Gilles Peskine
1f13e984ad
Merge pull request #5529 from superna9999/5514-translate-psa-errs-to-mbedtls
...
Rename, move and refine PSA to mbedtls PK errors mappings
2022-03-03 13:30:29 +01:00
Gilles Peskine
644b3f6072
Unify module documentation with --help text
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-03 10:23:09 +01:00
Gilles Peskine
93c2a42166
Don't require ABI tools if not checking the ABI
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-03 10:22:36 +01:00
Gilles Peskine
d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters
...
Add function to get message digest info from context
2022-03-02 16:44:26 +01:00
Gilles Peskine
5459a15863
Merge pull request #5365 from Tachi107/msvc-utf-8
...
build(msvc): always assume source files are in UTF-8
2022-03-02 16:42:33 +01:00
Gilles Peskine
e8c8300190
Merge pull request #5581 from superna9999/pk-move-rename-rsa-ec-key-sizes
...
Move max sizes of RSA & EC DER keys into public header
2022-03-02 16:41:53 +01:00
Przemek Stekiel
38df86cc6c
Simplyfy asymmetric_decrypt() test function
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-02 09:11:04 +01:00
Przemek Stekiel
e894c5c4a5
Fix code style (indentation) in ssl_tls13_generate_and_write_ecdh_key_exchange()
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-02 08:45:56 +01:00
Gilles Peskine
a9b4c436ee
Merge pull request #5588 from gilles-peskine-arm/mypy-on-jenkins
...
Make mypy unconditional
2022-03-01 20:48:42 +01:00
Gilles Peskine
e356f075f5
Merge pull request #5512 from gilles-peskine-arm/psa-driver-interface-tweaks-202201
...
PSA driver description spec: minor tweaks to the JSON format
2022-03-01 20:46:14 +01:00
Gilles Peskine
92e08fba4c
Merge pull request #5475 from miudr/fix_issue_5140
...
Fix AEAD multipart incorrect offset in test_suite_psa_crypto.function
2022-03-01 20:45:54 +01:00
Dave Rodgman
2cf0d4f072
Merge pull request #5584 from gilles-peskine-arm/cmake-Wunused-function
...
Build tests with -Wunused-function with cmake
2022-03-01 19:17:16 +00:00
Paul Elliott
06898650f9
Merge pull request #5471 from yuhaoth/pr/add-tls13-client-certificate-verify
...
TLS1.3: Add write client Certificate and CertificateVerify
2022-03-01 18:42:00 +00:00
Przemek Stekiel
4400be408b
Adapt test cases for invalid bits with and without ECC keys enabled
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 17:02:46 +01:00
Przemek Stekiel
15565eeb59
Move publick key check out of MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 17:01:39 +01:00
Neil Armstrong
19915c2c00
Rename error translation functions and move them to library/pk_wrap.*
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-01 15:21:02 +01:00
Przemek Stekiel
a81aed2dae
Clean up init values of psa crypto status and fix switch default case
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 15:13:30 +01:00
Przemek Stekiel
f110dc05be
Clenup conditional compilation flags.
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 14:48:05 +01:00
Przemek Stekiel
dcab6ccb3b
Return PSA_ERROR_INVALID_ARGUMENT for a public key, and PSA_ERROR_NOT_SUPPORTED for a type that is not handled.
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 14:29:49 +01:00
Neil Armstrong
0f49f83625
Use now shared ECP_PUB_DER_MAX_BYTES define in pk_wrap.c
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-01 10:05:33 +01:00
Neil Armstrong
e9ecd27890
Rename max sizes of RSA & EC DER keys defines
...
Rename to match the required pattern of defines:
'^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$'
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-01 10:03:21 +01:00
Neil Armstrong
e0326a6acc
Move max sizes of RSA & EC DER keys into private pkwrite.h
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-01 09:58:58 +01:00
Gilles Peskine
5831b4fd77
Merge pull request #5372 from AndrzejKurek/doxygen-fixes-compact-doxyfile
...
Remove default values and comments from mbedtls.doxyfile
2022-02-28 23:49:15 +01:00
Neil Armstrong
4766f99fe5
Add multi-part mac sign/verify test
...
The test is based on the AEAD multi-part test, re-using the
design on aead_multipart_internal_func() to test differnet
sequence of psa_mac_update() for MAC update or verify.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-28 18:37:30 +01:00
Gilles Peskine
f48bd4bccb
Merge pull request #5371 from AndrzejKurek/doxygen-duplicate-parameter-docs
...
doxygen: merge multiple descriptions of the same return codes
2022-02-28 17:09:45 +01:00
Gilles Peskine
0037fcd6c7
Merge pull request #4910 from gilles-peskine-arm/check_config-chachapoly-development
...
Add check_config checks for AEAD
2022-02-28 17:07:48 +01:00
Gilles Peskine
254efe5f0c
Make mypy unconditional
...
Running mypy was optional for a transition period when it wasn't installed
on the CI. Now that it is, make it mandatory, to avoid silently skipping an
expected check if mypy doesn't work for some reason.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-28 16:06:36 +01:00
Neil Armstrong
60234f87a6
Revert "Introduce new mac_key_policy_multi() variant of mac_key_policy() testing multiple updates occurences"
...
This reverts commit 3ccd08b343
.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-28 15:21:38 +01:00
Gilles Peskine
9c656ec718
Fix unused function warning
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-26 19:56:12 +01:00
Gilles Peskine
d5438a5678
Enable -Wunused-function in cmake builds for tests
...
This has been the case when building with make since
d3d8a64dfa
. Be consistent.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-26 19:54:41 +01:00
Glenn Strauss
0ebf24a668
Adjust comment describing mbedtls_ssl_conf_sni()
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Glenn Strauss
48a37f01b3
Add cert_cb use to programs/ssl/ssl_server2.c
...
(for use by some tests/)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Glenn Strauss
6989407261
Add accessor to retrieve SNI during handshake
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Glenn Strauss
36872dbd0b
Provide means to reset handshake cert list
...
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null. Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:48 -05:00
Glenn Strauss
2ed95279c0
Add server certificate selection callback
...
https://github.com/ARMmbed/mbedtls/issues/5430
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 17:31:49 -05:00
Steven Cooreman
4b94f10b93
Add changelog entry for zeroizing key buffers before freeing
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2022-02-25 16:53:11 +01:00
Neil Armstrong
3ccd08b343
Introduce new mac_key_policy_multi() variant of mac_key_policy() testing multiple updates occurences
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 16:15:08 +01:00
Neil Armstrong
ee9686b446
Fix style issue in hash_setup()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:47:34 +01:00
Gilles Peskine
9a34b60a99
Merge pull request #5576 from AndrzejKurek/raw-key-agreement-destroy-missing
...
Add missing key destruction calls in ssl_write_client_key_exchange
2022-02-25 13:34:08 +01:00
Steven Cooreman
cd5be32191
Erase secrets in allocated memory before freeing said memory
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2022-02-25 11:14:59 +01:00
Andrzej Kurek
a0237f86d3
Add missing key destruction calls in ssl_write_client_key_exchange
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-25 04:36:40 -05:00
Tom Cosgrove
7e7aba8c9d
Rename mbedtls_a64_crypto_sha256_check_support() to mbedtls_a64_crypto_sha256_determine_support()
...
The Mbed TLS coding standard specifies that "check" functions must return 0
for success (i.e. feature present), while "has" functions should return 1 for
true. Since we were using "check" to do the actual check, and "has" to get the
cached value, having inverted values here would be confusing. Therefore,
rename "check" to "determine", as that's what those functions are doing.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-02-24 08:33:11 +00:00
Andrea Pappacoda
9202909d07
build(msvc): always assume source files are in UTF-8
...
Fixes https://github.com/ARMmbed/mbedtls/issues/4205
Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>
2022-02-23 23:13:09 +01:00
Jerry Yu
71f36f1d2e
change alert message type
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-23 17:34:29 +08:00
Jerry Yu
0b7b101b3b
fix warnings
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-23 12:26:48 +08:00
Jerry Yu
2ff6ba1df0
Remove rsa_pss_rsae_sha256 support.
...
Sign rsa is not thread safe. Remove it from current code.
And a thread-safe version should be re-introduce in future.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-23 10:38:25 +08:00
Gilles Peskine
790f7428d2
Storage format test regressions are now checked mechanically
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 19:16:42 +01:00
Gilles Peskine
ca586a53e8
Look at manually written read tests as well
...
The storage format comparison has a dual purpose: detect format changes that
lead to a loss of backward compatibility, and detect loss of test coverage.
For loss of backward compatibility, the read tests are the relevant ones.
For loss of test coverage, all generated test cases are potentially
relevant, but this script currently focuses on storage format (where a loss
of test coverage may be a symptom of a loss of backward compatibility).
Therefore, storage format test comparison now looks at manually written
storage format tests, but only if they're read tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 19:12:47 +01:00
Przemyslaw Stekiel
91ebfc0402
Adapt compilation flags for ECC key derivation
...
Use conditional compilation flags for building ECC key derivation code consistent with flags used for mbedtls_ecc_group_of_psa().
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 15:50:30 +01:00
Neil Armstrong
3f9cef4547
Remove actual and use new PSA to mbedtls PK errors mapping functions
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 15:44:39 +01:00