Commit graph

23763 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
8e176f747c Fix wrong return statement
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
626aaed213 Fix unused variable warnings in some builds
Found by depends.py MBEDTLS_SHA512_C

In principle, the case where neither SHA-256 nor SHA-384 are available
should never occur, as both TLS 1.2 and TLS 1.3 depend on one of those
being defined. However for now dependencies for TLS 1.2 are not as tight
as they should be; this will be fixed later and is tracked as #6441.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
43cc127d3a Fix code style
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
e1a4caa934 Handle hash errors in calc_finished
That's the last family of functions. All calls to mbedtls_sha* and
psa_hash_* in library/ssl_tls.c are now checked for errors.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
b9b564e64b Handle hash errors in calc_verify
On top on some calls not being checked, the PSA path was missing a call
to abort() on errors.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
df94901566 Handle hash errors in update_checksum
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
b72ff498c9 Handle hash errors in reset_checksum
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
b8b07aa24a Handle errors from functions that now return int
A few functions were changed from returning void to returning int three
commits ago. Make sure their callers check the return values.

This commits was basically a matter of declaring newly-int-returning
functions MBEDTLS_CHECK_RETURN_CRITICAL and then fixing the resulting
warnings. A few functions had to be made int in the process; they were
applied the same process as well.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
d7a7a23308 Use reset_checksum in reset_transcript_for_hrr
This function was manually resetting just the hash that would be used;
it's simpler to just call the function that resets all hashes. This also
avoids calling low-level code from TLS 1.3.

While at it, remove the guards about SHA-256 || SHA-384 that were around
update_checksum, as they are redundant: update_checksum already has
appropriate guards (and TLS 1.3 already depends on one of those tow
hashes being present anyway).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
537f231fd9 Split hash start out of handshake_params_init
This part can fail, so it shouldn't be intermixed with the part that
can't fail and is there to ensure all structures are in a clean state,
should any error happen.

Fortunately, the part that should be split out already had a function
doing it: reset_checksum. Also, handshake_params_init had only one
calling site to update.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
226aa15702 Make handshake hashing functions return int
There are three family of functions: update_checksum, calc_verify,
calc_finished, that perform hashing operations and were returning void
so far. This is not correct, as hashing functions can return errors (for
example, on hardware failure when accelerated). Change them to return
int.

This commit just changes the types: for now the functions always return
0, and their return value is not checked; this will be fixed in the
next few commits.

There is a related function in TLS 1.3,
mbedtls_ssl_reset_transcript_for_hrr, which also handles hashes, and
already returns int but does not correctly check for errors from hashing
functions so far, it will also be handled in the next few commits.

There's a special case with handshake_params_init: _init functions
should return void, so we'll need to split out the part that can return
errors, see the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Gilles Peskine
250a5ac4cb
Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle
Implement PSA interruptible sign/verify hash
2023-02-21 15:13:34 +01:00
Manuel Pégourié-Gonnard
d1c001aff7 Fix some dependencies in test_suite_psa_crypto
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 13:37:17 +01:00
Przemek Stekiel
a006f8c17b Adapt dependencies for parsing rfc822Name test
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-21 13:36:56 +01:00
Manuel Pégourié-Gonnard
e91bcf31b6 Add comparison of accel_ecdh_use_psa against ref
With temporary exclusions to be lifted as follow-ups.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 13:07:19 +01:00
Dave Rodgman
e42cedf256
Merge pull request #7077 from daverodgman/pkcs7-fixes-dm-rebased
Pkcs7 fixes
2023-02-21 11:53:30 +00:00
Manuel Pégourié-Gonnard
59a2b8fd57 Add component accel_ecdh_use_psa
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 12:42:31 +01:00
Manuel Pégourié-Gonnard
e3095e7cb0 Add comments to accel_ecdh component
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 12:19:06 +01:00
Gabor Mezei
f65a059a64
Add test generation for ecp_mod_p224_raw
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-21 11:40:27 +01:00
Gabor Mezei
7c8d706f4e
Use a common function to calculate the number of hex digits
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-21 11:36:49 +01:00
Gabor Mezei
aef0f2de9f
Fix limb size calculation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-21 11:35:31 +01:00
Gabor Mezei
e14b5bdba7
Change the ecp_mod_p224_raw to be testable
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-21 11:35:26 +01:00
Gabor Mezei
66f88a9d22
Extract Secp224r1 from the prototype
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-21 11:32:29 +01:00
Gilles Peskine
787f7c8d10 Improve documentation of documentation workaround
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-21 10:21:12 +01:00
Gilles Peskine
6df4a9b297
Merge pull request #7045 from lpy4105/issue/6947/apply-exclusions-in-code_style_py
code_style.py: Apply exclusions when restyling a list of files
2023-02-21 10:11:13 +01:00
Jerry Yu
ba4ec24c79 fix code style failure
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-21 15:59:18 +08:00
Jerry Yu
baae4012bf merge setkey_enc* functions
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-21 15:28:03 +08:00
Jerry Yu
97b31d8ca3 Revert "Disable clang tests"
This reverts commit e908c57f95.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-21 15:16:20 +08:00
Jerry Yu
330e6ae111 Add document about runtime detection of AESCE
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-21 15:16:20 +08:00
Jerry Yu
c8bcdc8b91 fix various issues
- Improve some function names
- Improve comments
- improve readability

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-21 15:16:20 +08:00
Pengyu Lv
5e780df3e3 Only use standard cipher name
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-21 14:19:27 +08:00
David Horstmann
a4fad2ba67 Correct error code in test_suite_x509parse.data
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-20 14:57:47 +00:00
Dave Rodgman
716163e824 Improve allocation bounds in testing
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-20 14:46:51 +00:00
Dave Rodgman
a1b2bfff46 Add clarifying comments
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-20 14:45:09 +00:00
David Horstmann
5b5a0b618c Change error codes to more appropriate codes
The more precise error codes are borrowed from the ASN1 module.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-20 14:24:12 +00:00
Przemek Stekiel
82d250d8b0 Use const char for names and adapt style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-20 15:09:50 +01:00
Przemek Stekiel
5b9e4168cf Add rfc822Name support in mbedtls_x509_info_subject_alt_name + adapt test
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-20 15:09:50 +01:00
Przemek Stekiel
d7820b7026 Add change log entry: SAN rfc822Name
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-20 15:09:50 +01:00
Przemek Stekiel
608e3efc47 Add test for parsing SAN: rfc822Name
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-20 15:09:50 +01:00
Przemek Stekiel
ecee12f04f Add parsing of SAN: rfc822Name
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-20 15:09:50 +01:00
Minos Galanakis
a30afe2216 ecp_curves: Minor refactoring.
This patch introduces the following changes:
* Documentation for `mbedtls_ecp_modulus_setup()`
  moved to `ecp_invasive.h`.
* Added invalid modulus selector `MBEDTLS_ECP_MOD_NONE`.
* Adjusted negative tests to use invalid selectors.
* Reworded documentation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:53:06 +00:00
Minos Galanakis
36f7c0e69b test_suite_ecp: Added .data for ecp_setup_test()
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:51:49 +00:00
Minos Galanakis
9a1d02d738 test_suite_ecp: Added test for mbedtls_ecp_modulus_setup()
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:51:48 +00:00
Minos Galanakis
dd556921c9 ecp_curves: Exposed mbedtls_ecp_modulus_setup() through ecp_invasive.h
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:50:41 +00:00
Minos Galanakis
d2ca802329 ecp_curves: Added mbedtls_ecp_modulus_setup().
This patch introduces a new static method, responsible
for automatically initialising an modulus structure,
based on the curve id and a modulus type selector.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:49:46 +00:00
Janos Follath
ec718afb41
Merge pull request #7051 from gabor-mezei-arm/6376_Secp521r1_fast_reduction
Add a raw entry point to Secp521r1 fast reduction
2023-02-20 13:03:12 +00:00
Manuel Pégourié-Gonnard
9e04b5bcfc Disable MD-light in accel_hash_use_psa
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-20 12:53:23 +01:00
Manuel Pégourié-Gonnard
718eb4f190
Merge pull request #7025 from AndrzejKurek/uri_san
Add the uniformResourceIdentifier subtype for the subjectAltName
2023-02-20 11:29:59 +01:00
Pengyu Lv
1c0e4c013a compat.sh: skip static ECDH cases if unsupported in openssl
This commit add support to detect if openssl used for testing
supports static ECDH key exchange. Skip the ciphersutes if
openssl doesn't support them.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-20 18:05:21 +08:00
Paul Elliott
f8e5b56ad8 Fix get_num_ops internal code.
Previously calling get_num_ops more than once would have ended up with ops
getting double counted, and not calling inbetween completes would have ended up
with ops getting missed. Fix this by moving this to where the work is actually
done, and add tests for double calls to get_num_ops().

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-19 18:55:10 +00:00