Commit graph

6860 commits

Author SHA1 Message Date
Gilles Peskine
c537aa83f4 CAMELLIA: add missing context init/free
This fixes the self-test with alternative implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 09:23:10 +02:00
Gilles Peskine
be89fea1a7 ARIA: add missing context init/free
This fixes the self-test with alternative implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 09:23:10 +02:00
Janos Follath
7fc487c4d6
Merge pull request #4347 from hanno-arm/ssl_session_cache_3_0
Add session ID as an explicit parameter to SSL session cache API
2021-05-21 09:28:55 +01:00
Ronald Cron
ca72287583
Merge pull request #4304 from mstarzyk-mobica/convert_NO_SHA384_to_positive
Modify config option for SHA384.
2021-05-21 08:04:33 +02:00
Gilles Peskine
e913174c8a
Merge pull request #4543 from gilles-peskine-arm/undefined-reference-3.0
Fix missing compilation guard around psa_crypto_driver_wrappers.c
2021-05-20 17:20:31 +02:00
Gilles Peskine
3248be4b3a
Merge pull request #4462 from netfoundry/gcc11.fixes
build with gcc11
2021-05-20 15:54:23 +02:00
Gilles Peskine
f4c1d58607
Merge pull request #4453 from facchinm/crt_in_filesystem_mbed_os
mbed-os: allow storing certificates in filesystem
2021-05-20 15:53:47 +02:00
Ronald Cron
49fef37ebf
Merge pull request #4342 from gilles-peskine-arm/gcm-update-any-length
GCM: allow arbitrary lengths for update
Only the ABI-API-checking job failed and this is expected thus good to go.
2021-05-20 15:08:55 +02:00
Mateusz Starzyk
17011a3185 Merge branch 'development' into convert_NO_SHA384_to_positive
Conflicts:
	library/version_features.c
	programs/test/query_config.c

Files were removed in development branch and modified by current branch.
Conflicts fixes by removing them.
2021-05-20 14:18:12 +02:00
Gilles Peskine
eb30b0cc39 Merge remote-tracking branch 'upstream-public/development' into no-generated-files-3.0
Conflicts: generated files that are removed in this branch and have
changed in development. Resolved by keeping the files removed.
2021-05-20 10:40:48 +02:00
Gilles Peskine
1411c7c0d6 Don't make configuration-independent files depend on config.h
Don't regenerate configuration-independent files when config.h or
crypto_config.h changes. These files only depend on the set of symbols
present in the headers and not on which symbols are enabled. To avoid
rebuilding the generated files whenever the configuration changes,
don't declare the configuration as a dependency.

In the rare event that a maintainer makes an edit to *config.h that
affects the generated files, they'll have to remove the generated files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-20 10:37:22 +02:00
Gilles Peskine
b5e08637ad Ignore generated source files that are no longer checked in
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-20 10:37:22 +02:00
Manuel Pégourié-Gonnard
729fa5be88
Merge pull request #4450 from mstarzyk-mobica/remove_null_entropy
Remove MBEDTLS_TEST_NULL_ENTROPY config option.
2021-05-20 09:19:55 +02:00
Gilles Peskine
1905a24488 Fix missing compilation guard around psa_crypto_driver_wrappers.c
Fix #4411.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 21:06:01 +02:00
Shawn Carey
aa13e93941 avoid "maybe-uninitialized" and "free-nonheap-object" errors/warnings with gcc11
Signed-off-by: Shawn Carey <shawn.carey@netfoundry.io>
2021-05-19 11:31:37 -04:00
Mateusz Starzyk
c6d94aba50 Fix remaining SHA384 dependencies and ifdef blocks.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-19 16:23:47 +02:00
Manuel Pégourié-Gonnard
2213871654
Merge pull request #4489 from TRodziewicz/Remove__SSL_RECORD_CHECKING
Remove  ssl record checking
2021-05-19 13:57:51 +02:00
Dave Rodgman
9cf91affa2
Merge pull request #4536 from daverodgman/padlock-docs-fix
Fix docs for mbedtls_padlock_has_support
2021-05-19 12:12:14 +01:00
Ronald Cron
0e3ec27598
Merge pull request #4506 from gilles-peskine-arm/array-parameters-to-pointers-sha512
Change sha256 and sha512 output type from an array to a pointer
2021-05-19 12:37:17 +02:00
Mateusz Starzyk
3ea8e2d5ad Restore alphabetical order of SHA definitions
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-19 11:38:01 +02:00
Mateusz Starzyk
4228f895c0 Merge branch 'development' into convert_NO_SHA384_to_positive
Conflicts:
* configs/config-psa-crypto.h: modified here, removed in development
* tests/suites/test_suite_x509parse.data: all conflicts are in depends_on
  lines where development made a change unrelated to MBEDTLS_SHAxxx and our
  branch either changed `MBEDTLS_SHA256_C` to `MBEDTLS_SHA224_C` or
  `MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384` to ``MBEDTLS_SHA384_C`, with
  no change to what the test does. Pick the other branch's dependency
  changes then apply our SHA dpeendency change.
2021-05-19 11:37:49 +02:00
Gilles Peskine
b7bb0687f7 Rework and reword the guarantees on output_size
To simplify the documentation, and because there are only two realistic
behaviors in practice, only allow two behaviors for multipart output:
immediate output, or buffering of the last partial block.

State some simple rules that applications can follow if they don't care about
the details.

Explicitly state how much output is needed for finish(). Only require the
buffer size to be the size of the actual output, not the size of the potential
output in the worst case. Rename the parameter from output_len to output_size
since it's a buffer size and not necessarily the length of the data.

No longer guarantee that the built-in implementation produces immediate
output.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-18 23:15:40 +02:00
Dave Rodgman
c1ae30a05e Fix docs for mbedtls_padlock_has_support
Fix a slight inaccuracy in the docs for the return value of
mbedtls_padlock_has_support.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-05-18 19:01:42 +01:00
Gilles Peskine
9c58274484 Remove automatically generated source files
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-17 22:48:08 +02:00
Gilles Peskine
687d1ab714 Makefile targets for automatically generated files
Run `make generated_files` to generate the automatically generated
C source files and build scripts.

Run `make neat` to remove all automatically generated files, even C
source files and build scripts.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-17 22:47:02 +02:00
Ronald Cron
fdcde47f36
Merge pull request #4458 from davidhorstmann-arm/remove-max-content-len
Remove MBEDTLS_SSL_MAX_CONTENT_LEN option
2021-05-17 16:36:04 +02:00
Gilles Peskine
864b425156
Merge pull request #4488 from tom-daubney-arm/remove_rsa_mode_params
Remove rsa mode params part 1
2021-05-17 13:49:19 +02:00
Manuel Pégourié-Gonnard
9370f01391
Merge pull request #3927 from hanno-arm/ciphersuite_helper_macros
Unify naming scheme for macros indicating presence of classes of ciphersuites
2021-05-17 11:18:58 +02:00
Manuel Pégourié-Gonnard
5605911fd3
Merge pull request #4447 from hanno-arm/ssl_config_cleanup
Avoid and remove some SSL error codes for Mbed TLS 3.0
2021-05-17 10:55:17 +02:00
Hanno Becker
8cce50d726 Remove reference to SSLv3
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-15 06:15:52 +01:00
Hanno Becker
d086bf0c62 Fix typo
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-15 06:14:56 +01:00
Hanno Becker
31351cef6f Add missing escape character in multi-line preprocessor directive
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-15 06:14:56 +01:00
Hanno Becker
0cc4661365 Introduce helper macro for presence of stream ciphersuites
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-15 06:14:56 +01:00
Hanno Becker
fd86ca8626 Rename SOME_MODES_USE_MAC -> SOME_SUITES_USE_MAC
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-15 06:07:48 +01:00
Hanno Becker
541af8575e Use -1 instead of 1 as failure return value in internal SSL function
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 16:49:01 +01:00
Hanno Becker
fc1f4135c3 Use memset( x, 0, sizeof( x ) ) to clear local structure
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 14:57:54 +01:00
Hanno Becker
78196e366f Fix search for outdated entries in SSL session cache
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 14:55:15 +01:00
Hanno Becker
c3f4a97b8f Don't infer last element of SSL session cache twice
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 14:54:24 +01:00
Hanno Becker
466ed6fd08 Improve local variable naming in SSL session cache implementation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 14:54:00 +01:00
Hanno Becker
5cf6f7eafe Fix swapping of first and last entry in SSL session cache
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 14:45:04 +01:00
Hanno Becker
006f2cce2e Fix compile-time guard in session cache implementation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 04:57:44 +01:00
Hanno Becker
b94fdae3c3 Improve code structure for session cache query
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 04:57:40 +01:00
gabor-mezei-arm
d5218df572
Enable fallback to software implementation in psa_sign/verify_message driver
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
f048618b43
Unify variable type and rename to be unambiguous
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
2b8373f856
Update documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
256443e64e
Change the driver calling logic for psa_sign/verify_messsage
The changed logic is to try a sign-message driver (opaque or transparent);
if there isn't one, fallback to builtin sofware and do the hashing,
then try a sign-hash driver. This will enable to the opaque driver
to fallback to software.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
6883fd248d
Rename sign/verify builtin functions called by driver wrapper functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
474a35f635
Return error if algorithm is not hash-then-sign for psa_sign_message
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
8b3e88614c
Use bool variable instead of enum values
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
12b4f34fff
Fix documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00