Commit graph

863 commits

Author SHA1 Message Date
Paul Elliott
f6a56cf5ff
Merge pull request #939 from ronald-cron-arm/tls13-add-missing-overread-check
TLS 1.3: Add missing overread check
2022-06-29 17:01:14 +01:00
Tom Cosgrove
afb2fe1acf Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3
Also have check_config.h enforce this. And MBEDTLS_SSL_EXPORT_KEYS has been removed,
so no longer mention it.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-06-29 16:36:12 +01:00
Werner Lewis
dd76ef359d Refactor AES context to be shallow-copyable
Replace RK pointer in AES context with a buffer offset, to allow
shallow copying. Fixes #2147.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-29 16:17:50 +01:00
Dave Rodgman
1dc6848679
Merge pull request #5976 from gilles-peskine-arm/selftest-calloc-pointer-comparison-fix-development
Remove largely useless bit of test log to silence GCC 12
2022-06-29 15:25:04 +01:00
Dave Rodgman
5b50f38f92
Merge pull request #934 from gilles-peskine-arm/mpi-0-mod-2
Fix null pointer dereference in mpi_mod_int(0, 2)
2022-06-29 15:02:59 +01:00
Gilles Peskine
d86abf2392
Merge pull request #5861 from wernerlewis/csr_subject_comma
Fix output of commas and other special characters in X509 DN values
2022-06-28 21:00:49 +02:00
Gilles Peskine
7d14c19730
Merge pull request #5905 from gilles-peskine-arm/changelog-improvements-20220609-development
Changelog improvements before the 3.2 release
2022-06-28 21:00:10 +02:00
Glenn Strauss
999ef70b27 Add accessors to config DN hints for cert request
mbedtls_ssl_conf_dn_hints()
mbedtls_ssl_set_hs_dn_hints()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-06-28 12:43:59 -04:00
Gilles Peskine
bf918b9cfe Use headlinese for added functions, per request
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-27 23:34:32 +02:00
Dave Rodgman
f5b7082f6e
Merge pull request #5811 from polhenarejos/bug_x448
Fix order value for curve x448
2022-06-27 13:47:24 +01:00
Gilles Peskine
251ca25d94 Clarify potential ambiguity in changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-27 14:47:15 +02:00
Werner Lewis
fd8cfe4f8e Replace parsing with outputting
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 11:23:43 +01:00
Werner Lewis
b33dacdb50 Fix parsing of special chars in X509 DN values
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes #769.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 11:19:50 +01:00
Ronald Cron
e0d7367a9e Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
9738a8d0fd
Merge pull request #943 from ronald-cron-arm/tls13-fix-key-usage-checks
TLS 1.3: Fix certificate key usage checks
2022-06-27 08:32:17 +02:00
Gilles Peskine
0ff241a1ea Remove largely useless bit of test log to silence GCC 12
GCC 12 emits a warning because it thinks `buffer1` is used after having been
freed. The code is correct C because we're only using the value of
`(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for
anything useful: it doesn't really matter if an alloc-free-alloc sequence
returns the same address twice. So don't print that bit of information, and
this way we don't need to save the old address.

Fixes #5974.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-25 14:29:23 +02:00
Paul Elliott
668b31f210 Fix the wrong variable being used for TLS record size checks
Fix an issue whereby a variable was used to check the size of incoming
TLS records against the configured maximum prior to it being set to the
right value.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-06-24 20:09:37 +01:00
Manuel Pégourié-Gonnard
93a7f7d7f8
Merge pull request #5954 from wernerlewis/x509_next_merged
Add mbedtls_x509_dn_get_next function
2022-06-24 09:59:22 +02:00
Andrzej Kurek
5708b45154 Add a changelog entry for the session resumption + CID bug
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-23 08:00:14 -04:00
Manuel Pégourié-Gonnard
19a567ba43 Fix impact evaluation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard
32a38dfec5 Add ChangeLog for potential overread with USE_PSA
The issue was fixed while adding support for static ECDH with Opaque
keys: https://github.com/Mbed-TLS/mbedtls/pull/5624

This is just adding the ChangeLog entry for that fix.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:29 +02:00
Gilles Peskine
e0469b5908
Merge pull request #931 from AndrzejKurek/clihlo_cookie_pxy_fix
Add a client hello cookie_len overflow test
2022-06-20 19:35:54 +02:00
Gilles Peskine
98473c4523 Officially deprecate MBEDTLS_PSA_CRYPTO_SE_C
This was intended as experimental, and we've been saying for a long time
that it's superseded by the "unified driver interface", but we hadn't
documented that inside the Mbed TLS source code. So announce it as
deprecated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-20 18:46:22 +02:00
Gilles Peskine
36aeb7f163
Merge pull request #5834 from mprse/HKDF_1
HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms
2022-06-20 15:27:46 +02:00
Ronald Cron
c3e9abedff Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-20 13:53:50 +02:00
Werner Lewis
b3acb053fb Add mbedtls_x509_dn_get_next function
Allow iteration through relative DNs when X509 name contains multi-
value RDNs.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-17 16:40:55 +01:00
Gilles Peskine
321a08944b Fix bug whereby 0 was written as 0200 rather than 020100
0200 is not just non-DER, it's completely invalid, since there has to be a
sign bit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:13:33 +02:00
Andrzej Kurek
96d5439da5 Fix incorrect changelog entry
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-10 04:26:08 -04:00
Gilles Peskine
ae25bb043c Fix null pointer dereference in mpi_mod_int(0, 2)
Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or
mbedtls_mpi_write_string() in base 2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 19:32:46 +02:00
Gilles Peskine
76c1c6b9c1 Changelog: minor copyediting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:51:18 +02:00
Gilles Peskine
e1efbf7f36 Changelog: when adding a new function, state its name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:50:50 +02:00
Gilles Peskine
c23a6d4feb Changelog: make some long entries about TLS 1.3 more to the point
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:50:06 +02:00
Gilles Peskine
26a51cfe54 Changelog: list deprecations in the dedicated section
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:49:07 +02:00
Gilles Peskine
8df3623bee Changelog: clarify some cmake-related entries as being about cmake
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:48:21 +02:00
Gilles Peskine
fed024dd52 Changelog: mention bug id in bugfix entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:44:51 +02:00
Gilles Peskine
d99083f7a4 Changelog: remove bugfix entry that's actually a robustness improvement
If the key agreement or the public key export in
ssl_write_client_key_exchange() fails, the handshake enters a failed state.
The only valid thing you can do in a failed handshake is to abort it, which
calls mbedtls_ssl_handshake_free(), which destroys ecdh_psa_privey. While
it's good hygiene to destroy the key in the function that creates it, it
would have been cleaned up a little later in the normal course of things
anyway, so there wasn't an actual bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:38:35 +02:00
Gilles Peskine
3ea721e234 Changelog: Remove redundant entry about USE_PSA_CRYPTO in reduced configs
The entry for “Fix several bugs…” already covers this. This is borderline an
internal detail anyway.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:36:47 +02:00
Gilles Peskine
10301d4322 Changelog: Consolidate and clarify Armv8 SHA2 acceleration support
Consolidate the entries for SHA512 and SHA256 since they are being released
together.

List the algorithms generically as SHA-2 since this also applies to SHA224
and SHA384.

Clearly state that the instructions are only supported when building for
Aarch64 (64-bit ARMv8+) and not for Aarch32 (32-bit ARMv8+).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 18:32:22 +02:00
Dave Rodgman
11930699f1
Merge pull request #5827 from wernerlewis/time_utc
Use ASN1 UTC tags for dates before 2000
2022-06-08 13:54:19 +01:00
Paul Elliott
5f2bc754d6
Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests
Pr/add-tls13-moving-state-tests
2022-06-08 13:39:52 +01:00
Ronald Cron
5313f034b4 Add change log
Add change log for the bug fixed in
"fix move state to handshake over fail" commit

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-08 09:26:03 +02:00
Dave Rodgman
4b55a89327
Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor
Add accessor for x509 certificate extension types
2022-06-06 21:51:38 +01:00
Andrzej Kurek
e6487ab490 Add a changelog entry for the cookie parsing bounds bug
Co-authored-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:31:08 -04:00
Dave Rodgman
5e03d9e601
Merge pull request #5837 from robert-shade/robert-shade/add_subdirectory_support
Allow building as a subdir
2022-06-06 14:11:06 +01:00
Przemek Stekiel
452a415476 Changelog: HKDF-Expand and HKDF-Extract as separate algorithms in the PSA API
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Werner Lewis
acd01e58a3 Use ASN1 UTC tags for dates before 2000
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-01 16:24:28 +01:00
Thomas Daubney
3d3cfc5553 Add Changelog entry
Add Changelog entry for changes made in this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-01 10:23:50 +01:00
Gilles Peskine
f940693960
Merge pull request #5725 from tom-daubney-arm/x25519_program
Rewrite x25519 example program
2022-05-31 11:27:22 +02:00
Gilles Peskine
09858ae664
Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa
Deprecate mbedtls_cipher_setup_psa()
2022-05-31 10:56:52 +02:00
Dave Rodgman
3527880849 Add Changelog entry
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-30 17:55:13 +01:00
Dave Rodgman
a636d1f192
Merge pull request #5714 from daverodgman/k-stachowiak_static-runtime-option-msvc
Enable static linking of the common runtime in MSVC
2022-05-25 14:47:58 +01:00
Dave Rodgman
32c995afa3
Merge pull request #5724 from Biswa96/cmake-mingw
cmake: Fix runtime library install location in mingw
2022-05-25 13:34:43 +01:00
Robert Shade
591e729b54 Allow building as a subdir
Fixes #5688

Signed-off-by: Robert Shade <robert.shade@gmail.com>
2022-05-21 12:55:12 -04:00
Thomas Daubney
eff0f3f5be Add changelog entry
Add changelog entry for bug fix in sample program.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-05-20 18:46:02 +01:00
Gilles Peskine
3e56130fb9 psa_raw_key_agreement: return BUFFER_TOO_SMALL when warranted
psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH,
the only algorithm that is currently implemented. Make it return the correct
error code.

The reason for the wrong error code is that ecdh.c returns
MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It
might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL,
but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the
impact of the fix, handle this in the PSA layer.

Fixes #5735.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:37:54 +02:00
Dave Rodgman
3383e432bc Add changelog entry
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-10 13:46:09 +01:00
Przemek Stekiel
fd750d1d9a Add change log entry: deprecate mbedtls_cipher_setup_psa
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 12:45:34 +02:00
Pol Henarejos
f72803d6f9
Removing tabs.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2022-05-05 20:12:13 +02:00
Pol Henarejos
030e802198
Added Changelog entry.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2022-05-05 19:28:15 +02:00
Werner Lewis
b374a98e7d Add ChangeLog entry
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-05-04 16:25:53 +01:00
Gilles Peskine
038108388a
Merge pull request #5654 from gilles-peskine-arm/psa-crypto-config-file
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
2022-04-28 18:17:50 +02:00
Gilles Peskine
4acd3c7ab1
Merge pull request #5776 from mprse/mixed_psk_log
Add change log entry for mixed-psk
2022-04-28 18:14:41 +02:00
Gilles Peskine
f21617915f
Merge pull request #2082 from hanno-arm/iotssl-2490
Fix documentation of allowed_pks field in mbedtls_x509_crt_profile
2022-04-28 18:13:55 +02:00
Hanno Becker
002a7b20ec Adapt ChangeLog
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-25 11:17:40 +02:00
Przemek Stekiel
b51561b017 Add change log entry for mixed-psk
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-25 08:52:26 +02:00
Biswapriyo Nath
d7e0ee42b8 cmake: Fix runtime library install location in mingw
This install DLLs in bin directory instead of lib.

Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
2022-04-22 20:59:50 +05:30
Biswapriyo Nath
0f2e87bdf5 cmake: Use GnuInstallDirs to customize install directories
Replace custom LIB_INSTALL_DIR with standard CMAKE_INSTALL_LIBDIR variable.
For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set.

Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>
2022-04-22 20:59:28 +05:30
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk
Run ssl-opt.sh in more reduced configurations
2022-04-21 12:03:53 +02:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail
PSA: systematically test operation failure
2022-04-15 10:52:47 +02:00
Glenn Strauss
d09b343ffc Deprecate mbedtls_ssl_conf_(min/max)_version()
Deprecate mbedtls_ssl_conf_max_version()
Replaced with mbedtls_ssl_conf_max_tls_version()

Deprecate mbedtls_ssl_conf_min_version()
Replaced with mbedtls_ssl_conf_min_tls_version()

(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
dff84620a0 Unify internal/external TLS protocol version enums
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 13:45:20 -04:00
Gilles Peskine
5dc8a0ac5a Wording improvement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-14 12:46:06 +02:00
Gilles Peskine
70b8a69b20 Add changelog entry for #3998 fix
The fix was in https://github.com/ARMmbed/mbedtls/pull/4989.
We forgot to add a changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 16:14:01 +02:00
Gilles Peskine
43b0943736
Merge pull request #1946 from hanno-arm/alert_reentrant
Make mbedtls_ssl_send_alert_message() reentrant
2022-04-12 11:05:20 +02:00
Manuel Pégourié-Gonnard
eaf3086831
Merge pull request #1133 from RonEld/1805
Fix Shared Library compilation issue with Cmake
2022-04-11 09:31:59 +02:00
Krzysztof Stachowiak
8790fa2088 Add ChangeLog entry
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 15:17:47 +01:00
Dave Rodgman
f945e0a475 Update ChangeLog.d/alert_reentrant.txt
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:59:30 +01:00
Hanno Becker
8813c03cb0 Add ChangeLog entry
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:16:55 +01:00
Gilles Peskine
f4c6eb0a49 Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, support an alternative file to
include instead of "psa/crypto_config.h", and an additional file to include
after it. This follows the model of the existing MBEDTLS_{,USER_}CONFIG_FILE.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:40:22 +02:00
Glenn Strauss
236e17ec26 Introduce mbedtls_ssl_hs_cb_t typedef
Inline func for mbedtls_ssl_conf_cert_cb()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-07 14:18:30 -04:00
Gilles Peskine
a91b68564c
Merge pull request #5429 from yuhaoth/pr/fix-parallel-build-fail-of-cmake_out_source
fix parallel build fail of cmake out source
2022-04-07 16:21:43 +02:00
Manuel Pégourié-Gonnard
33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors
Accessors to own CID within mbedtls_ssl_context
2022-04-01 11:36:00 +02:00
Paul Elliott
0113cf1022 Add accessor for own cid to ssl context
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 19:21:41 +01:00
Manuel Pégourié-Gonnard
3304f253d7
Merge pull request #5653 from paul-elliott-arm/handshake_over
Add mbedtls_ssl_is_handshake_over()
2022-03-30 12:16:40 +02:00
Paul Elliott
571f1187b6
Merge pull request #5642 from mprse/ecp_export
Add ECP keypair export function
2022-03-29 17:19:04 +01:00
Dave Rodgman
1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
2022-03-29 15:34:12 +01:00
Ronald Cron
63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512
Add rsae sha384 sha512
2022-03-29 14:01:51 +02:00
Przemek Stekiel
2076cbe511 Add function name to changelog
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-28 07:22:11 +02:00
Tom Cosgrove
87fbfb5d82 SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.

The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:53 +00:00
Paul Elliott
93ba3e3918 Add mbedtls_ssl_is_handshake_over() function
Add function to query if SSL handshake is over or not, in order to
determine when to stop calling mbedtls_ssl_handshake_step among other
things. Document function, and add warnings that the previous method of
ascertaining if handshake was over is now deprecated, and may break in
future releases.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-22 22:47:49 +00:00
Jerry Yu
8beb9e173d Change prototype of pk_sign_ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Paul Elliott
a5bebc297b Add changelog entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-21 15:27:25 +00:00
Przemek Stekiel
815af94905 Add ChangeLog file
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-18 15:10:31 +01:00
Ron Eldor
183264cb95 Fix shared library link error with cmake on Windows
Set the library path as the current binary dir

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-17 12:07:50 +00:00
Gilles Peskine
08622b6dc7 Declare PSA_WANT_ALG_CCM_STAR_NO_TAG and use it in tests
CCM*-no-tag is currently available whenever CCM is, so declare
PSA_WANT_ALG_CCM_STAR_NO_TAG whenever PSA_WANT_ALG_CCM is declared and vice
versa.

Fix dependencies of test cases that use PSA_ALG_CCM_STAR_NO_TAG: some were
using PSA_WANT_ALG_CCM and some had altogether wrong dependencies.

This commit does not touch library code. There is still no provision for
providing CCM support without CCM*-no-tag or vice versa.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
Dave Rodgman
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
2022-03-14 12:57:37 +00:00
Manuel Pégourié-Gonnard
c11bffe989
Merge pull request #5139 from mprse/key_der_ecc
PSA: implement key derivation for ECC keys
2022-03-14 09:17:13 +01:00
Przemek Stekiel
b38f797a24 Add change log entry for psa ECC key derivation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-11 14:12:34 +01:00