GCC 4.6+ complains if a deprecated function calls another.
Working around this universally would require a lot of
preprocessing, this seems to be an easier solution.
Copy mbedtls_pk_error_from_psa code without duplicates
instead of calling the function.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Move all error translation utilities to psa_util.c.
Introduce macros and functions to avoid having
a local copy of the error translating function in
each place.
Identify overlapping errors and introduce a
generic function.
Provide a single macro for all error translations
(unless one file needs a couple of different ones).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Due to a misunderstanding about the purpose of the test, I had limited this to
ECC keys only, however this defeats the purpose of the test, and left gaps in
test coverage.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
When MBEDTLS_USE_PSA_CRYPTO is enabled, the application must call
psa_crypto_init() before directly or indirectly calling cipher or PK code
that will use PSA under the hood. Document this explicitly for some
functions.
To avoid clutter, this commit only documents the need to call
psa_crypto_init() in common, non-obvious cases: parsing a public key
directly or via X.509, or setting up an SSL context. Functions that are
normally only called after such a function (for example, using an already
constructed PK object), or where the need for PSA is obvious because they
take a key ID as argument, do not need more explicit documentaion.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Explicitly document that when using TLS 1.3, you must initialize PSA crypto
before starting a handshake.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The split of ssl_handle_hs_message_post_handshake() into
ssl_tls12_handle_hs_message_post_handshake() and
ssl_tls13_handle_hs_message_post_handshake() fixed some user-visible bugs.
Add a changelog entry for those bugs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This makes no difference when starting from the default configuration. It
allows tls13-only.h to be used with other base configurations such as `full`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
There's no renegotiation in TLS 1.3, so this option should have no effect.
Insist on having it disabled, to avoid the risk of accidentally having
different behavior in TLS 1.3 if the option is enabled (as happened in
https://github.com/Mbed-TLS/mbedtls/issues/6200).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is the only test usable for non-deterministic ECDSA, thus needs this
code path testing as well.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Make sure that not calling get_num_ops() inbetweeen calls to complete() does
not mean that ops get lost (Regression test for previous fix).
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
