The general order is low-level first, top-level last, for the sake of
static function and avoiding forward declarations.
The obvious exception was functions that parse files that were at the
beginning; move them to the end.
Also start defining sections in the file; this is incomplete as I don't
have a clear view of the beginning of the file yet. Will continue in
further commits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- new name starting with pk_ecc for consistency
- re-order params to match the PSA convention: buf, len, &size
- add comment about input consumption
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- centralizes decision making about which version to use when
- avoids nested #ifs in pk_ecc_set_key()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Just moving code around. The two blocks do morally the same thing: load
the key, and grouping them makes the #if #else structure clearer.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- add a comment explain potentially surprising parameters
- avoid nesting #if guards: I find the linear structure #if #elif #else
makes the three cases clearer.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
There were two places that were calling either pk_update_ecparams() or
mbedtls_ecp_group_load() depending on the same guard. Factor this into a
single function, that works in both configs, so that callers don't have
to worry about guards.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- we don't use any ECDSA function here
- we only need to include ecp.h when supporting ECC keys
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
It's also included later, guarded by support for ECC keys, and actually
that's the only case where we need it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This changes local variable name RCON to round_constants.
RCON being definition in xc32 compiler headers for some PIC32 register.
Without this change, mynewt project for PIC32 platform fails to build due to
macro redefinition.
This does not changes behavior of library in any way.
Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
In PSA headers include psa/build_info.h instead
of mbedtls/build_info.h. In Mbed TLS, both are
equivalent but not in TF-PSA-Crypto where
psa/build_info.h is the correct one.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
GCC warns about comparing uint8_t to a size that may be >255.
Strangely, casting the uint8_t to a size_t in the comparison expression
doesn't avoid the warning. So change the type of the variable.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
On a parsing error in TLS, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE, not a
crypto error code.
On error paths, emit a level-1 debug message. Report the offending sizes.
Downgrade an informational message's level to 3.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In client-side code with MBEDTLS_USE_PSA_CRYPTO, use the buffer size to
validate what is written in handshake->xxdh_psa_peerkey. The previous code
was correct, but a little fragile to misconfiguration or maintenance.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix a buffer overflow in TLS 1.2 ClientKeyExchange parsing. When
MBEDTLS_USE_PSA_CRYPTO is enabled, the length of the public key in an ECDH
or ECDHE key exchange was not validated. This could result in an overflow of
handshake->xxdh_psa_peerkey, overwriting further data in the handshake
structure or further on the heap.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix a buffer overflow in TLS 1.3 ServerHello and ClientHello parsing. The
length of the public key in an ECDH- or FFDH-based key exchange was not
validated. This could result in an overflow of handshake->xxdh_psa_peerkey,
overwriting further data in the handshake structure or further on the heap.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
MBEDTLS_TARGET_PREFIX is prepended to the CMake targets for Mbed TLS
except for targets in 3rdparty. Change this so that 3rdparty targets use
the prefix as well.
This allows multiple copies of Mbed TLS to be used in the same CMake
tree when using code in the 3rdparty directory.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
