yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
18855 commits 1 branch 0 tags 94 MiB
Commit graph

8173 commits

Author SHA1 Message Date
Przemyslaw Stekiel
d4eab57933 Skip psa encryption/decryption for null cipher 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
ce09e7d868 Use psa_status_to_mbedtls() for psa error case 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
fe7397d8a7 Fix key attributes encrypt or decrypt only (not both) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
dd7b501c92 Move PSA init after taglen is set 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
e87475d834 Move psa_status_to_mbedtls to ssl_misc.h 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
8398a67e31 Fix description of the translation function 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
1fe065b235 Fix conditional compilation (MBEDTLS_USE_PSA_CRYPTO) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
2e9711f766 mbedtls_ssl_decrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_decrypt_ext() with PSA calls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
b37fae122c mbedtls_ssl_encrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_encrypt_ext() with PSA calls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
76e1583483 Convert psa status to mbedtls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
11a33e6d90 Use PSA_BITS_TO_BYTES macro to convert key bits to bytes 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ae77b0ab28 mbedtls_ssl_tls13_populate_transform: store the en/decryption keys and alg in the new fields 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ffccda45df ssl_tls12_populate_transform: store the en/decryption keys and alg in the new fields 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ce37d11c67 mbedtls_ssl_transform_free(): fix destruction of psa keys 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
8f80fb9b1d Adapt in mbedtls_ssl_transform_init() and mbedtls_ssl_transform_free() after extending mbedtls_ssl_transform struct 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
44187d7a3e Extend mbedtls_ssl_transform struct for psa keys and alg 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
430f337b49 Add helper function to translate mbedtls cipher type/mode pair to psa: algorithm, key type and key size. 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Paul Elliott
a9f32fbb21
Merge pull request #5382 from lhuang04/tls13_f_export_keys 
Swap the client and server random for TLS 1.3 f_export_keys
 2022-01-28 12:09:19 +00:00
Xiaofei Bai
6d42bb430c Update mbedtls_ssl_handshake_free() 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-28 10:05:51 +00:00
Manuel Pégourié-Gonnard
f7d704dbd2 Avoid dead code in some configurations 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-28 10:05:56 +01:00
Xiaofei Bai
f5b4d25cfa Add received_sig_algs member to struct mbedtls_ssl_handshake_params 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-28 06:37:15 +00:00
Jerry Yu
fb28b88e26 move client_auth to handshake 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-28 11:05:58 +08:00
lhuang04
a3890a3427 Swap the client and server random for TLS 1.3 
Summary:

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2022-01-27 06:00:43 -08:00
XiaokangQian
8499b6ce25 Only free verify_cookie in tls 1.3 case. 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-27 09:00:11 +00:00
Xiaofei Bai
82f0a9a1db Rebase and address review comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-27 07:53:52 +00:00
XiaokangQian
a909061c2a Refine HRR parse successfully message in test cases 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-27 03:48:27 +00:00
XiaokangQian
34909746df Change cookie free code and some comments 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-27 02:25:04 +00:00
Tautvydas Žilys
60165d7708 Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug. 
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
 2022-01-26 15:44:10 -08:00
XiaokangQian
52da558103 Change code base on comments 
Align the alert type in parse_server_hello
Remove MBEDTLS_SSL_COOKIE_C guard
Enable cookie for both DTLS and TLS1.3

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
aec1f3e913 Cookie fields are used only by DTLS 1.3 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
b119a35d07 Refine fatal alert in parse_server_hello 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
d59be77ce7 Refine code based on comments 
Add comments for parse hrr key share and cookie
Change variable names based on RFC8466
Refine fatal allerts in parse server hello and hrr

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
0ece998287 Refine code in mbedtls_ssl_reset_transcript_for_hrr 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
f1e7d12cb6 Fix compile issues in mbedtls_ssl_session_reset_msg_layer 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
43550bd761 Prepare function to parse hrr cookie extension 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
2b01dc30cb Add hrr no change check and allign mbedtls_ssl_session_reset_msg_layer 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
355e09ae9d Change code base on comments 
Change functions name
Change some comments
Improve hrr test case for gnutls

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
78b1fa7e81 Update code base on comments 
Move reset transcript for hrr to generic
Reset SHA256 or SHA384 other than both
Rename message layer reset
Add check log for hrr parse successfully

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
53f20b71c5 Improve ssl_tls13_parse_server_hello 
Avoid coping random bytes in hrr
Send illegal parameter alert when cipher suite mismatch
Send illegal parameter alert when supported_version not exist

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
d9e068e10b Change code based on comments 
Align coding styles
Add hrr parameter for ssl_tls13_parse_server_hello
Add reset steps for SHA384 in HRR

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
8945db36ab Reduce paramter hrr from ssl_tls13_parse_server_hello 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
b48894eca4 Add buffer check for named group 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
16acd4b3e4 Reject the second HRR earlier and align naming styles 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
b851da8a44 Re-construct the code to merge hello and hrr based on comments 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
0b56a8f85c Replace curve_list with group_list and add update test scripts 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
51eff22c9b Align oode style with server hello parse 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
647719a172 Add hello retry request in client side 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:50:06 +00:00
Xiaofei Bai
69fcd39774 Update CertificateRequest tests and the parsing function 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-26 09:32:29 +00:00
Xiaofei Bai
de3f13e0b8 update based on comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-26 09:31:54 +00:00
Xiaofei Bai
f6d3696eda fix test failures 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-26 09:31:54 +00:00
Xiaofei Bai
a0ab777cfc update based on comments. 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-26 09:31:54 +00:00
Xiaofei Bai
e1e344213a Add TLS1.3 process certificate request 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-26 09:31:52 +00:00
Ronald Cron
f51b79c297
Merge pull request #5355 from yuhaoth/pr/remove-duplicate-sig-alg-ext 
Remove duplicate write signature algorithms extension
The failure of ABI-API-checking is expected.
 2022-01-26 10:05:26 +01:00
Jerry Yu
ed5e9f431d Change ecdsa sig_algs order for tls1.3 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-26 12:41:12 +08:00
Manuel Pégourié-Gonnard
9d95d81eae
Merge pull request #5359 from hanno-arm/mpi_montmul_remove_dead_code 
Remove redundant write operation in Montgomery multiplication
 2022-01-25 13:00:19 +01:00
Jerry Yu
0b994b8061 fix typo error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 17:22:12 +08:00
Jerry Yu
53037894ab change the defaut sig_algs order 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 14:38:01 +08:00
Jerry Yu
18c833e2eb fix tls1_2 only sig_algs order issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 14:38:01 +08:00
Jerry Yu
f377d644f5 Refactor duplicate check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 14:38:01 +08:00
Jerry Yu
6ade743a43 Add mbedtls_printf alias for !PLATFORM_C 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 14:38:01 +08:00
Jerry Yu
370e146acb fix comments issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
909df7b17b Refactor *_sig_algs tables 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
b476a44fc6 Add static assert check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
971988528d fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
941e07ff02 fix test_no_platform fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
1a8b481ce6 Remove duplicated signature algorithm in default settings 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
600ded7ea5 Reserve end tag space at sig_algs_len init. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
a68dca24ee move overflow inside loop 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
8afd6e4308 fix typo issues in comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
eb821c6916 remove check_sig_hash 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
24811fb2e0 replace check_sig_hash with is_offered 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
1bab301c0d Add signature algorithm supported check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
7ddc38cedb fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
4131ec1260 Add signature algorithm length check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
a69269a711 change sig_algs_len unit to byte 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
713013fa80 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
e12f1ddcfa fix check names fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
11f0a9c2c4 fix deprecated-declarations error 
replace sig_hashes with sig_alg

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
6106fdc085 fix build fail without TLS13 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
f017ee4203 merge write sig_alg of tls12 and tls13 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

# Conflicts:
#	library/ssl_misc.h
 2022-01-25 12:46:17 +08:00
Jerry Yu
1abd1bc22f Change write_sig_alg_ext of tls12 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
2d0bd32982 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Jerry Yu
0e5bcb6bf5 Replace directly access for sig_hashes 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:16 +08:00
Jerry Yu
08e2ceae18 Remove directly access for tls13_sig_algs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:16 +08:00
Jerry Yu
afdfed16d0 add get sig_algs helper function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:16 +08:00
Jerry Yu
18cd43909b Align signature_algorithms extension name 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:16 +08:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite 
Add accessors for ciphersuite info
 2022-01-24 11:13:31 +01:00
Dave Rodgman
b032685543
Merge pull request #5309 from gilles-peskine-arm/pkparse-pkcs8-unencrypted-no-alloc 
mbedtls_pk_parse_key: don't allocate if not needed
 2022-01-24 10:03:48 +00:00
Gilles Peskine
6d6d93ea4a
Merge pull request #5350 from AndrzejKurek/psa-aead-invalid-tag-lengths-setup 
Detect invalid tag lengths in psa_aead_setup
 2022-01-21 21:46:37 +01:00
Gilles Peskine
fe271b9c92
Merge pull request #5253 from AndrzejKurek/chacha-iv-len-16-fixes 
Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
 2022-01-21 21:46:08 +01:00
Andrzej Kurek
f881601c91 Detect invalid tag lengths in psa_aead_setup 
Read tag lengths from the driver and validate against preset values.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-20 07:40:12 -05:00
Manuel Pégourié-Gonnard
d2da19b8eb
Merge pull request #5380 from AndrzejKurek/key-id-encodes-owner-psa-fixes 
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
 2022-01-18 09:16:25 +01:00
Ronald Cron
188ed19456
Merge pull request #5351 from yuhaoth/pr/remove-duplicate-supported_group_ext 
Remove duplicate function for writing supported_groups extension
 2022-01-17 09:13:14 +01:00
Andrzej Kurek
63439eda62 Return an error for IV lengths other than 12 with ChaCha20+Poly1305 
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Andrzej Kurek
33ca6af8a3 Return an error for IV lengths other than 12 with ChaCha20 
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Manuel Pégourié-Gonnard
73839e02a7
Merge pull request #5353 from gstrauss/mbedtls_ssl_config_defaults-repeat 
Reset dhm_P and dhm_G if config call repeated; avoid memory leak
 2022-01-14 10:41:06 +01:00
Bence Szépkúti
aa3a6e4ea7 Fix brace placement 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-01-13 16:26:03 +01:00
Bence Szépkúti
39fb9d170b Rename helper function to psa_aead_check_algorithm 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-01-13 14:33:45 +01:00
Jerry Yu
d491ea4f18 fix comment issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-13 16:15:25 +08:00
Glenn Strauss
8f52690956 Add accessors for ciphersuite info 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-01-13 00:05:48 -05:00
Jerry Yu
b925f21806 fix comment issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-12 11:17:02 +08:00
Jerry Yu
f0fede56a6 minor performance improvement 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-12 10:57:47 +08:00
Jerry Yu
1510cea0f3 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-12 10:56:49 +08:00
Jerry Yu
3ad14ac9e9 Add named group IANA value check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 17:13:16 +08:00
Jerry Yu
f46b016058 skip some extensions if ephemeral not enabled 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 16:28:00 +08:00
Jerry Yu
63282b4321 Refactor write supported group 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 15:43:53 +08:00
Hanno Becker
bae3023576 Make more use of helper function for init/free of MPI array 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-11 05:06:54 +00:00
Jerry Yu
7f029d8a94 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 11:08:53 +08:00
Hanno Becker
466df6e713 Introduce helper function for init/free of MPI array 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-10 11:24:42 +00:00
Hanno Becker
ac4d4bc97c Improve documentation of ECP module 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-09 06:34:04 +00:00
Hanno Becker
ee95f6c4c9 Don't allow Z coordinate being unset in ecp_add_mixed() 
Previously, ecp_add_mixed(), commputing say P+Q, would allow for the
Q parameter to have an unset Z coordinate as a shortcut for Z == 1.
This was leveraged during computation and usage of the T-table
(storing low multiples of the to-be-multiplied point on the curve).
It is a potentially error-prone corner case, though, since an MPIs
with unset data pointer coordinate and limb size 0 is also a valid
representation of the number 0.

As a first step towards removing ECP points with unset Z coordinate,
the constant time T-array getter ecp_select_comb() has previously
been modified to return 'full' mbedtls_ecp_point structures,
including a 1-initialized Z-coordinate.

Similarly, this commit ...

- Modifies ecp_normalize_jac_many() to set the Z coordinates
  of the points it operates on to 1 instead of freeing them.

- Frees the Z-coordinates of the T[]-array explicitly
  once the computation and normalization of the T-table has finished.

  As a minimal functional difference between old and new code,
  the new code also frees the Z-coordinate of T[0]=P, which the
  old code did not.

- Modifies ecp_add_mixed() to no longer allow unset Z coordinates.

Except for the post-precomputation storage form of the T[] array,
the code does therefore no longer use EC points with unset Z coordinate.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-09 05:52:40 +00:00
Bence Szépkúti
08f34656cb Return the same error in multipart and single shot AEAD 
psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning
PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing
PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or
psa_aead_decrypt().

The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT
in the case that the supplied algorithm is not an AEAD one.

Also move these shared checks to a helper function, to reduce code
duplication and ensure that the functions remain in sync.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-01-07 19:36:07 +01:00
Hanno Becker
c27a0e0093 Add more wrappers for ECP MPI operations 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-06 09:21:50 +00:00
Hanno Becker
595616e5cd Add more wrappers for internal ECP coordinate operations 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-06 05:12:02 +00:00
Hanno Becker
6a28870b1e Make ecp_select_comb() create valid EC point with Z coordinate set 
ecp_select_comb() did previously not set the Z coordinate of the target point.
Instead, callers would either set it explicitly or leave it uninitialized,
relying on the (only partly upheld) convention that sometimes an uninitialized
Z value represents 1.

This commit modifies ecp_select_comb() to always set the Z coordinate to 1.
This comes at the cost of memory for a single coordinate, which seems worth
it for the increased robustness.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-06 04:46:45 +00:00
Hanno Becker
30838868ac Keep temporaries across iterations of ecp_double_add_mxz() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-05 06:09:42 +00:00
Hanno Becker
3b29f2194b Keep temporaries across iterations of ecp_add_mixed() 
This saves heap operations

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-04 07:34:14 +00:00
Hanno Becker
a7f8edd709 Keep temporaries across iterated invocations of ecp_double_jac() 
This reduces the number of heap operations.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-04 07:29:46 +00:00
Hanno Becker
28ccb1cc90 Reduce number of local MPIs from 9 to 4 in ecp_double_add_mxz() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-04 07:15:14 +00:00
Hanno Becker
376dc89519 Reorder ops in ecp_double_add_mxz() to indicate redundant local MPIs 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-04 07:14:07 +00:00
Hanno Becker
0d629791e9 Remove local MPI from ecp_randomize_jac() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-04 06:45:49 +00:00
Hanno Becker
885ed403c9 Introduce wrapper for modular squaring 
This paves the way for dedicated squaring implementations.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-04 06:43:50 +00:00
Hanno Becker
b8442cd9c6 Remove another local MPI from ecp_normalize_jac_many() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-04 06:32:42 +00:00
Hanno Becker
02a999b91a Remove local MPI from ecp_normalize_jac_many() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-04 06:32:42 +00:00
Hanno Becker
838b715fcc Add comment on input/output aliasing in ecp_add_mixed() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-04 06:32:42 +00:00
Hanno Becker
ce29ae84dd Introduce macro wrappers for ECC modular arithmetic 
This improves readibility and prepares for further changes
like the introduction of a single double-width temporary for
ECP arithmetic.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-04 06:32:39 +00:00
Andrzej Kurek
03e01461ad Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO 
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-03 12:53:24 +01:00
Hanno Becker
76f897d699 Reduce number of temporary MPIs in ECP normalization 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-02 12:47:34 +00:00
Hanno Becker
02b35bd00a Introduce wrapper for modular multiplication with single-width const 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-01 06:54:25 +00:00
Hanno Becker
5c8ea307b8 Reduce number of local MPIs in ECP mixed point addition 
`ecp_add_mixed()` and `ecp_double_jac()` are the core subroutines
for elliptic curve arithmetic, and as such crucial for the performance
of ECP primitives like ECDHE and ECDSA.

This commit provides a very slight simplification and performance and
memory usage improvement to `ecp_add_mixed()` by removing the use of
three temporary MPIs used for coordinate calculations.

Where those variables were used, the code now writes directly to the
coordinate MPIs of the target elliptic curve point.

This is a valid change even if there is aliasing between input and
output, since at the time any of the coordinate MPIs in question is
written, the corresponding coordinates of both inputs are no longer
read.

(The analogous change in `ecp_double_jac()` can not be made since
this property does not hold for `ecp_double_jac()`.)

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-01 06:16:16 +00:00
Max Fillinger
0bb38336a5 Add function to get md info from md context 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2021-12-28 16:32:00 +01:00
Jerry Yu
ffef9c52d4 fix alignment issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-24 22:31:08 +08:00
Hanno Becker
9a83443af2 Remove redundant write operation in Montgomery multiplication 
This commit removes code from the Montgomery multiplication routine
`mpi_montmul()` which seems to serve no purpose.

Details: `mpi_montmul()` uses a temporary storage `T` for intermediate
results which is assumed to be of twice the size as the inputs to be
multiplied, and which is used as follows: After the i-th (i=0,1,...)
iteration, the n-limb word starting at `T->p + i + 1` contains the
Montgomery multiplication of B with the limbs 0,..,i of A, and the
variable `d` points to `T->p + i + 1`. In particular, after `n` iterations,
`T->p + n` holds the full multiplication
(subject to conditional subtraction).

As a consequence of this way of using the temporary `T`, the contents
of `{T->p, ..., T->p + i}` are irrelevant after the i-th iteration. Nonetheless,
the code copies `A[i]` to `T->p[i]` at the end of the i-th iterations, which is
redundant and can be removed.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-12-22 11:23:27 +00:00
Jerry Yu
136320ba0b fix ci fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-21 17:09:00 +08:00
Jerry Yu
1ea9d10687 fix test_ref_configs build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-21 14:52:38 +08:00
Glenn Strauss
cee11296aa Reset dhm_P and dhm_G if config call repeated 
Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated
to avoid leaking memory.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2021-12-20 20:24:56 -05:00
Jerry Yu
1753261083 change write_supported_groups_ext prototype 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-20 22:32:09 +08:00
Jerry Yu
9d555ac003 Remove TLS12 version write_supported_group_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-20 22:27:58 +08:00
Jerry Yu
7581c11fc7 Remove tls13_write_supported_groups_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-20 22:25:41 +08:00
Jerry Yu
ba07342cd6 Add generic write_supported-groups_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-20 22:22:15 +08:00
Jerry Yu
b47d0f893e Replace SUPPORTED_ELLIPTIC_CURVES with SUPPORTED_GROUPS 
According to RFC7919 and RFC8442 , they are same.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-20 17:38:50 +08:00
Archana
4a9e02632a
Review comments addressed 
* Updated the default argument to create less noise with argument
  passing.
* Reworded ChangeLog to match MbedTLS documentation/ announcement
  requirements

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-19 13:37:37 +05:30
Archana
c08248d650
Rename the template file from .conf to .jinja 
Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-19 10:35:15 +05:30
Archana
e03960e460
Restructure Python script to use argparse and main 
Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-19 10:34:59 +05:30
Archana
b32eafff51
Add psa_crypto_driver_wrappers.c to .gitignore 
Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-18 13:29:10 +05:30
Archana
6f21e45b78
Fix Pylint errors and improve Python script 
Pylint errors are fixed.
The Python script is improved to take default arguments when not
passed (eg invoked from root of the tree)

check-generated-files.sh and CMakeLists.sh updated.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-18 13:28:59 +05:30
Archana
a8939b6da3
Restructure scripts' folder alignment 
Moved python script generate_driver_wrappers.py under scripts and
corresponding template file under script/data_files.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-18 12:57:15 +05:30
Archana
1f1a34a226
Rev 1.0 of Driver Wrappers code gen 
The psa_crypto_driver_wrappers.c is merely rendered with no real
templating in version 1.0.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-18 12:22:06 +05:30
Archana
68eb2ac960
Deleted psa_crypto_driver_wrappers.c 
The file psa_crypto_driver_wrappers.c is deleted to be autogenerated.
Updated psa_crypto_driver_wrappers.h, this file only contains the
prototypes for the driver wrappers, we don't expect this to be auto
generated.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-18 10:51:52 +05:30
Dave Rodgman
77d778eee2
Merge branch 'development' into mbedtls-3.1.0_merge_into_release 2021-12-17 10:01:53 +00:00
Dave Rodgman
b8c3301b80 Revert "Add generated files" 
This reverts commit 4e62cbc322.
 2021-12-17 09:44:04 +00:00
Gilles Peskine
863b96a21b Add copyright notice to ssl_debug_helpers* 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-16 10:04:58 +01:00
Gilles Peskine
1a1e78fa55 Remove comments indicating that the file was automatically generated 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-15 12:58:22 +01:00
Gilles Peskine
923d5c9e3c Rename ssl_debug_helpers.h 
It's no longer generated, so rename it accordingly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-15 12:56:54 +01:00
Gilles Peskine
ccbc318fc5 Remove generation of ssl_debug_helpers_generated.h 
It's now under version control and meant to be updated manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-15 12:55:37 +01:00
Gilles Peskine
09f1ee68b6 Commit header file 
Having an automatically generated header file makes it harder to have
working build scripts. The content of ssl_debug_helpers_generated.h isn't
likely to change often, so we can update it manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-15 12:55:33 +01:00
Ronald Cron
4e62cbc322 Add generated files 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-15 09:02:53 +01:00
Ronald Cron
17b1e2f6c3 Bump version to 3.1.0 
Executed ./scripts/bump_version.sh --version 3.1.0 --so-crypto 11 --so-tls 17
+ fix of build_info.h

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-15 09:02:53 +01:00
Ronald Cron
9ed3873905 psa: driver wrapper: cipher: Fix unused variable warning 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-14 18:11:06 +01:00
Ronald Cron
8188d19b0e Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr 2021-12-14 10:58:18 +01:00
Gilles Peskine
12e27d4c5b List ssl_debug_helpers_generated.h in generated files 
Running `generate_ssl_debug_helpers.py` generates both
`ssl_debug_helpers_generated.c` and `ssl_debug_helpers_generated.h`.

List the `.h` file as well as the `.c` file in `check-generated-files.sh` so
that `check-generated-files.sh -u` will complain if it isn't up to date.

List it in `Makefile` and `CMakeLists.txt` so that parallel builds know when
to wait until the `.h` file is present. In `Makefile`, declare the `.c` file
as depending on the `.h` file for order. This way, a dependency for either
will wait until the `.h` file is present, and since the `.h` file is
generated after the `.c` file, this guarantees that the `.c` file is
present.

This fixes random failures of `make -j` from a fresh checkout.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-14 00:19:47 +01:00
Gilles Peskine
32d2a58cc2
Merge pull request #5325 from gilles-peskine-arm/zeroize-tag-3.1 
Zeroize expected MAC/tag intermediate variables
 2021-12-13 19:09:30 +01:00
Gilles Peskine
cd74298c83 mbedtls_cipher_check_tag: jump on error for more robustness to refactoring 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 17:01:25 +01:00
Gilles Peskine
a5c18512b9
Merge pull request #5155 from paul-elliott-arm/pcks12_fix 
Fixes for pkcs12 with NULL and/or zero length password
 2021-12-13 14:52:36 +01:00
Gilles Peskine
a4174312da Initialize hash_len before using it 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 14:38:40 +01:00
Gilles Peskine
14d5fef6b7 PKCS#1v1.5 signature: better cleanup of temporary values 
Zeroize temporary buffers used to sanity-check the signature.

If there is an error, overwrite the tentative signature in the output
buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 12:37:55 +01:00
Gilles Peskine
f0fd4c3aee mbedtls_ssl_parse_finished: zeroize expected finished value on error 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 12:36:15 +01:00
Gilles Peskine
c2f7b75a71 mbedtls_ssl_cookie_check: zeroize expected cookie on cookie mismatch 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 12:35:08 +01:00
Gilles Peskine
60aebec47e PSA hash verification: zeroize expected hash on hash mismatch 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 12:33:18 +01:00
Gilles Peskine
e7835d92c1 mbedtls_cipher_check_tag: zeroize expected tag on tag mismatch 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 12:32:43 +01:00
Dave Rodgman
050ad4bb50
Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac 
Check HMAC return values
 2021-12-13 10:51:27 +00:00
Gilles Peskine
ecf6bebb9c Catch failures of md_hmac operations 
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.

Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-11 15:00:57 +01:00
Gilles Peskine
d5ba50e239 Zeroize local MAC variables 
Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption,
this is just good hygiene but probably not needed for security since the
data protected by the MAC that could leak is about to be transmitted anyway.
In DTLS decryption, this could be a security issue since an adversary could
learn the MAC of data that they were trying to inject. At least with
encrypt-then-MAC, the adversary could then easily inject a datagram with
a corrected packet. TLS would still be safe since the receiver would close
the connection after the bad MAC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-11 14:59:45 +01:00
Gilles Peskine
0ca219575a mbedtls_pk_parse_key: don't allocate if not needed 
mbedtls_pk_parse_key() makes a temporary copy of the key when it calls
pk_parse_key_pkcs8_encrypted_der(), because that function requires a
writable buffer. pk_parse_key_pkcs8_encrypted_der() always rejects an
empty password, so skip calling it in that case, which allows us to
skip the allocation as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 17:36:37 +01:00
Ronald Cron
db6adc5aad ssl: Fix some compilation guards for TLS 1.3 signature algorithms 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 14:25:35 +01:00
Ronald Cron
6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:47:55 +01:00
Dave Rodgman
76a2b306ac
Merge pull request #4981 from yuhaoth/pr/add-debug-helpers-generated 
Add debug helpers generated
 2021-12-10 11:56:55 +00:00
Manuel Pégourié-Gonnard
4525cce691
Merge pull request #5256 from yuhaoth/pr/clean-up-secrets-after-done 
TLS1.3 MVP: Erase secrets when they are not necessary anymore.
 2021-12-10 12:48:25 +01:00
Ronald Cron
6b07916e40
Merge pull request #5230 from ronald-cron-arm/tls13_ccs_client 
Add initial support for "Middlebox Compatibility Mode"
 2021-12-10 11:58:05 +01:00
Jerry Yu
a5563f6115 move position of base_key init 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 18:14:36 +08:00
Jerry Yu
b737f6a9be move base_key init 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 17:55:59 +08:00
Ronald Cron
574ace48d8 Remove unnecessary blank line 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 10:27:25 +01:00
Jerry Yu
9c07473ebc fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 17:12:43 +08:00
Jerry Yu
889b3b76da fix clang build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 12:57:45 +08:00
Jerry Yu
d05e1cec4b fix build fail on check_* 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 12:47:03 +08:00
Jerry Yu
e6369b0061 fix test_cmake_as_package fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 12:47:03 +08:00
Jerry Yu
eb96fb508e Add cmake generator 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 12:47:03 +08:00
Jerry Yu
e3b3412bc4 Add tests for enum helper 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 12:45:52 +08:00
Jerry Yu
e78ee99624 add enum value to string helpers 
Only add helpers for enum in `ssl.h`.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 12:43:30 +08:00
Jerry Yu
4a2fa5d0aa Move erase handshake secrets 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:37:14 +08:00
Jerry Yu
27224f58be fix coding style issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu
5132771f5f Revert "fix possible security leak for counter" 
This reverts commit 8aab77e11e2aebec09dc9d682b16373771471fe0.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu
7ca3054795 move zerioize tls13_hs_secrets 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu
23ab7a46a3 move zeroize master secrets 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu
2c70a39d97 move zeroize randbytes 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu
bdfd01835a fix compile break after merge 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu
a986e9faac Clean handshake secrets 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu
d103bdb01d Clean randbytes 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu
745db226db fix possible security leak for counter 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Gilles Peskine
d5b2a59826
Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm 
PSA Multipart AEAD CCM Internal implementation and tests.
 2021-12-09 14:49:42 +01:00