a4486ceff2
scripts/bump_version.sh: update pkgconfig version
...
Bump the version number in pkgconfig/CMakeLists.txt so the package
config files stay in sync with the project VERSION.
This is Related to:
- aa4862a5ebill.roberts@arm.com >
2024-02-23 09:09:17 -06:00
202a16329d
pkg-config: add initial pkg-config files
...
Add three package config files for mbedtls, mbedcrypto and mbedx509.
Also update various project variables so the generated PC files have the
required data needed without hardcoding it everywhere.
This will help distros package the project following existing
conventsions between a normal and -devel package that includes the
headers and .pc files for pkg-config aware consumers.
This also squashes:
- fff51ceccFixes : #228
Signed-off-by: Bill Roberts <bill.roberts@arm.com >
2024-02-23 09:07:59 -06:00
8eafe1525d
Merge branch 'mbedtls-2.28-restricted' into backport_mac_buffer_protection
...
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com >
2024-02-22 15:28:49 +00:00
09cf4f2e78
Decouple if statement in psa_raw_key_agreement exit.
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-22 11:08:22 +00:00
36e6bd6926
Merge pull request #8811 from gilles-peskine-arm/pk_import_into_psa-backports-2.28
...
Backport 2.28: bugs fixed in "Implement mbedtls_pk_import_into_psa"
2024-02-21 15:45:21 +00:00
2ea8d8fa3c
Revise how output allocation is checked
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-21 15:16:01 +00:00
0736df33ac
Check for output allocation before randomising
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-21 12:28:20 +00:00
0ce9589e36
Merge pull request #1133 from davidhorstmann-arm/copying-aead-2.28
...
[Backport 2.28] Copy buffers in AEAD
2024-02-20 16:07:36 +00:00
26d1c43821
Check output allocated before randomising
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-20 11:26:55 +00:00
53e5adfca4
Merge pull request #8841 from BensonLiou/use_init_api-228
...
use mbedtls_ssl_session_init() to init session variable
2024-02-19 15:49:29 +00:00
6805ff7892
use mbedtls_ssl_session_init() to init session variable
...
Use mbedtls_ssl_session_init() to init variable just like
session-family APIs described
Signed-off-by: Benson Liou <benson.liou@sony.com >
2024-02-17 00:19:10 +08:00
049ea32931
Fix copypasta
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-02-15 15:32:47 +01:00
3c0c6b1c4b
Conditionally include exit label
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-15 14:25:08 +00:00
db5d607cb1
Generate test wrappers
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-15 14:18:02 +00:00
9da359fc65
Add buffer protection to psa_key_derivation_key_agreement
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-15 14:15:46 +00:00
4304276539
Add buffer protection to psa_raw_key_agreement
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-15 13:47:08 +00:00
a9cc4cd1cb
Merge pull request #1179 from Ryan-Everett-arm/key-derivation-buffer-protection-backport
...
[Backport] Add buffer copying to the Key Derivation API
2024-02-15 11:54:28 +00:00
7ebb3c5d01
Add metatests for failing TEST_EQUAL and TEST_LE_*
...
After getting caught with deadlock issues when these tests fail, add a
metatest to test them failing.
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2024-02-14 15:07:40 +00:00
039c903e7b
Merge pull request #8818 from forkiee2/mbedtls-2.28
...
Backport 2.28: move entropy init prior arguments number recognition
2024-02-14 13:43:32 +00:00
75c8e61ce0
Merge pull request #8814 from gilles-peskine-arm/rsa-bitlen-fix-2.28
...
Backport 2.28: Fix mbedtls_pk_get_bitlen for a key size that is not a multiple of 8
2024-02-14 11:18:28 +00:00
c609654665
newline at end of changelog file
...
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com >
2024-02-13 22:12:23 +01:00
eb77b6f418
Add session config bit for KEEP_PEER_CERTIFICATE
...
This config option decides whether the session stores the entire
certificate or just a digest of it, but was missing from the
serialization config bitflag.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2024-02-13 18:59:07 +00:00
a2fd778868
Merge pull request #1148 from tom-daubney-arm/backport_hash_buffer_protection
...
[Backport] - Hash buffer protection
2024-02-13 18:17:57 +00:00
14e4727d0e
fill out missing dot in changelog
...
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com >
2024-02-13 17:09:40 +01:00
7c1cd5ae1c
move entropy init prior arguments number recognition
...
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com >
2024-02-13 16:59:05 +01:00
09cd7dd96a
Merge pull request #8660 from ivq/fix_ecp_comment
...
Fix a comment in ecp
2024-02-13 12:12:10 +00:00
0196f4886a
Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes
...
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-02-12 17:00:48 +01:00
c89f9ceb41
Don't define pk_sign_verify in configurations where it's unused
...
In some configurations (e.g. ECDH but no ECDSA or RSA), the PK module is
useful but cannot perform any signatures. Then modern GCC complains:
```
../source/tests/suites/test_suite_pk.function: In function ‘test_pk_sign_verify’:
../source/tests/suites/test_suite_pk.function:1136:12: error: array subscript 0 is outside array bounds of ‘unsigned char[0]’ [-Werror=array-bounds]
../source/tests/suites/test_suite_pk.function:1094:19: note: while referencing sig’
…
```
This fixes test-ref-configs.pl with a modern GCC (specifically with
config-thread.h).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-02-12 14:33:41 +01:00
0af7a90329
depends.py: set unique configuration names in outcome file
...
Set unique configuration names in the outcome file. This was lost in the
rewrite from depends-*.pl to depends.py.
Fix #7290
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-02-12 14:30:59 +01:00
2b614f9dad
Generate all test wrappers
...
One was missed due to typo
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 13:07:48 +00:00
d8adccf45d
Generate test wrappers
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 13:07:43 +00:00
1a6137bbac
Implement safe buffer copying in asymm. encryption
...
Use local copy buffer macros to implement safe
copy mechanism in asymmetric encryption API.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 13:03:16 +00:00
480347d682
Add mac not NULL check before calling memset
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:21:46 +00:00
301491d70c
Modify allocation in sign_finish
...
Allocate immediately after declaration.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:21:46 +00:00
f298f657c4
Fix code style
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:21:46 +00:00
2bb3a1fa25
Conditionally include exit label
...
...on functions where the label was only added
due to the modifications required by this PR.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:21:46 +00:00
6b91503602
Generate test wrappers for MAC functions
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:21:43 +00:00
324f7de1dd
Implement safe buffer copying in MAC API
...
Use buffer local copy macros to implement safe
copy mechanism in MAC API.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 12:20:39 +00:00
cbf0921530
Fix code style
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 11:51:41 +00:00
5e6b84ae12
Conditionally include exit label
...
...on hash functions where the label was only added
due to the modifications required by this PR.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 11:51:41 +00:00
ebf9329d88
Generate test wrappers for hash functions
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 11:51:38 +00:00
62cb36a5f2
Implement safe buffer copying in hash API
...
Use local copy buffer macros to implement safe
copy mechanism in hash API.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2024-02-12 11:50:51 +00:00
d0d12fb42f
Conditionally guard exit label to deter unused label error
...
Co-authored-by: David Horstmann <david.horstmann@arm.com >
Signed-off-by: Ryan Everett <ryan.everett@arm.com >
2024-02-12 09:19:29 +00:00
6c9e69d53b
Add key derivation testing wrappers
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com >
2024-02-09 16:23:25 +00:00
6f68206b18
Add buffer copying to psa_key_derivation_input_bytes
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com >
2024-02-09 16:18:39 +00:00
08bd24635d
Add buffer copying to psa_key_derivation_output_bytes
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com >
2024-02-09 16:15:32 +00:00
ede909f99a
Merge pull request #8798 from ivq/8665-backport
...
Backport 2.28: Reduce many unnecessary static memory consumption
2024-02-07 23:26:24 +00:00
4fc2b9b80f
Merge pull request #1175 from davidhorstmann-arm/cipher-multipart-test-fix-backport
...
[Backport 2.28] Fix a multipart test that overwrites the same buffer twice
2024-02-07 17:18:52 +00:00
b6d57934bc
Reduce many unnecessary static memory consumption
...
.data section of ssl_client1 becomes 128 bytes smaller on AMD64.
Signed-off-by: Chien Wong <m@xv97.com >
2024-02-07 21:48:12 +08:00
856bf3ad09
Merge pull request #8781 from silabs-Kusumit/kdf_incorrect_initial_capacity_backport
...
Backport 2.28: Fix KDF Incorrect Initial Capacity
2024-02-06 17:29:33 +00:00
