There are three family of functions: update_checksum, calc_verify,
calc_finished, that perform hashing operations and were returning void
so far. This is not correct, as hashing functions can return errors (for
example, on hardware failure when accelerated). Change them to return
int.
This commit just changes the types: for now the functions always return
0, and their return value is not checked; this will be fixed in the
next few commits.
There is a related function in TLS 1.3,
mbedtls_ssl_reset_transcript_for_hrr, which also handles hashes, and
already returns int but does not correctly check for errors from hashing
functions so far, it will also be handled in the next few commits.
There's a special case with handshake_params_init: _init functions
should return void, so we'll need to split out the part that can return
errors, see the next commit.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This patch introduces the following changes:
* Documentation for `mbedtls_ecp_modulus_setup()`
moved to `ecp_invasive.h`.
* Added invalid modulus selector `MBEDTLS_ECP_MOD_NONE`.
* Adjusted negative tests to use invalid selectors.
* Reworded documentation.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch introduces a new static method, responsible
for automatically initialising an modulus structure,
based on the curve id and a modulus type selector.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This commit add support to detect if openssl used for testing
supports static ECDH key exchange. Skip the ciphersutes if
openssl doesn't support them.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Previously calling get_num_ops more than once would have ended up with ops
getting double counted, and not calling inbetween completes would have ended up
with ops getting missed. Fix this by moving this to where the work is actually
done, and add tests for double calls to get_num_ops().
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
See docs/architecture/psa-migration/md-cipher-dispatch.md
Regarding testing, the no_md component was never very useful, as that's
not something people are likely to want to do: it was mostly useful as
executable documentation of what depends on MD. It's going to be even
less useful when more and more modules auto-enable MD_LIGHT or even
MD_C. So, recycle it to test the build with only MD_LIGHT, which is
something that might happen in practice, and is necessary to ensure that
the division is consistent.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
It was already marked as internal use only, and no longer used
internally. Also, it won't work when we dispatch to PSA.
Remove it before the MD_LIGHT split to avoid a corner case: it's
technically a hashing function, no HMAC or extra metadata, but we still
don't want it in MD_LIGHT really.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
