Commit graph

12310 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
842ffc5085 Make code more robust
Using return here is only correct if we know that group_load() is atomic
(either succeeds, or allocates no ressources). I'm not sure it is, and
even if it were, goto exit is more obviously correct, so let's use that.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
94cf1f82ad Fix a typo in a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
564bc1bb96 Fix limitation in checking supported alg in pk_sign
The recent changes in pkparse made it so ECDSA (deterministic or not) is
set as the secondary alg and ECDH the first one. This broke the wrapper
in pk_wrap as it was only checking the first alg when deciding whether
to use deterministic or not. The wrapper should not have unnecessary
requirements on how algs are set up, so make the check more flexible.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
53d3e40a21 Fix unused warnings in dummy definition
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
12ea63a5f7 Abstract away MBEDTLS_PK_PARSE_EC_EXTENDED
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
fac9819edc Fix and document return of pk_ecc_set_pubkey()
One of the calling site needs to distinguish between "the format is
potentially valid but not supported" vs "other errors", and it uses
MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for that.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
ff72ea9d51 Rework pk_ecc_set_pubkey()
- Fix the logic around format: we were just assuming that if the format
was not compressed, it was uncompressed, but it could also have been
just invalid.
- Remove redundant length check: the fallback does its own checks.
- Remove set_algorithm() that's not needed and introduced a depencency
on ECDSA.
- Some style / naming / scope reduction.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
e4c883bc8c New signature for pk_ecc_set_pubkey()
Also new name, for consistency, and documentation.

The signature **p, *end is mostly for parsing functions that may not
consume everything, and need to update the "current" pointer to reflect
what has been consumed. This is not the case here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
681e30b727 Rework pk_ecc_set_pubkey_psa_ecp_fallback()
- new semantic: sets the pubkey directly in the PK context
- new name to reflect that semantic and obey the naming scheme
- trivial case first
- documentation and better parameter names

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
0b8e45650f Tune body of pk_ecc_set_pubkey_from_prv()
- avoid useless use of ret in PSA code, keep only status
- improve variable names
- keep declarations closer to use
- a few internal comments

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
de25194a20 Rename and document pk_ecc_set_pubkey_from_prv()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
d1aa642394 Document pk_ecc_set_group() and pk_ecc_set_key()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
5470898e37 Move code around again
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
997a95e592 Merge two consecutive #ifs
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
212517b87d Start re-ordering functions in pkparse
The general order is low-level first, top-level last, for the sake of
static function and avoiding forward declarations.

The obvious exception was functions that parse files that were at the
beginning; move them to the end.

Also start defining sections in the file; this is incomplete as I don't
have a clear view of the beginning of the file yet. Will continue in
further commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
df151bbc37 Minor improvements to pk_ecc_read_compressed()
- new name starting with pk_ecc for consistency
- re-order params to match the PSA convention: buf, len, &size
- add comment about input consumption

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
e82fcd9c9e Avoid nested #ifs in body of pk_get_ecpubkey()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
116175c5d7 Use helper macro for (deterministic) ECDSA
- centralizes decision making about which version to use when
- avoids nested #ifs in pk_ecc_set_key()

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
dcd98fffab Factor similar code into pk_ecc_set_key()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard
6db11d5068 Group two versions of the same code
Just moving code around. The two blocks do morally the same thing: load
the key, and grouping them makes the #if #else structure clearer.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard
d5b4372012 Slightly simplify pk_derive_public_key()
- add a comment explain potentially surprising parameters
- avoid nesting #if guards: I find the linear structure #if #elif #else
makes the three cases clearer.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard
2585852231 Factor common code into a function
There were two places that were calling either pk_update_ecparams() or
mbedtls_ecp_group_load() depending on the same guard. Factor this into a
single function, that works in both configs, so that callers don't have
to worry about guards.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard
5fcbe4c1f8 Further rationalize includes
- only include psa_util when we use PSA Crypto
- re-order includes

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard
da88c380bd Minimize key-type-related includes
- we don't use any ECDSA function here
- we only need to include ecp.h when supporting ECC keys

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard
4b0e8f0e2c Remove redundant include
It's also included later, guarded by support for ECC keys, and actually
that's the only case where we need it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:25:44 +02:00
Valerio Setti
5f5573fa90 cipher: reintroduce symbol for legacy AEAD support
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-13 17:29:27 +02:00
Dave Rodgman
515af1d80d Stop IAR warning about goto skipping variable definition
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-13 16:03:25 +01:00
Bence Szépkúti
195411bb17
Merge pull request #8062 from yanrayw/save_stack_usage_pkwrite
pkwrite: use heap to save stack usage for writing keys in PEM string
2023-10-13 14:27:13 +00:00
Dave Rodgman
2457bcd26c Tidy up logic for MBEDTLS_MAYBE_UNUSED
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-13 12:31:45 +01:00
Gilles Peskine
97a6231b5c
Revert "Fix a few IAR warnings" 2023-10-13 11:39:53 +02:00
Dave Rodgman
2d67e3a07b
Merge pull request #8352 from daverodgman/iar-fixes
Fix a few IAR warnings
2023-10-13 09:20:28 +01:00
Tom Cosgrove
71f2e398bd
Merge pull request #8345 from mcagriaksoy/branch_issue_8344
Add missing casting size_t to int on ssl_tls13_keys.c
2023-10-12 18:39:33 +00:00
Dave Rodgman
584c8108b3 Use a block to save 12b
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-12 16:55:23 +01:00
Dave Rodgman
351a81c65d Keep initialisation of p in its original location
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-12 16:36:05 +01:00
Dave Rodgman
bcb1818e19 Fix IAR 'transfer of control bypasses initialization' warnings
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-12 16:23:11 +01:00
Dave Rodgman
4b779bef9e
Merge branch 'development' into more-aes-checks
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-12 16:17:10 +01:00
Dave Rodgman
54bb76e106
Merge pull request #8348 from kasjer/kasjer/aes-rcon-rename
Rename local variable in aes.c
2023-10-12 12:30:35 +00:00
Valerio Setti
db1ca8fc33 cipher: keep MBEDTLS_CIPHER_HAVE symbols private
This commit also improve the usage of these new symbols in
cipher_wrap code

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-12 10:39:54 +02:00
Valerio Setti
e570704f1f ssl: use MBEDTLS_SSL_HAVE_[CCM/GCM/CHACHAPOLY/AEAD] macros for ssl code
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-12 10:39:37 +02:00
Dave Rodgman
4fd868e4b1
Refer to Armv8-A (not Armv8) in comments
Co-authored-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-12 09:09:42 +01:00
Jerry Yu
ab0da370a4 Add early data status update
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-12 15:02:01 +08:00
Jerry Yu
1eb0bd557d Add not-received status
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-12 15:02:01 +08:00
Jerzy Kasenberg
ee62fceade Rename local variable in aes.c
This changes local variable name RCON to round_constants.

RCON being definition in xc32 compiler headers for some PIC32 register.
Without this change, mynewt project for PIC32 platform fails to build due to
macro redefinition.

This does not changes behavior of library in any way.

Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
2023-10-11 16:36:24 +02:00
Mehmet Cagri Aksoy
56e9011bde Add casting size_t to int
Signed-off-by: Mehmet Cagri Aksoy <mcagriaksoy@yandex.com>
2023-10-11 15:28:06 +02:00
Mehmet Cagri Aksoy
66f9b3f810 Add casting size_t to int
Signed-off-by: Mehmet Cagri Aksoy <mcagriaksoy@yandex.com>
2023-10-11 15:26:23 +02:00
Dave Rodgman
b0d9830373
Merge branch 'development' into sha-armce-thumb2
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-11 13:53:41 +01:00
Valerio Setti
02a634decd md: remove unnecessary inclusions of mbedtls/md.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-11 13:15:58 +02:00
Valerio Setti
4d0e84628c ssl: reorganize guards surrounding ssl_get_ecdh_params_from_cert()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-11 13:15:29 +02:00
Valerio Setti
d4a10cebe4 cipher/tls: use new symbols for guarding AEAD code
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-11 13:10:34 +02:00
Dave Rodgman
be7915aa6c Revert renaming of SHA512 options
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-11 10:59:05 +01:00
Ronald Cron
a89d2ba132
Merge pull request #8327 from ronald-cron-arm/adapt-psa-crypto-repo-name
Adapt to new PSA Crypto repo name
2023-10-11 06:45:30 +00:00
Pengyu Lv
0ecb635ca5 aesni: select __cpuid impl based on compiler type
MinGW provides both kinds of implementations of `__cpuid`,
but since `cpuid.h` is provided by GNUC, so we should choose
the implementation by the compiler type instead of OS type.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-11 11:09:58 +08:00
Dave Rodgman
5b89c55bb8 Rename MBEDTLS_SHAxxx_USE_ARMV8_yyy to MBEDTLS_SHAxxx_USE_ARMV8_A_yyy
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 15:14:57 +01:00
Dave Rodgman
fe9fda81aa Rename MBEDTLS_ARCH_IS_ARMV8 to MBEDTLS_ARCH_IS_ARMV8_A
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 15:14:56 +01:00
Dave Rodgman
5d4ef83e01 Fix hwcap detection on 32-bit Arm
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 13:04:07 +01:00
Dave Rodgman
94a634db96 Rename A64 config options
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 12:59:29 +01:00
Pengyu Lv
e8c4bf180b aesni: declare cpuinfo as int
Change the type of array that stores the cpuinfo
data to int[4] to match the signature of `__cpuinfo`
in `intrin.h` header file.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-10 18:12:43 +08:00
Pengyu Lv
308cb232bf aesni: support cpuid on WIN32
`__cpuid` has two kinds of signatures in different
headers depending on the target OS. We make it
consistent between the usages ang the included header.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-10 17:56:12 +08:00
Dave Rodgman
78d78462ac Make asm without side-effects not optimisable-out
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-10 09:53:44 +01:00
Ronald Cron
7871cb14a7 Include psa/build_info.h instead of mbedtls/build_info.h
In PSA headers include psa/build_info.h instead
of mbedtls/build_info.h. In Mbed TLS, both are
equivalent but not in TF-PSA-Crypto where
psa/build_info.h is the correct one.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-10-10 09:35:22 +02:00
Dave Rodgman
e7ebec6723
Merge pull request #8281 from daverodgman/fix-hwonly-warnings
Improve AES hardware-only check
2023-10-09 11:25:50 +00:00
Dave Rodgman
8ba9f42acd Fix arch detection for auto setting of clang flags
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-08 10:46:25 +01:00
Dave Rodgman
866b3a1886
Merge pull request #8323 from tom-daubney-arm/fix_mbedtls_styling_docs
Correct styling of Mbed TLS in documentation
2023-10-06 19:10:10 +00:00
Thomas Daubney
540324cd21 Correct styling of Mbed TLS in documentation
Several bits of documentation were incorrectly styling Mbed TLS
as MbedTLS.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-10-06 17:07:24 +01:00
Paul Elliott
3677352631
Merge pull request #8308 from valeriosetti/issue8052
PKCS12: use one-shot API
2023-10-06 15:39:31 +00:00
Dave Rodgman
8e00fe0cd8
Merge pull request #8309 from daverodgman/iar-warnings2
Fix IAR warnings
2023-10-06 13:24:12 +00:00
Valerio Setti
e7cefae5f4 ssl: fix getting group id in ssl_check_key_curve()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-06 13:19:48 +02:00
Valerio Setti
d3925d25ec pk_internal: change guards for mbedtls_pk_ec_[ro/rw]
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-06 13:13:19 +02:00
Valerio Setti
f484884fba pkcs12: use mbedtls_cipher_crypt() instead of explicitly defining all steps
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-06 11:25:08 +02:00
Dave Rodgman
2eab462a8c Fix IAR warnings
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 13:30:37 +01:00
Dave Rodgman
9a36f4cb97 Fix cast errors on IAR
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 11:25:52 +01:00
Dave Rodgman
790370b392 code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 11:02:23 +01:00
Dave Rodgman
3ba9ce3c1d Warn if using runtime detection and no Neon
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 09:58:33 +01:00
Dave Rodgman
7ed619d3fa Enable run-time detection for Thumb and Arm
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 09:39:56 +01:00
Dave Rodgman
9bf752c45d Support MSVS with clang
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 08:20:44 +01:00
Minos Galanakis
4855fdf887 Revert "Auto-generated files for v3.5.0"
This reverts commit 591416f32b.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-05 00:17:21 +01:00
Dave Rodgman
749f2227c6 Get MBEDTLS_MAYBE_UNUSED to cover more compilers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-04 22:12:33 +01:00
Dave Rodgman
04d0d06e83 Code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-04 18:05:08 +01:00
Dave Rodgman
ebe4292a9c Improve behaviour on gcc targetting arm or thumb
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-04 17:36:44 +01:00
Dave Rodgman
793e264fbb Fix indentation
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-04 17:36:20 +01:00
Minos Galanakis
e35e387ad7 Bump library so-crypto, so-x509, so-tls versions.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-04 16:17:46 +01:00
Minos Galanakis
8f4c19a680 Merge pull request #8273 from davidhorstmann-arm:target-prefix-3rdparty
Add MBEDTLS_TARGET_PREFIX to 3rdparty CMake
2023-10-04 16:03:22 +01:00
Dave Rodgman
feadcaf4a6 Support MBEDTLS_MAYBE_UNUSED in MSVC and IAR
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-04 15:27:33 +01:00
Dave Rodgman
18ddf61a75 Use MBEDTLS_MAYBE_UNUSED to simplify aes.c and let compiler remove unused variables
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-04 14:03:12 +01:00
Dave Rodgman
1ec1a0f0cc Introduce MBEDTLS_MAYBE_UNUSED
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-04 13:50:54 +01:00
Minos Galanakis
591416f32b Auto-generated files for v3.5.0
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-04 00:55:02 +01:00
Minos Galanakis
31ca313efa Bump version to 3.5.0
```
./scripts/bump_version.sh --version 3.5.0
```

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-03 22:02:18 +01:00
Minos Galanakis
1a3ad265cc Merge branch 'development-restricted' into mbedtls-3.5.0rc0-pr
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-03 21:57:51 +01:00
Dave Rodgman
cc5bf4946f Make SHA256 depend on Armv8, not aarch64
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-03 18:02:56 +01:00
Gilles Peskine
3713bee34c Remove leftover local debug line
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 18:43:18 +02:00
Gilles Peskine
7910cdd47f Avoid compiler warning about size comparison
GCC warns about comparing uint8_t to a size that may be >255.

Strangely, casting the uint8_t to a size_t in the comparison expression
doesn't avoid the warning. So change the type of the variable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 16:11:05 +02:00
Gilles Peskine
530c423ad2 Improve some debug messages and error codes
On a parsing error in TLS, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE, not a
crypto error code.

On error paths, emit a level-1 debug message. Report the offending sizes.

Downgrade an informational message's level to 3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 15:42:11 +02:00
Gilles Peskine
c29df535ee Improve robustness of ECDH public key length validation
In client-side code with MBEDTLS_USE_PSA_CRYPTO, use the buffer size to
validate what is written in handshake->xxdh_psa_peerkey. The previous code
was correct, but a little fragile to misconfiguration or maintenance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 15:02:39 +02:00
Gilles Peskine
c8df898204 Fix buffer overflow in TLS 1.2 ClientKeyExchange parsing
Fix a buffer overflow in TLS 1.2 ClientKeyExchange parsing. When
MBEDTLS_USE_PSA_CRYPTO is enabled, the length of the public key in an ECDH
or ECDHE key exchange was not validated. This could result in an overflow of
handshake->xxdh_psa_peerkey, overwriting further data in the handshake
structure or further on the heap.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 15:02:33 +02:00
Gilles Peskine
12c5aaae57 Fix buffer overflow in TLS 1.3 ECDH public key parsing
Fix a buffer overflow in TLS 1.3 ServerHello and ClientHello parsing. The
length of the public key in an ECDH- or FFDH-based key exchange was not
validated. This could result in an overflow of handshake->xxdh_psa_peerkey,
overwriting further data in the handshake structure or further on the heap.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 15:02:10 +02:00
Dave Rodgman
a06d45ec4a Code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-29 18:59:34 +01:00
Dave Rodgman
450c1ff353 Fix some more incorrect guards in aes.c
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-29 16:23:37 +01:00
Gilles Peskine
16e9256fe8
Merge pull request #8272 from daverodgman/iar-warnings
Fix IAR warnings
2023-09-29 13:11:03 +00:00
Dave Rodgman
e81a632257 Restore missing #if
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-29 13:54:27 +01:00
Dave Rodgman
782df03553 Improve AES hardware-only check
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-29 13:04:36 +01:00
David Horstmann
de527fbfe0 Add MBEDTLS_TARGET_PREFIX to 3rdparty CMake
MBEDTLS_TARGET_PREFIX is prepended to the CMake targets for Mbed TLS
except for targets in 3rdparty. Change this so that 3rdparty targets use
the prefix as well.

This allows multiple copies of Mbed TLS to be used in the same CMake
tree when using code in the 3rdparty directory.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-09-28 18:39:33 +01:00
Dave Rodgman
90330a4a2d Fix IAR control bypasses initialisation warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 18:13:46 +01:00
Dave Rodgman
02a53d7bef Fix IAR pointless integer comparison
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 17:19:50 +01:00
Dave Rodgman
7e9af05409 Fix IAR control bypasses initialisation warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 17:08:49 +01:00
Dave Rodgman
73d8591f7f Fix IAR change of sign warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 17:00:50 +01:00
Gilles Peskine
42f8d5f0c9
Merge pull request #8261 from Mbed-TLS/fix-cmake-header-include
Add CMake include path for generated header
2023-09-28 15:16:15 +00:00
Manuel Pégourié-Gonnard
f07ce3b8ff Don't extend support for deprecated functions
Restore guards from the previous release, instead of the new, more
permissive guards.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-28 08:51:51 +02:00
Dave Rodgman
0fc86b2ddf
Merge pull request #8075 from valeriosetti/issue8016
driver-only ECC: curve acceleration macros
2023-09-27 14:39:02 +00:00
David Horstmann
b7b4f23c38 Add CMake include path for generated header
Now that we are generating psa_crypto_driver_wrappers.h, we need to pass
build/library as an include directory.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-09-27 14:05:32 +01:00
Xiaokang Qian
e9dc63e069 No need to include the 3rd party entry point head file
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
b909aeafa3 Remove useless spaces in Makefile
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
0e5b53c7e4 Move the dependency adjacent to the generated file
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
1b61d6e13f Change include guards of psa_crypto_driver_wrappers_no_static.h
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
845693c513 Change comments to psa_crypto_driver_wrappers.h
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
fe9666b8c0 Change the extension type of the file psa_crypto_driver_wrapper
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
54a4fdfe91 Automaticly generate psa_crypto_driver_wrappers_no_static.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
97d1ccb781 Dont't generate object file for file only include static functions
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
42266dd670 Revert the Makefile to remove the dependency of generate_files
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
9345b2e98f Move functions out of the static file
Move get_key_buf_size/get_builtin_key out of
    the psa wrapper auto generated file
Slot_management.c include the head file instead of the source file

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
cad99fa998 Change code style
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
e9c39c42fd Enable build of non-static psa wrapper functions
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
e518eeada9 Move function psa_driver_wrapper_export_public_key out of auto-generated
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
5db65c72ec Remove static inline functions declare and make it only in c file
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:06 +00:00
Xiaokang Qian
077ffc0991 Ensure build of P256 pass
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:06 +00:00
Xiaokang Qian
b862031afa Remove useless declaration
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:06 +00:00
Thomas Daubney
7046468a02 Define the psa wrapper functions as static inline
This is a commit from Thomas Daubney.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:06 +00:00
Gilles Peskine
391dd7fe87 Fix propagation of return value from parse_attribute_value_hex_der_encoded
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-25 19:59:31 +02:00
Gilles Peskine
7f420faf03 parse_attribute_value_hex_der_encoded: clean up length validation
Separate the fits-in-buffer check (*data_length <= data_size) from the
we-think-it's-a-sensible-size check (*data_length <=
MBEDTLS_X509_MAX_DN_NAME_SIZE).

This requires using an intermediate buffer for the DER data, since its
maximum sensible size has to be larger than the maximum sensible size for
the payload, due to the overhead of the ASN.1 tag+length.

Remove test cases focusing on the DER length since the implementation no
longer has a threshold for it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-25 19:59:31 +02:00
Gilles Peskine
7077781af5 Fix integer overflow with an input buffer larger than INT_MAX
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-25 19:59:31 +02:00
Gilles Peskine
25665781f6 Rewrite parse_attribute_value_hex_der_encoded()
Rename the function from parse_attribute_value_der_encoded: the hex aspect
seems important.

There was a buffer overflow due to not validating that the intermediate data
fit in the stack buffer. The rewrite doesn't use this buffer, and takes care
not to overflow the buffer that it does use.

Document all that's going on.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-25 19:59:31 +02:00
Dave Rodgman
6da7872aa2
Merge pull request #1083 from gilles-peskine-arm/development-restricted-merge-20230925
Merge development into development-restricted
2023-09-25 18:16:01 +01:00
Valerio Setti
c437faeaa1 psa_crypto: fix guards in mbedtls_ecc_group_to_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Valerio Setti
db6b4db7a0 Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Valerio Setti
cf29c5d9d5 ssl: don't require MBEDTLS_ECP_DP with TLS1.3
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Valerio Setti
6d809cc969 lib/test: use new internal helpers in library's code and tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Valerio Setti
f250ada3ab tls/oid: add PSA_WANT_ECC_xxx guards together with existing MBEDTLS_ECP_DP_xxx
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:40 +02:00
Gilles Peskine
ffe590d197
Merge pull request #1058 from waleed-elmelegy-arm/check-set_padding-is-called
Check set_padding has been called in mbedtls_cipher_finish
2023-09-25 17:12:36 +02:00
Minos Galanakis
21087754a5 x509_crt: Removed unused intsafe.h
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 15:17:38 +01:00
Gilles Peskine
ca1e605b9c Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925
Conflicts:
* `include/mbedtls/build_info.h`: a new fragment to auto-enable
  `MBEDTLS_CIPHER_PADDING_PKCS7` was added in
  c9f4040f7f in `development-restricted`.
  In `development`, this section of the file has moved to
  `include/mbedtls/config_adjust_legacy_crypto.h`.
* `library/bignum.c`: function name change in `development-restricted` vs
  comment change in development. The comment change in `development` is not
  really relevant, so just take the line from `development-restricted`.
2023-09-25 16:16:26 +02:00
Minos Galanakis
a9bb34cd73 x509_crt: Removed length_as_int intermediate variable
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:42:41 +01:00
Minos Galanakis
59108d3f4d x509_crt: Adjusted the len of lpMultiByteStr arg in WideCharToMultiByte
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:23 +01:00
Minos Galanakis
08a67ccefd x509_crt: Set WideCharToMultiByte to use -1 for length.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>

WideCharToMultiByte
2023-09-25 14:12:23 +01:00
Minos Galanakis
40995e1390 x509_crt: Removed checks for windows versions < WINXP
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:22 +01:00
Minos Galanakis
fac45fbafe entropy_poll: Removed checks for windows versions < WINXP
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:22 +01:00
Minos Galanakis
e8a5d1afbd entropy_poll: Updated documentation for entropy_poll loop.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:22 +01:00
Minos Galanakis
2c6e561ff8 entropy_poll.c: Added looping logic to mbedtls_platform_entropy_poll().
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:22 +01:00
Minos Galanakis
4952f705ee Removed unsupported Visual Studio related code in entropy_poll.c and x509_crt.c.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:22 +01:00
Minos Galanakis
12b493f4dc entropy_poll/x509_crt: Added MBEDTLS_POP_TARGET_PRAGMA define guards.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:21 +01:00
Minos Galanakis
24a1c16fac library Makefile: Moved -lbcrypt to LOCAL_LDFLAGS
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:21 +01:00
Minos Galanakis
a277b210ff Code style fixes
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:21 +01:00