77
Check psa_destroy_key() return in rsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:44:06 +01:00
edcc73c992
Fix 80 characters indentation in ecdsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:44:06 +01:00
dab14de96a
Use now shared ECP_PRV_DER_MAX_BYTES define in pk_wrap.c
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:44:06 +01:00
15021659d1
Move pk_ecdsa_sig_asn1_from_psa() before ecdsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:44:06 +01:00
5874aa38f7
Fix style issue in find_ecdsa_private_key()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:44:06 +01:00
cf5a215a43
Check psa_destroy_key() return in rsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:44:06 +01:00
5b32038ff0
Alternative CSR checks in x509_csr_check when USE_PSA_CRYPTO
...
The X509write x509_csr_check reference file depends on
mbedtls_test_rnd_pseudo_rand being used to match the pre-generated data.
This calls x509_crt_verifycsr() like in x509_csr_check_opaque() when
MBEDTLS_USE_PSA_CRYPTO is defined.
Notably using PSA_ALG_DETERMINISTIC_ECDSA() in ecdsa_sign_wrap() makes
this test run without these changes.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:44:06 +01:00
e960690b89
PK: ECDSA signing PSA wrap implementation
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:44:06 +01:00
db69c5213f
Use new PSA to mbedtls PK error mapping functions in rsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:41:23 +01:00
66fa769ae8
Fix 80 characters indentation in rsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:39:39 +01:00
4b1a059f7d
Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:39:39 +01:00
48a9833cdf
Check psa_destroy_key() return in rsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:39:39 +01:00
e4f28688fd
Fix comment typo in rsa_sign_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:39:39 +01:00
5f8328b2f6
Initialize PSA crypto in test_suite_x509write for RSA signing tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-03 16:39:39 +01:00
