Move the global variable to the PSA layer, and just set that when calling PSA
level functions.
Move the internal ecp set to before each ecp call.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit adds well-formed reproducers for the memory management
issues fixed in the following commits:
290f01b3f5e7f8c616d0f7641544ea
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
As tested in https://github.com/Mbed-TLS/mbedtls/issues/6790,
after introducing side-channel counter-measures to bignum,
the performance of RSA decryption in correlation to the
MBEDTLS_ECP_WINDOW_SIZE has changed.
The default value of 2 has been chosen as it provides best
or close-to-best results for tests on Cortex-M4 and Intel i7.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
If MBEDTLS_PSA_CRYPTO_C is enabled, we always enable
MBEDTLS_PSA_CRYPTO_CLIENT, since the client-side functions are part of the
full PSA crypto feature set. Historically, we didn't have a good place for
configuration modification, so we did this early in the crypto.h include
tree. Since Mbed TLS 3.0, we have mbedtls/build_info.h for that.
Addresses https://github.com/Mbed-TLS/mbedtls/issues/7144 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Before, if psa/crypto_platform.h was overridden and the override didn't
include "mbedtls/build_info.h", it was possible to end up with parts of
the headers not taking the library configuration into account, if no
mbedtls header was included before "psa/crypto.h". Make sure that
the mbedtls configuration is visible from the start, no matter what is
or is not in the platform header.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and
MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes
after the standard directory in the include file search path.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Integrators of Mbed TLS may override the header files
"psa/crypto_platform.h" and "psa/crypto_struct.h" by overwriting the files
or by placing alternative versions earlier in the include file search path.
These two methods are sometimes inconvenient, so allow a third method which
doesn't require overwriting files or having a precise order for the include
path: integrators can now specify alternative names for the headers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Change name and document to ensure suitability only for "tags" is explicit. Add
support for output size of zero in PSA_SUCCESS case.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
The mechanism of detecting unsupported ciphersuites
for OpenSSL client doesn't work on a modern OpenSSL.
At least, it fails on Travis CI which is installed
with OpenSSL 1.1.1f. So we need to skip ECDH cipher-
suites for O->m.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Also while at it, fix debug level for existing DEBUG_RET: errors should
always be level 1.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Found by depends.py MBEDTLS_SHA512_C
In principle, the case where neither SHA-256 nor SHA-384 are available
should never occur, as both TLS 1.2 and TLS 1.3 depend on one of those
being defined. However for now dependencies for TLS 1.2 are not as tight
as they should be; this will be fixed later and is tracked as #6441.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
That's the last family of functions. All calls to mbedtls_sha* and
psa_hash_* in library/ssl_tls.c are now checked for errors.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
On top on some calls not being checked, the PSA path was missing a call
to abort() on errors.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
A few functions were changed from returning void to returning int three
commits ago. Make sure their callers check the return values.
This commits was basically a matter of declaring newly-int-returning
functions MBEDTLS_CHECK_RETURN_CRITICAL and then fixing the resulting
warnings. A few functions had to be made int in the process; they were
applied the same process as well.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This function was manually resetting just the hash that would be used;
it's simpler to just call the function that resets all hashes. This also
avoids calling low-level code from TLS 1.3.
While at it, remove the guards about SHA-256 || SHA-384 that were around
update_checksum, as they are redundant: update_checksum already has
appropriate guards (and TLS 1.3 already depends on one of those tow
hashes being present anyway).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This part can fail, so it shouldn't be intermixed with the part that
can't fail and is there to ensure all structures are in a clean state,
should any error happen.
Fortunately, the part that should be split out already had a function
doing it: reset_checksum. Also, handshake_params_init had only one
calling site to update.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
There are three family of functions: update_checksum, calc_verify,
calc_finished, that perform hashing operations and were returning void
so far. This is not correct, as hashing functions can return errors (for
example, on hardware failure when accelerated). Change them to return
int.
This commit just changes the types: for now the functions always return
0, and their return value is not checked; this will be fixed in the
next few commits.
There is a related function in TLS 1.3,
mbedtls_ssl_reset_transcript_for_hrr, which also handles hashes, and
already returns int but does not correctly check for errors from hashing
functions so far, it will also be handled in the next few commits.
There's a special case with handshake_params_init: _init functions
should return void, so we'll need to split out the part that can return
errors, see the next commit.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>