This patch updates the `mbedtls_mpi_mod_modulus_setup/free()`
methods to precalculate mm and rr(Montgomery const squared) during
setup and zeroize it during free.
A static `set_mont_const_square()` is added to manage the memory allocation
and parameter checking before invoking the
`mbedtls_mpi_core_get_mont_r2_unsafe()`
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
'mbedtls_mpi_core_get_mont_R2_unsafe' aligns const
keyword to match the style of the rest of the module.
Documentation is also updated to remove
`MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED`.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Mark unused variables when compiling without
SHA256 and SHA384. In future a proper dependency
will be added to TLS 1.2 to enforce either of these hashes
to be on.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
One version was already surrounded by the USE_PSA define,
so the VIA_XX_OR_XX macros were removed;
Second version is when USE_PSA is undefined, so MBEDTLS_
macros can be used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.
Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Check that the identity length is not
zero in ssl_conf_set_psk_identity()
as it is done in
mbedtls_ssl_conf_has_static_psk().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
When deriving the handshake stage master
secret, in the case of a PSK only build,
the only possible key exchange mode is PSK
and there is no ephemeral key exchange
shared secret in that case. Thus do not
error out in that case in the first
phae of the derivation dedicated to the
shared secret.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
`handshake->premaster` was used to store the
(EC)DHE shared secret but in TLS 1.3 there is
no need to store it in a context.
Futhermore, `handshake->premaster` and more
specifically its sizing is TLS 1.2 specific
thus better to not use it in TLS 1.3.
Allocate a buffer to store the shared secret
instead. Allocation instead of a stack buffer
as the maintenance of the size of such buffer
is harder (new elliptic curve for ECDHE,
support for FFDHE ... ).
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In mbedtls_ssl_tls13_evolve_secret() avoid
to copy the input buffer into a local buffer
as the copy is avoidable.
This also fixes a potential overflow as the
size of the local buffer was not checked when
copying into it.
With the current calls to mbedtls_ssl_tls13_evolve_secret()
no buffer overflow was expected to happen though.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
