Commit graph

10413 commits

Author SHA1 Message Date
Xiaokang Qian
df6f52e2b2 Generate early key and switch outbound key to it after write client hello
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
d05ac5dfce Add extern apis mbedtls_ticket_get_psk.
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
32af4fbbdb Set ciphersuite info and kex mode in set_session in re-connection
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
34aab55aa7 Add prepare function to switch transform to early keys
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:58 +00:00
Xiaokang Qian
125afcb060 Add end-of-early-data write
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:58 +00:00
Nick Child
3dafc6c3b3 pkcs7: Drop support for signature in contentInfo of signed data
The contentInfo field of PKCS7 Signed Data structures can
optionally contain the content of the signature. Per RFC 2315
it can also contain any of the PKCS7 data types. Add test and
comments making it clear that the current implementation
only supports the DATA content type and the data must be empty.

Return codes should be clear whether content was invalid or
unsupported.
Identification and fix provided by:
 - Demi Marie Obenour <demiobenour@gmail.com>
 - Dave Rodgman <dave.rodgman@arm.com>

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-07 20:04:52 +00:00
Valerio Setti
5b16e9eabc pk_wrap: keep ECDSA_C for ECP_RESTARTABLE contexts
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 16:21:36 +01:00
Hanno Becker
dae916b05f X.509: Add length consistency checks to x509_get_other_name()
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:24:32 -05:00
Hanno Becker
2a15a0c868 X.509: Remove red'n bounds checks and zeroiz'n in OtherName parsing
- ASN.1 parsing functions check that length don't exceed buffer bounds,
  so checks `p + len > end` are redundant.
- If `p + len == end`, this is erroneous because we expect further fields,
  which is automatically caught by the next ASN.1 parsing call.

Hence, the two branches handling `p + len >= end` in x509_get_other_name()
can be removed.

Further, zeroization of the `other_name` structure isn't necessary
because it's not confidential (and it's also not performed on other
error conditions in this function).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:15:27 -05:00
Hanno Becker
ae8f8c435c Fix X.509 SAN parsing
Fixes #2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:10:27 -05:00
Valerio Setti
1cdddacc62 pk_wrap: use proper macros for sign and verify
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
5c593af271 pk_wrap: fix comment on closing #endif
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
24138d9f83 pk_wrap: re-use identical functions for eckey and ecdsa when possible
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
7ca1318256 pk: add new symbol for generic ECDSA capability
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
9e30dd882d removing a leftover printf from debug
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
ab363d9fe1 pk/pk_wrap: replace ECDSA_C with generic ECDSA capabilities' defines
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Gabor Mezei
63aae68b8f
Fix documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-06 16:24:08 +01:00
Gilles Peskine
0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3
Parsing v3 extensions from a CSR - v.2
2023-02-03 16:41:11 +01:00
Gilles Peskine
80c552556a
Merge pull request #6791 from yanrayw/6675-change-some-key-generation-funcs-to-static
TLS 1.3: Key Generation: change some key generation functions to static
2023-02-03 11:56:35 +01:00
Yanray Wang
f206c1493b Remove duplicate mbedtls_platform_zeroize for tls13_early_secrets
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-03 13:55:47 +08:00
Dave Rodgman
6dd757a8ba Fix use of sizeof without brackets
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 12:40:50 +00:00
Nick Child
282d50493a pkcs7: Remove duplicate oid condition
MBEDTLS_OID_PKCS7_ENCRYPTED_DATA was listed twice in
the oid conditional. Remove one of them.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-01 18:32:55 +00:00
Gilles Peskine
24c6f49530
Merge pull request #7005 from tom-cosgrove-arm/fix-doxygen-typos-in-new-bignum
Fix typos in doxygen commands in new bignum modules
2023-02-01 19:05:04 +01:00
Gilles Peskine
a193986aab
Merge pull request #6942 from ucko/2023a-bignum
mbedtls_mpi_sub_abs: Skip memcpy when redundant (#6701).
2023-02-01 11:36:25 +01:00
Tom Cosgrove
8a1f784ece Fix typos in doxygen commands in new bignum modules
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-02-01 08:43:54 +00:00
Yanray Wang
a12cecbe47 Modify some comments in ssl_tls13_keys.c
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-01 14:29:51 +08:00
Nick Child
3bd17f2f58 pkcs7: Use end_issuer_and_sn where appropriate
There were some areas where `end_signer` were being
used when it makes more sense to use `end_issuer_and_sn`,
as pointed out by demiobenour@gmail.com.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-31 20:42:26 +00:00
Gabor Mezei
2038ce976e
Rename function to follow naming convention
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-31 14:40:05 +01:00
Gabor Mezei
9b290b33e4
Add documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-31 14:40:05 +01:00
Gabor Mezei
deece2bb65
Change the ecp_mod_p192_raw to be testable
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-31 14:40:05 +01:00
Gabor Mezei
b5bba497fe
Extract Secp192r1 from the prototype
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-31 14:40:05 +01:00
Gilles Peskine
f6b9823422
Merge pull request #6979 from daverodgman/const-time-asm-vol
Inhibit compiler from optimising out const-time asm
2023-01-31 11:28:45 +01:00
Gilles Peskine
470f10cfc5
Merge pull request #6941 from gabor-mezei-arm/6375_quasi-reduction_function
Add function to fix quasi-reduction
2023-01-31 11:25:25 +01:00
Nick Child
ec81709516 pkcs7: Ensure all data in asn1 structure is accounted for
Several PKCS7 invalid ASN1 Tests were failing due to extra
data bytes or incorrect content lengths going unnoticed. Make
the parser aware of possible malformed ASN1 data.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 16:44:58 +00:00
Gabor Mezei
db1607fa69
Remove unneeded include
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-30 16:27:48 +01:00
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843
Improve X.509 cert writing serial number management
2023-01-30 13:08:57 +01:00
Dave Rodgman
4610d4b7a6 Inhibit compiler from optimising out const-time asm
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-30 09:26:48 +00:00
Manuel Pégourié-Gonnard
169d9e6eb4
Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215
Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS
2023-01-27 10:05:00 +01:00
Przemek Stekiel
36ad5e7ab5 Fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-26 22:30:45 +01:00
Valerio Setti
af4815c6a4 x509: replace/fix name of new function for setting serial
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-26 17:43:09 +01:00
Janos Follath
803638c023
Merge pull request #6939 from minosgalanakis/bignum/6027_hardcode_montgomery_moduli
Bignum: hardcode montgomery moduli
2023-01-25 16:51:11 +00:00
Przemek Stekiel
32e20919ac Remove redundant check and add comment to inform about processing of empty extensions
Netscape Certificate Management System Administrator's Guide: Extension-Specific Policy Modules, Chapter 18: Extension-Specific Policy Modules, Netscape Certificate Type Extension Policy:
> The extension has no default value.

A bitstring with no flags set is still technically valid, as it will mean that the certificate has no designated purpose at the time of creation.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-25 16:20:25 +01:00
Gabor Mezei
9a66ab180c
Fix missing declarration
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-25 13:23:38 +01:00
Przemek Stekiel
94e21e153f Skip unsupported extensions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-25 11:08:32 +01:00
Gilles Peskine
8296eabed6
Merge pull request #6957 from tom-cosgrove-arm/fix-spelling-of-doxygen-return
Fix doxygen return parameter spelling
2023-01-24 21:56:45 +01:00
Gilles Peskine
3b8623fe2c
Merge pull request #6903 from Mihir-Raj-Singh/Bignum_rename_mtoN
Rename modulus input argument from m to N
2023-01-24 21:48:54 +01:00
Gabor Mezei
627e5b1f91
Only enable fix_quasi_reduction when testing
Avoid compiler error due to the fix_quasi_reduction function
is static and has not been used.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-24 18:13:24 +01:00
Przemek Stekiel
a468768000 Dealocate memory for subject alt names
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 15:19:47 +01:00
Przemek Stekiel
86d1946164 Fix error codes returned on failures
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 11:20:10 +01:00
Przemek Stekiel
cf6ff0fb43 Move common functions for crt/csr parsing to x509.c
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
db128f518c Allow empty ns_cert_type, key_usage while parsing certificates
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
21c37288e5 Adapt function names
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
cbaf3167dd mbedtls_x509_csr_info: Add parsing code for v3 csr extensions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Jens Alfke
2d9e359275 Parsing v3 extensions from a CSR
A parsed CSR struct (`mbedtls_x509_csr`) now includes some of the
X.509v3 extensions included in the CSR -- the key usage, Netscape
cert-type, and Subject Alternative Names.

Author: Jens Alfke <jens@couchbase.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:56:55 +01:00
Gabor Mezei
a24fd06451
Update documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 19:10:26 +01:00
Gabor Mezei
9073f7dd3b
Remove unneeded check
The fix_quasi_reduction function changed to static so checking the
invalid arguments are not needed anymore.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 19:05:37 +01:00
Gabor Mezei
e81a2b85c9
Change the fix_quasi_reduction function to static
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 18:58:20 +01:00
Gabor Mezei
aaa1d2a276
Move the quasi reduction fixing function to bignum_mod_raw
Rename the function to 'fix_quasi_reduction' to better suite its functionality.
Also changed the name prefix to suite for the new module.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 18:55:57 +01:00
Tom Cosgrove
37dabd540b Fix doxygen return parameter spelling
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-01-23 16:57:26 +00:00
Minos Galanakis
8692ec8bc0 pkarse: Added pk_group_id_from_specified() documentation.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-23 10:33:06 +00:00
Dave Rodgman
7658b63390 Remove volatile from diff; add explanatory comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
fa96026a0e Move definition of asm out of public header
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
7f376fa6fc Improve documentation
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
b9cd19bc8c Prevent perf regressions in mbedtls_xor
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
051225d07a Address potential perf regression
Ensure platforms that don't have an assembly implementation for
mbedtls_get_unaligned_volatile_uint32() don't experience a performance
regression.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
36dfc5a237 Improve efficiency of some constant time functions
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
cb0f2c4491 Tidy-up - move asm #define into build_info.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Minos Galanakis
c8e381ab1c pkarse: Update pk_group_id_from_specified() clean-up.
This path updates the clean-up logic of to individually
free each of the the group's structure members
rather than invoke `mbedtls_ecp_group_free()`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:15:11 +00:00
Minos Galanakis
e9fa7a74cd ecp_curves: Update pre-processor define guards for ecp_mpi_load().
This patch adjusts the logic, so that the method is included,
when the following components are enabled:

* MBEDTLS_ECP_DP_CURVE448_ENABLED
* MBEDTLS_ECP_DP_CURVE25519_ENABLED
* ECP_LOAD_GROUP

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:12:07 +00:00
Minos Galanakis
d61dbd4df7 ecp_curves: Update mbedtls_ecp_group_free().
This patch updates the method to not free the `grp->P`
and `grp->N` structure members.

The contents of `P` and `N` are stored in static memory at
`curve448_p/n` and `curve25519p/n` and no longer dynamically
allocated.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:11:55 +00:00
Minos Galanakis
146fed9849 ecp_curves: Hardcode Montgomery const for curve448.
This patch adds two embedded constants used by `ecp_use_curve448()`.
The method has been updated to read that into an mpi instead of
calculating it on the fly.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:11:50 +00:00
Minos Galanakis
bececeb0b9 ecp_curves: Hardcod Montgomery const for curve25519
This patch adds two embedded constants used by `ecp_use_curve25519()`.
The method has been updated to read that into an mpi instead of
calculating it on the fly.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 11:38:19 +00:00
Gilles Peskine
bb3814c7a8 Reject key agreement chained with PSA_ALG_TLS12_ECJPAKE_TO_PMS
The key derivation algorithm PSA_ALG_TLS12_ECJPAKE_TO_PMS cannot be
used on a shared secret from a key agreement since its input must be
an ECC public key. Reject this properly.

This is tested by test_suite_psa_crypto_op_fail.generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:23 +01:00
Aaron M. Ucko
af67d2c1cf mbedtls_mpi_sub_abs: Skip memcpy when redundant (#6701).
In some contexts, the output pointer may equal the first input
pointer, in which case copying is not only superfluous but results in
"Source and destination overlap in memcpy" errors from Valgrind (as I
observed in the context of ecp_double_jac) and a diagnostic message
from TrustInSoft Analyzer (as Pascal Cuoq reported in the context of
other ECP functions called by cert-app with a suitable certificate).

Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>
2023-01-17 11:52:22 -05:00
Gabor Mezei
c83f792c18
Add documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-17 13:28:06 +01:00
Gabor Mezei
9684d4dc58
Add quasi-reduction function for ecp
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-17 13:16:46 +01:00
Mihir Raj Singh
432cacf5c2 bignum_mod_raw: Renamed m -> N in mbedtls_mpi_mod_raw_neg()
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-17 11:25:26 +05:30
Mihir Raj Singh
b0354c5b71 bignum_mod_raw: Renamed m -> N in mbedtls_mpi_mod_raw_from_mont_rep()
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:11:18 +05:30
Mihir Raj Singh
37ece7292a bignum_mod_raw: Renamed m -> N in mbedtls_mpi_mod_raw_to_mont_rep()
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:10:40 +05:30
Mihir Raj Singh
01e861ff9e bignum_mod_raw: Renamed m -> N in mbedtls_mpi_mod_raw_write()
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:10:00 +05:30
Mihir Raj Singh
cd17ff0354 bignum_mod_raw: Renamed m -> N in mbedtls_mpi_mod_raw_read()
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:09:12 +05:30
Mihir Raj Singh
a43290d556 bignum_mod: Renamed m -> N in mbedtls_mpi_mod_write()
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:08:17 +05:30
Mihir Raj Singh
fdc314b6fe bignum_mod: Renamed m -> N in mbedtls_mpi_mod_read()
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:06:16 +05:30
Mihir Raj Singh
928a07ba49 bignum_mod: Renamed m -> N in mbedtls_mpi_mod_modulus_free
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:04:37 +05:30
Mihir Raj Singh
f438ad1ab9 bignum_mod: Renamed m -> N in mbedtls_mpi_mod_modulus_setup()
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:03:06 +05:30
Mihir Raj Singh
b6fa940fc4 bignum_mod: Renamed m -> N in mbedtls_mpi_mod_modulus_init()
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:02:04 +05:30
Mihir Raj Singh
b13a58938a bignum_mod: Renamed m -> N in mbedtls_mpi_mod_residue_setup()
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
2023-01-16 23:01:25 +05:30
Pengyu Lv
9b84ea75de remove ssl_tls13_has_compat_ticket_flags
This content of the function is moved to
ssl_tls13_has_configured_ticket.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-16 14:08:23 +08:00
Pengyu Lv
e2f1dbf5ae update docs of ssl_client2 and improve code format
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-16 12:38:12 +08:00
Pengyu Lv
4938a566bf refine ticket_flags printing helper
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-16 11:28:49 +08:00
Pengyu Lv
acecf9c95b make ticket_flags param types consistent
When ticket_flags used as parameter, use unsigned int,
instead of uint8_t or mbedtls_ssl_tls13_ticket_flags.Also
remove the definition of mbedtls_ssl_tls13_ticket_flags.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-16 11:23:24 +08:00
Pengyu Lv
3643fdbab9 refine the state setting in tls13_handshake_wrapup
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:06:02 +08:00
Pengyu Lv
ee455c01ce move ticket_flags debug helpers
The debug helpers printing ticket_flags status are
moved to ssl_tls.c and ssl_debug_helpers.h.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:06:01 +08:00
Pengyu Lv
189465306d remove MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE error
Return MBEDTLS_ERR_ERROR_GENERIC_ERROR when ticket_flags
are not compatible with advertised key exchange mode.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:06:00 +08:00
Pengyu Lv
80270b2151 rename ticket_flags helper functions to generic ones
Ticket flags is quite generic and may make sense in the
future versions of TLS or even in TLS 1.2 with new
extensions. This change remane the ticket_flags helper
functions with more generic `mbedtls_ssl_session` prefix
instead of `mbedtls_ssl_tls13_session`.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:59 +08:00
Pengyu Lv
a1aa31b8b1 fix review comments
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:58 +08:00
Pengyu Lv
1735ba30ea fix review comments
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:57 +08:00
Pengyu Lv
9eacb44a5e improve code format and readability
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:57 +08:00
Pengyu Lv
9356678047 filter the tickets with tls13_kex_mode on client side.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:56 +08:00
Pengyu Lv
e6487fe3c2 guard tls13_kex_modes related function calls with macro
Handshake parameter field, tls13_kex_mode is only valid when
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED is set.
So, any functions / calls should be guarded by this macros.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:55 +08:00
Pengyu Lv
3eb49be6a8 move kex mode check in ticket_flags to psks_check_identity_match_ticket
Move the kex mode check in ticket_flags to
ssl_tls13_offered_psks_check_identity_match_ticket and add new error
'MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE' to indicate the check
failure.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:55 +08:00
Pengyu Lv
c7af2c4f8c tls13: send new session ticket only when client supports psk
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:54 +08:00
Pengyu Lv
c55eeb682d tls13: check if the session ticket is compatible with key exchange modes
The server check if the ticket_flags is compatible with the advertised
key exchange modes in Pre-Shared Key Exchange Modes extension. The
incompatible ticket should be mark as not matched.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:53 +08:00
Pengyu Lv
9f92695c8d tls13: set key exchange mode in ticket_flags on client/server
Set the ticket_flags when:
  - server: preparing NST (new session ticket) message
  - client: postprocessing NST message

Clear the ticket_flags when:
  - server: preparing NST message
  - client: parsing NST message

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:53 +08:00
Pengyu Lv
b7d50acb37 tls13: add helpers to manipulate ticket_flags
Add helper functions to get/set/clear ticket_flags.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:52 +08:00
Pengyu Lv
5b8dcd2097 Add debug helper to print ticket_flags status
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:52 +08:00
Valerio Setti
856cec45eb test: x509: add more tests for checking certificate serial
- added 2 new certificates: 1 for testing a serial which is full lenght
  and another one for a serial which starts with 0x80

- added also proper Makefile and openssl configuration file to generate
  these 2 new certificates

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
4752aac11d x509: enhancement and fixes
- enhance mbedtls_x509write_crt_set_serial(): avoid use of useless
  temporary buffer

- fix mbedtls_x509write_crt_der(): add an extra 0x00 byte at the
  beginning of serial if the MSb of serial is 1, as required from
  ASN.1

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
746def5ade x509: renaming of buffer variables in new serial setting function
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
acf12fb744 x509: fix endianness and input data format for x509write_crt_set_serial_new
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
5d164c4e23 fix: add missing deprecation guards
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
da0afcc2fb x509: remove direct dependency from BIGNUM_C
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Yanray Wang
ef5ec8f5ba Rename static functions in ssl_tls13_keys.c
As some static functions are only used inside ssl_tls13_keys.c,
the prefix mbedtls_ should be removed. Furthermore, code format is
also maintained to fix code style.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-12 15:11:03 +08:00
Yanray Wang
0540211078 Enhancement: change some functions to static in ssl_tls13_keys.c
Since some functions are only used in ssl_tls13_keys.c not by any
other modules, those functions are changed to static.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-12 14:54:26 +08:00
Yanray Wang
16c895dff3 TLS1.3: zeroize tls13_early_secrets after its lifetime
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-12 14:27:06 +08:00
Yanray Wang
bae9e74d39 Enhancement: change tls13_early_secrets to local variable
Since tls13_early_secrets is only temperately used in the function,
there is no need to keep it in the handshake context.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-12 14:27:06 +08:00
Gilles Peskine
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Gilles Peskine
03e99cf14d Remove redundant error code definitions
We're including psa/crypto_values.h, which defines the necessary error
codes. Remove redundant definitions, which hurt because they need to be
styled in exactly the same way (same presence/absence of spaces between
tokens).

This completes the fix of https://github.com/Mbed-TLS/mbedtls/issues/6875.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 11:15:18 +01:00
Ronald Cron
83c5ad4873
Merge pull request #6787 from yuhaoth/pr/workaround-gnutls_anti_replay_fail
TLS 1.3: EarlyData: Workaround anti replay fail from GnuTLS
2023-01-11 09:05:36 +01:00
Gilles Peskine
0770efe4e1
Merge pull request #6888 from daverodgman/iar-bignum-warning
Fix IAR warning
2023-01-10 22:08:37 +01:00
Manuel Pégourié-Gonnard
28d4d43416
Merge pull request #6863 from valeriosetti/issue6830
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
2023-01-10 10:01:17 +01:00
Jerry Yu
3e60cada5d Improve comment and changlog
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-10 14:58:08 +08:00
Valerio Setti
a0b97bc803 fix wrong type in debug message
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-09 19:10:32 +01:00
Valerio Setti
1e868ccbac fix several typos and extra blank spaces
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-09 17:59:46 +01:00
Valerio Setti
2b5d3ded1f remove remaining occurencies of mbedtls_ecc_group_to_psa() from TLS
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-09 11:04:52 +01:00
Jerry Yu
bdb936b7a5 Workaround anti replay fail of GnuTLS
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-07 20:19:55 +08:00
Glenn Strauss
14db51224e Fix IAR warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-06 14:20:14 +00:00
Gilles Peskine
cd0a565644
Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype
TLS 1.3: Upstream misc fix from prototype
2023-01-05 14:35:54 +01:00
David Horstmann
bec95320ba Don't restyle end of file
Move the *INDENT-ON* annotation to the end of the file so that
uncrustify does not restyle the later sections (since it introduces a
risk of future problems).

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-05 09:50:47 +00:00
David Horstmann
cb3b6ae580 Disable code style correction for bignum assembly
The inline assembly defined in bn_mul.h confuses code style parsing,
causing code style correction to fail. Disable code style correction for
the whole section gated by "#if defined(MBEDTLS_HAVE_ASM)" to prevent
this.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-04 17:50:08 +00:00
Valerio Setti
67419f0e11 tls: fix + save code size when DEBUG_C is not enabled
Some PSA curves' symbols (PSA_WANT_) were not matching the corresponding
MBEDTLS_ECP_DP_. This was fixed together with the removal of extra code
when DEBUG_C is not enabled.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-04 17:36:00 +01:00
Valerio Setti
40d9ca907b tls: remove useless legacy function
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-04 16:08:04 +01:00
Valerio Setti
18c9fed857 tls: remove dependency from mbedtls_ecp_curve functions
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 13:03:34 +01:00
David Horstmann
e3d8f31ba1 Workaround Uncrustify parsing of "asm"
The following code:

 #ifndef asm
 #define asm __asm
 #endif

causes Uncrustify to stop correcting the rest of the file. This may be
due to parsing the "asm" keyword in the definition.

Work around this by wrapping the idiom in an *INDENT-OFF* comment
wherever it appears.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-03 11:07:09 +00:00
Manuel Pégourié-Gonnard
7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
2023-01-03 09:36:58 +01:00
Janos Follath
b4b0bb737d
Merge pull request #5907 from mpg/use-psa-rsa-pss
Use PSA more often in `pk_verify_ext()`
2022-12-30 12:33:50 +00:00
Gilles Peskine
b402e4bde1
Merge pull request #6595 from mfischer/lms_heap
lms: Move merkle tree generation to heap allocation
2022-12-23 18:29:04 +01:00
Valerio Setti
326cf46764 test: improved readability in sha self tests
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-23 14:57:18 +01:00
Manuel Pégourié-Gonnard
676766ff77
Merge pull request #6776 from gabor-mezei-arm/6222_bignum_mod_mul
Bignum: Implement fixed width modular multiplication
2022-12-23 10:39:30 +01:00
Manuel Pégourié-Gonnard
2fcb4c1d06
Merge pull request #6747 from gilles-peskine-arm/bignum-mod-random
Bignum mod random
2022-12-23 10:36:22 +01:00
Valerio Setti
543d00ef6f sha: remove SHA1 from ssl_cookie
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-22 14:27:34 +01:00
Manuel Pégourié-Gonnard
2510dd41bf
Merge pull request #6282 from gstrauss/sw_derive_y
mbedtls_ecp_point_read_binary from compressed fmt
2022-12-22 10:20:31 +01:00
Manuel Pégourié-Gonnard
4dacf58d6d Take advantage of now-public macro in pk.c
Used to be private, hence the duplication, but that's been fixed in the
meantime, I guess we just missed this occurrence.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-21 09:50:17 +01:00
Manuel Pégourié-Gonnard
6958355a51 Use PSA Crypto more often in pk_verify_ext()
See https://github.com/Mbed-TLS/mbedtls/issues/5277 - strategy 1.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-21 09:49:57 +01:00
Gilles Peskine
e1d8326e90 Fix representation of mod-random output
mbedtls_mpi_mod_raw_random() and mbedtls_mpi_mod_random() were producing
output in the Montgomery representation, instead of obeying the
representation chosen in the modulus structure. Fix this.

Duplicate the test cases for mod-random output to have separate test cases
for each representation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-20 20:28:02 +01:00
Gilles Peskine
e655479528 Generalize representation handling in mbedtls_mpi_mod_read
Call mbedtls_mpi_mod_raw_canonical_to_modulus_rep instead of assuming that
anything that isn't MBEDTLS_MPI_MOD_REP_MONTGOMERY is canonical.

mbedtls_mpi_mod_write should get the same treatment, but I'm holding off
until https://github.com/Mbed-TLS/mbedtls/issues/6679 is done.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-20 19:55:51 +01:00
Gilles Peskine
eb2e77f617 Document modulus representation selectors
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-20 19:55:51 +01:00
Gilles Peskine
1e2a4d4089 Functions to convert raw residues to/from the modulus representation
Test cases will be generated automatically by a subsequent commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-20 19:55:51 +01:00
Gabor Mezei
496cd37bac
Use equality checking for NULL value
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-12-20 17:30:20 +01:00
Gabor Mezei
2840884c35
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-12-20 17:30:19 +01:00
Gabor Mezei
6a31b7252d
Fix documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-12-20 17:30:19 +01:00
Gabor Mezei
9db81e9cca
Add mod_mul function
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-12-20 17:30:13 +01:00
Glenn Strauss
efde9d58de remove duplicated consecutive preproc directives
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-12-20 04:20:12 -05:00
Manuel Pégourié-Gonnard
8b6d14be8b Extract common code for computing X^3 + AX + B
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-20 04:17:03 -05:00
Glenn Strauss
452416121d move mbedtls_ecp_sw_derive_y after MPI_ECP_ macros
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-12-19 21:25:27 -05:00
Glenn Strauss
fcabc28cfc use MPI_ECP_* macros in mbedtls_ecp_sw_derive_y()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-12-19 21:24:50 -05:00
Gilles Peskine
e162b4725c
Merge pull request #6777 from tom-cosgrove-arm/issue-6292-mod_inv
Bignum: Implement high level fixed width modular inversion
2022-12-17 13:26:02 +01:00
Gilles Peskine
cf86d70162
Merge pull request #6742 from gabor-mezei-arm/6022_bignum_mod_raw_mul
Bignum: Implement fixed width raw modular multiplication
2022-12-17 13:25:43 +01:00
Tom Cosgrove
f723754f6d Fix typos
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-16 16:10:36 +00:00
Glenn Strauss
cbfd5e9db7 comment
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-12-16 11:03:41 -05:00
Glenn Strauss
369bfb94c5 comments and whitespace
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-12-16 10:49:04 -05:00
Gabor Mezei
210ea63d8b
Fix documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-12-16 16:35:24 +01:00
Valerio Setti
e7221a21ad test: adjust depends.py to new SHA224/SHA384 changes
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-16 14:43:48 +01:00
Tom Cosgrove
342d00bc22 Oops, use mbedtls_free() not plain free()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-16 11:02:06 +00:00
Gilles Peskine
b1eea02f74 Implement and test mbedtls_mpi_mod_random
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-16 10:13:29 +01:00
Gilles Peskine
a57cf9813a Implement and test mbedtls_mpi_mod_raw_random
In the basic/XXX=core test cases, use odd upper bounds, because the mod
version of random() only supports odd upper bounds (the upper bound is a
modulus and the mod modules only support odd moduli).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-16 10:13:29 +01:00
Manuel Pégourié-Gonnard
057b458583
Merge pull request #6766 from wernerlewis/bignum_mod_docs
Bignum: document conventions for bignum mod and mod_raw
2022-12-16 09:58:36 +01:00
Manuel Pégourié-Gonnard
5bf8629b2c
Merge pull request #6303 from gilles-peskine-arm/bignum-core-random
Bignum: Implement mbedtls_mpi_core_random
2022-12-16 09:58:07 +01:00
Gilles Peskine
d1dd41f3fc
Merge pull request #6723 from mpg/restartable-vs-use-psa
Document ECP_RESTARTABLE and make it compatible with USE_PSA
2022-12-15 19:47:44 +01:00
Werner Lewis
6bb49ba121 Document const parameter conventions
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 17:04:43 +00:00
Tom Cosgrove
b38c2ed3d9 Fix double space between words
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Tom Cosgrove
d692ba4248 Note that (as usual) for mbedtls_mpi_mod_inv() residues must be associated with the modulus
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Tom Cosgrove
a9e0f95903 Split mbedtls_mpi_mod_inv() into separate functions for mont/non-mont form
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Tom Cosgrove
4302d02fa8 Add mbedtls_mpi_mod_inv()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Tom Cosgrove
786848b5c5 Add low-level Montgomery conversion functions to bignum_core
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Tom Cosgrove
28ff92cc3a Add an explicit mbedtls_mpi_core_montmul_working_limbs() function
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Tom Cosgrove
30f3b4d601 Add mbedtls_mpi_core_check_zero_ct() and tests
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Tom Cosgrove
e9ffb6c8e9 Fix mbedtls_platform_zeroize() call in mbedtls_mpi_mod_modulus_free()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Werner Lewis
756a34aadc Use lower case for p and r
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 14:53:43 +00:00
Werner Lewis
0f644f48e9 Add output initialization requirement
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 14:13:32 +00:00
Gilles Peskine
6b7ce968d2 Clarify some comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-15 15:04:33 +01:00
Gabor Mezei
95b754dfac
Fix documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-12-15 15:04:20 +01:00
Gabor Mezei
979d34ca7d
Add mod_raw_mul function
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-12-15 15:04:20 +01:00
Werner Lewis
214ae64349 Replace \p with \c for non-parameter code typeset
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 13:36:07 +00:00
Werner Lewis
1d89ebf548 Clarify all functions operate modulo N
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 13:35:41 +00:00
Werner Lewis
a306886b3a Add modulus to parameter ordering
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 13:35:41 +00:00
Werner Lewis
2e70b9afef Reword bignum sizes section
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 13:35:41 +00:00
Werner Lewis
2bd263da1e Fix grammar and spelling
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 13:35:40 +00:00
Werner Lewis
945a165a3c Clarify output requirements
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 13:22:27 +00:00
Werner Lewis
eac8be76d6 Remove unnecessary type comment
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 13:22:17 +00:00
Werner Lewis
e1eb75dc99 Specify modulus constraints
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-15 12:27:56 +00:00
Manuel Pégourié-Gonnard
50faa55e4d
Merge pull request #6732 from wernerlewis/bignum_6019_mod_add
Bignum: Implement mbedtls_mpi_mod_add()
2022-12-15 11:39:24 +01:00
Dave Rodgman
01f6e61781
Merge pull request #986 from Mbed-TLS/merge-back-3.3.0-3
Merge back 3.3.0 3
2022-12-14 19:18:05 +00:00
Dave Rodgman
ebef3562c3 Revert "Add generated files"
This reverts commit c18d932705.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-14 19:14:00 +00:00
Dave Rodgman
e90ed7d249 Bump versions for libmbedcrypto and libmbedtls
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-14 17:04:00 +00:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599
Allow isolation of EC J-PAKE password when used in TLS
2022-12-14 11:04:33 +01:00
Valerio Setti
a3f99591f6 sha: make SHA-224 independent from SHA-256
Using proper configuration options (i.e. MBEDTLS_SHA224_C and
MBEDTLS_SHA256_C) it is now possible to build SHA224 and SHA256
independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 10:56:54 +01:00
Manuel Pégourié-Gonnard
4064a82802
Merge pull request #5600 from yuhaoth/pr/refactor-cookie-members-of-handshake
Refactor cookie members of handshake
2022-12-14 10:55:34 +01:00
Valerio Setti
898e7a3afe test: sha: test SHA384 and SHA512 separately
This is meant to adapt to the new library design in which
SHA384 and SHA512 can be built independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 10:50:54 +01:00
Werner Lewis
eed01aabd3 Clarify wording in documentation
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-14 09:44:00 +00:00