MULADDC_CORE reads from (%%rsi) and writes to (%%rdi). This fragment is
repeated up to 16 times, and %%rsi and %%rdi are s and d on entry
respectively. Hence the complete asm statement reads 16 64-bit words
from memory starting at s, and writes 16 64-bit words starting at d.
Without any declaration of modified memory, Clang 12 and Clang 13 generated
non-working code for mbedtls_mpi_mod_exp. The constraints make the unit
tests pass with Clang 12.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This parameter was set but not used, which was pointless. Clang 14 detects
this and legitimately complains.
Remove the parameter. This is an internal function, only called once. The
caller already has a sufficient check on the output buffer size which
applies in more cases, so there is no real gain in robustness in adding the
same check inside the internal function.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The numerical identifier of the CID extension hasn't been settled yet
and different implementations use values from different drafts. Allow
configuring the value at compile time.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The makefiles look for python3 on Unix-like systems where python is often
Python 2. This uses sh code so it doesn't work on Windows. On Windows, the
makefiles just assume that python is Python 3.
The code was incorrectly deciding not to try python3 based on WINDOWS_BUILD,
which indicates that the build is *for* Windows. Switch to checking WINDOWS,
which indicates that the build is *on* Windows.
Fix#4774
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable()
now take an extra parameter indicating the size of the output buffer for the
signature.
No change to RSA because for RSA, the output size is trivial to calculate.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The persistence level PSA_KEY_PERSISTENCE_READ_ONLY can now only be used
as intended, for keys that cannot be modified through normal use of the API.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
* development: (66 commits)
Document the return type change in the migration guide
Fix return type of example key export callbacks
Add change log
psa: mac: Add driver dispatch tests for psa_mac_verify
psa: mac: Add driver delegation support for psa_mac_verify()
psa: mac: Introduce psa_mac_compute_internal
psa: mac: Add driver dispatch tests for psa_mac_compute
psa: mac: Improve MAC finalization code
psa: mac: Add driver delegation support for psa_mac_compute()
psa: mac: Add MAC compute builtin implementation
psa: mac: Improve implementation of psa_mac_finalize_alg_and_key_validation()
psa: mac: Split psa_mac_setup()
psa: mac: Re-organize psa_mac_setup() internal function
Move export callback and context to the end of SSL context
Improve ChangeLog wording for key export
Remove return value from key export callback
Make key export callback and context connection-specific
Remove all occurrences of TLS < 1.2 PRF identifier
Remote key export identifier used for TLS < 1.2.
Add missing documentation for key export callback parameters
...
mbedtls_mpi_read_binary{,_le} (in https://github.com/ARMmbed/mbedtls/pull/4276)
and mbedtls_mpi_read_string (in https://github.com/ARMmbed/mbedtls/pull/4644)
changed their behavior on an empty input from constructing an MPI object with
one limb to not allocating a limb. In principle, this change should be
transparent to applications, however it caused a bug in the library and it does
affect the value when writing back out, so list the change in the changelog.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>