mbedtls

Author	SHA1	Message	Date
Gilles Peskine	5b7e1644a7	Document the need to call psa_crypto_init() with USE_PSA_CRYPTO When MBEDTLS_USE_PSA_CRYPTO is enabled, the application must call psa_crypto_init() before directly or indirectly calling cipher or PK code that will use PSA under the hood. Document this explicitly for some functions. To avoid clutter, this commit only documents the need to call psa_crypto_init() in common, non-obvious cases: parsing a public key directly or via X.509, or setting up an SSL context. Functions that are normally only called after such a function (for example, using an already constructed PK object), or where the need for PSA is obvious because they take a key ID as argument, do not need more explicit documentaion. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 20:10:29 +01:00
Gilles Peskine	a8d7e438e6	Move non-boolean config options to the proper section Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 20:10:20 +01:00
Gilles Peskine	8c2830a06a	Document what "TLS 1.3 depends on PSA" entails Explicitly document that when using TLS 1.3, you must initialize PSA crypto before starting a handshake. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 20:06:35 +01:00
Dave Rodgman	f4385faa6f	Merge pull request #7188 from paul-elliott-arm/interruptible_sign_hash_complete_after_start_fail Interruptible {sign\|verify} hash - Call complete() after start() failure.	2023-03-01 17:18:08 +00:00
Paul Elliott	42585f678b	Merge pull request #7176 from paul-elliott-arm/interruptible_sign_hash_verify_test_improvements Interruptible {sign\|verify} hash verification test improvements	2023-03-01 15:00:45 +00:00
Paul Elliott	ebf2e38662	Merge pull request #7177 from paul-elliott-arm/interruptible_sign_hash_improve_num_ops_testing Interruptible sign hash improve num ops testing	2023-03-01 14:59:44 +00:00
Paul Elliott	de7c31e082	Improve comment wording Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-01 14:43:52 +00:00
Paul Elliott	d1cddff71a	Merge pull request #7189 from daverodgman/armcc-fix Fix macro redefinition warning from armclang	2023-03-01 11:59:26 +00:00
Gilles Peskine	1eae11565d	Merge pull request #6949 from bensze01/replace_pkcs7_fuzzer_tests Replace fuzzer-generated PKCS #7 memory management tests	2023-03-01 10:46:22 +01:00
Gilles Peskine	802ff1b116	Merge pull request #7147 from paul-elliott-arm/interruptible_sign_hash_codestyle_drivers Remove driver entry points for psa_{get\|set}_max_ops()	2023-03-01 10:46:09 +01:00
Dave Rodgman	914c632646	Whitespace Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-01 09:30:14 +00:00
Dave Rodgman	e47899df20	Fix macro redefinition warning from armcc Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-28 17:39:03 +00:00
Paul Elliott	7c17308253	Add num_ops tests to sign and verify interruptible hash This is the only test usable for non-deterministic ECDSA, thus needs this code path testing as well. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:23:29 +00:00
Paul Elliott	8359c14c14	Add hash corruption test to interruptible verify test Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:23:29 +00:00
Paul Elliott	c1e0400bac	Add test to check not calling get_num_ops() Make sure that not calling get_num_ops() inbetweeen calls to complete() does not mean that ops get lost (Regression test for previous fix). Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:20:14 +00:00
Paul Elliott	9e8819f356	Move 'change max_ops' test into ops tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:20:14 +00:00
Paul Elliott	5770224ef3	Rename max ops tests to ops tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:20:14 +00:00
Gilles Peskine	7e677fa2c5	Merge pull request #6389 from gilles-peskine-arm/ecdsa-use-psa-without-pkwrite Remove pkwrite dependency in pk using PSA for ECDSA	2023-02-28 18:17:16 +01:00
Gilles Peskine	b52b788e55	Merge pull request #6895 from yuhaoth/pr/add-aes-with-armv8-crypto-extension Add AES with armv8 crypto extension	2023-02-28 18:16:37 +01:00
Paul Elliott	587e780812	Test calling complete() after {sign\|verify}_hash_start fails Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:13:39 +00:00
Gilles Peskine	e4616830b3	Merge pull request #7137 from lpy4105/issue/1785/ssl-test-script-fail compat.sh: Skip static ECDH cases if unsupported in openssl	2023-02-28 18:11:39 +01:00
Dave Rodgman	17152df58d	Merge pull request #7175 from paul-elliott-arm/interruptible_sign_hash_test_comments Interruptible sign hash test comments	2023-02-28 17:09:43 +00:00
Gilles Peskine	ebb63420cc	Merge pull request #7124 from oberon-microsystems/fix-test-output-length-on-success-only Fix test to check output length on PSA_SUCCESS only	2023-02-28 18:09:33 +01:00
Bence Szépkúti	35d674a6ee	Replace usage of echo -e in pkcs7 data Makefile This use of the shell builtin is not portable. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2023-02-28 17:01:21 +01:00
Dave Rodgman	ffb4dc38c8	Merge pull request #7183 from paul-elliott-arm/interruptible_sign_hash_test_max_ops_0 Interruptible {sign\|verify} hash : Change max_ops=min tests to use a value of zero.	2023-02-28 15:56:01 +00:00
Bence Szépkúti	4a2fff6369	Fix expected error code This was overlooked during the rebase. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2023-02-28 16:40:27 +01:00
Paul Elliott	6a459f5de5	Merge pull request #7143 from paul-elliott-arm/interruptible_sign_hash_codestyle_wipeout Update psa_wipe_output_buffer() and change name to psa_wipe_tag_output_buffer()	2023-02-28 15:34:06 +00:00
Paul Elliott	148903ca7d	Merge pull request #7185 from paul-elliott-arm/interruptible_sign_hash_pacify_clang Interruptible {sign\|verify} hash - Pacify Clang 15	2023-02-28 15:31:15 +00:00
Jerry Yu	608e1093de	Improve comment about conflicts between aesce and sha512-crypto Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-28 12:50:00 +08:00
Paul Elliott	15d7d43904	Pacify Clang 15 Changes for interruptible {sign\|verify} hash were not merged at the time of the previous clang 15 /retval fixes, thus this fixes code added at that time. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-27 17:25:57 +00:00
Dave Rodgman	dd4427cc5b	Merge pull request #7169 from AndrzejKurek/mpi-window-size Reduce the default MBEDTLS_ECP_WINDOW_SIZE value from 6 to 2	2023-02-27 17:12:38 +00:00
Paul Elliott	ac2251dad1	Merge pull request #7076 from mprse/parse_RFC822_name Add parsing of x509 RFC822 name + test	2023-02-27 14:16:13 +00:00
Paul Elliott	cd7e8bce03	Change max_ops=min tests to use zero Zero is the minimum value defined by the spec, just because the internal implementation treats zero and one as the same thing does not mean that other implementations will also do so. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-27 12:21:36 +00:00
Stephan Koch	5819d2c141	Feedback from Arm: guarantee that output_length <= output_size even on error, to reduce the risk that a missing error check escalates into a buffer overflow in the application code Signed-off-by: Stephan Koch <koch@oberon.ch>	2023-02-27 11:49:13 +01:00
oberon-sk	10c0f770ce	asymmetric_encrypt: check output length only if return code is PSA_SUCCESS. Signed-off-by: Stephan Koch <koch@oberon.ch>	2023-02-27 11:48:51 +01:00
Paul Elliott	c2033502f5	Give edge case tests a better name Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-26 18:47:58 +00:00
Paul Elliott	c7f6882995	Add comments to each test case to show intent Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-26 18:47:58 +00:00
Paul Elliott	7118d17df1	Pacify code style checker Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-26 16:57:05 +00:00
Paul Elliott	dc42ca8a7e	Use psa_wipe_tag_buffer() for MAC and aead code. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-24 18:11:59 +00:00
Paul Elliott	7bc24cc512	Fix typos in documentation. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-24 18:04:16 +00:00
Paul Elliott	a16ce9f601	Remove driver entry points for {get\|set}_max_ops(). Move the global variable to the PSA layer, and just set that when calling PSA level functions. Move the internal ecp set to before each ecp call. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-24 14:44:18 +00:00
Bence Szépkúti	248971348b	Replace fuzzer-generated PKCS7 regression tests This commit adds well-formed reproducers for the memory management issues fixed in the following commits: `290f01b3f5` `e7f8c616d0` `f7641544ea` Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2023-02-24 15:31:03 +01:00
Andrzej Kurek	86f30ff626	Reduce the default MBEDTLS_ECP_WINDOW_SIZE value to 2 As tested in https://github.com/Mbed-TLS/mbedtls/issues/6790, after introducing side-channel counter-measures to bignum, the performance of RSA decryption in correlation to the MBEDTLS_ECP_WINDOW_SIZE has changed. The default value of 2 has been chosen as it provides best or close-to-best results for tests on Cortex-M4 and Intel i7. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-24 07:51:21 -05:00
Paul Elliott	a3b625b0a1	Merge pull request #7098 from gilles-peskine-arm/retval-non-empty Pacify Clang 15 about empty \retval	2023-02-24 09:10:53 +00:00
Jerry Yu	c66deda4c5	Add explanation for aesce limitation Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-24 11:42:07 +08:00
Jerry Yu	aa18c4bf96	Add comments about travis test. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-24 11:18:41 +08:00
Jerry Yu	ba1e78f1c2	fix code style and comment issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-24 11:18:16 +08:00
Gilles Peskine	2fb4e14397	Words. Use them! Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-23 13:37:54 +01:00
Gilles Peskine	4348a83bc8	Further documentation improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-23 13:03:30 +01:00
Pengyu Lv	9e7bb2a92c	Update some comments Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-23 16:03:56 +08:00

1 2 3 4 5 ...

23650 commits