Sometime user may forget to call mbedtls_aes_setkey_enc or
mbedtls_aes_setkey_dec before mbedtls_aes_crypt_ecb and then
the code normally crash inside the assembly code. With this
patch, the code will stop inside the C source code which is
more convenient to locate the problem.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: I0e1d6b219f8709f8acaee5f345344335fc82fed3
For now the entries are in no particular order. Before the release we
should have a final pass over this document and order them from most
impactful to least impactful. We might even create sections, a table of
contents, etc.
In the meantime, each PR should add an entry about it changes.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Move the key buffer size calculation code under
tests to avoid check-names.sh to complain about
"likely macros with typos".
This removes the calculation of key buffer
sizes for the test driver from the wrapper based on
static size data. But the code is still there in test
code to be used when we go back to work on the
generation of the driver wrapper.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Handling the receipt of a handshake record after the initial handshake
requires non-trivial logic depending on the protocol version and the
endpoint. This logic is currently embedded in mbedtls_ssl_read().
With the introduction of support for [D]TLS 1.3, the logic will become
even more complex, since [D]TLS 1.3 drops support for renegotiation --
which in [D]TLS 1.2 is the main purpose of post-handshake handshake
messages -- but instead introduces numerous other post-handshake
handshake messages.
In order to pave the way for those changes, this commit improves
readability and maintainability of mbedtls_ssl_read() by moving
the TLS <=1.2 logic for handling post-handshake handshake messages
into a separate helper function ssl_handle_hs_message_post_handshake().
The logic of the code is entirely unchanged.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
The sample program aescrypt2 shows bad practice: hand-rolled CBC
implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key
stretching, no algorithm agility. The new sample program pbcrypt does
the same thing, but better. So remove aescrypt2.
Fix#1906
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
pk_get_pk_alg will either return 0 or a pk error code. This means that
the error code will always be a high level module ID and so we just
return ret.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
Made a mistake when copy-pasting and put the guard in the wrong place.
Fix that by moving the compile time guard.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
This function was introduced before ssl_test_common_source.c and so the
function is replicated in both ssl_client2.c and ssl_server2.c. Move
the function to ssl_test_common_source.c to avoid duplication.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
Remove some accidental newlines that were added previously.
Update some definition guards to make it clearer that
`MBEDTLS_X509_REMOVE_INFO` is defined and not undefined.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
Fix an issue where `MBEDTLS_X509_REMOVE_INFO` was defined/enabled by default
in `include/mbedtls/config.h`. This should also fix the `context-info.sh` test
where it ran the default config and expected to see some output from the x509
info functions that were removed.
Also updated relevant comments to more accurately explain how the
configuration option works.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
