Commit graph

12853 commits

Author SHA1 Message Date
Jerry Yu
4caf3ca08c tls13: srv: Add discard_early_data_record SSL field
Add discard_early_data_record in SSL context for
the record layer to know if it has to discard
some potential early data record and how.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
Valerio Setti
5a19892528 pkparse: fix check for ASN1 errors in mbedtls_pk_parse_subpubkey()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 16:44:18 +01:00
Gilles Peskine
cb3b4cae0a Fix handling of ECC public keys under MBEDTLS_PK_USE_PSA_EC_DATA
The test code to construct test keys and the implementation had matching
errors: both assumed that there was a PSA public key object. Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-02 13:22:23 +01:00
Valerio Setti
5922cb9309 pkparse: keep legacy PK error codes when RSA key parsing fails
This helps in reverting the changes to test_suite_x509parse.data
when the RSA key parsing fails.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 09:21:25 +01:00
Gilles Peskine
793920c1ff mbedtls_pk_get_psa_attributes: opaque: require specified usage
In the MBEDTLS_PK_OPAQUE, have mbedtls_pk_get_psa_attributes() require the
specified usage to be enabled for the specified key. Otherwise the following
call to mbedtls_pk_import_into_psa() is unlikely to result in a key with a
useful policy, so the call to mbedtls_pk_get_psa_attributes() was probably
an error.

Adjust the existing test cases accordingly and add a few negative test
cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:31:27 +01:00
Gilles Peskine
e820975244 Fix comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:00:33 +01:00
Gilles Peskine
0aad5f8f34 Copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
Gilles Peskine
ae2668be97 Don't use mbedtls_pk_ec in our own code
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
Ronald Cron
78a38f607c tls13: srv: Do not use early_data_status
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:10:35 +01:00
Ronald Cron
3b9034544e Revert "tls13: Introduce early_data_state SSL context field"
This reverts commit 0883b8b625.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:03:57 +01:00
Ronald Cron
164537c4a6 tls13: early data: Improve, add comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 19:52:30 +01:00
Valerio Setti
5fe9f6699b rsa_internal: update documentation for parse/write functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:35:56 +01:00
Valerio Setti
201e643509 rsa: simplify mbedtls_rsa_parse_pubkey() input parameters
In this way mbedtls_rsa_parse_pubkey() and mbedtls_rsa_parse_key()
input parameter list is the same.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:19:37 +01:00
Valerio Setti
135ebde273 rsa: rename parse/write functions in order to follow the standard format
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:00:29 +01:00
Valerio Setti
44ff9506dd rsa: set parse/write functions out of !RSA_ALT guard
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 16:58:36 +01:00
Ronald Cron
ed7d4bfda5 tls13: srv: Simplify mbedtls_ssl_read_early_data() API
Do not progress the handshake in the API, just
read early data if some has been detected by
a previous call to mbedtls_ssl_handshake(),
mbedtls_ssl_handshake_step(),
mbedtls_ssl_read() or mbedtls_ssl_write().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:07 +01:00
Ronald Cron
0883b8b625 tls13: Introduce early_data_state SSL context field
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:04 +01:00
Ronald Cron
7b6ee9482e tls13: srv: Reject early data in case of HRR
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
d9ca354dbd tls13: srv: Add mbedtls_ssl_read_early_data() API
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
6a5904db45 tls13: srv: Move early data size check placeholder
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
739a1d4246 tls: Add internal function ssl_read_application_data()
The function will be used by
mbedtls_ssl_read_early_data() as well.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Ronald Cron
5d0ae9021f tls13: srv: Refine early data status
The main purpose is to know from the status
if early data can be received of not and
why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Valerio Setti
52ed54b949 psa_crypto_rsa: remove unnecessary casting
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 16:29:01 +01:00
Valerio Setti
2d73baf171 psa_util: convert_der_to_raw_single_int: ensure the input DER integers have valid length
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 15:25:17 +01:00
Ronald Cron
11cc41265b
Merge pull request #8711 from ronald-cron-arm/tls13-ticket-and-early-data-unit-test
Add TLS 1.3 ticket and early data unit tests
2024-02-01 13:15:55 +00:00
Paul Elliott
cb88c4945a
Merge pull request #8754 from Redfoxymoon/development
fix build for midipix
2024-02-01 10:01:49 +00:00
Valerio Setti
3122f4da50 psa_util: invert check order for leading zeros in convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-31 11:16:46 +01:00
Ryan Everett
3af9bc18f3 Wrap get_and_lock_key_slot_in_memory calls in mutex
It is useful to do this for the call in get_and_lock_key_slot.
Documenting that get_and_lock_key_slot_in_memory requires the mutex
is not part of this PR

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-30 17:21:57 +00:00
Dave Rodgman
dae21d3808 Support SHA-512 hwcap detection on old libc
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-30 15:31:42 +00:00
Valerio Setti
779a1a5b20 aria: remove leftover in comments
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 16:28:09 +01:00
Valerio Setti
78da7468ca psa_util: minor improvements to convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 15:08:40 +01:00
Ørjan Malde
2a6cb5c881 fix build for midipix
Signed-off-by: Ørjan Malde <red@foxi.me>
2024-01-30 14:50:23 +01:00
Ryan Everett
763971f32e Comment on locking strategy in psa_destroy_key
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-29 17:17:12 +00:00
Ryan Everett
c053d968f2 Make psa_destroy_key threadsafe
We do not require linearizability in the case of destroying a key in use.
Using a key and destroying it simultaneously will not cause any issues
as the user will only use the copy of the key in the slot.
Two simulatenous deletion calls to one key cannot interfere, the first caller
sets the slot's state to PENDING_DELETION, the second caller will back off.
Remove outdated comment about one key being in multiple slots, psa_open_key
does not put the key into a new slot.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-29 17:06:34 +00:00
Valerio Setti
122c94fd26 psa_util: remove raw_len param from convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 18:02:03 +01:00
Valerio Setti
9b9b5a52d9 psa_util: some code improvement to convert_der_to_raw_single_int()
This commit also fixes test_suite_psa_crypto_util.data due to the
change in one of the return values.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 17:25:19 +01:00
Ryan Everett
16abd59a62 Update psa_wipe_all_key_slots and document non-thread safety
This function, and mbedtls_psa_crypto_free, are not thread safe as they wipe slots
regardless of state. They are not part of the PSA Crypto API, untrusted applications
cannot call these functions in a crypto service.
In a service intergration, mbedtls_psa_crypto_free on the client cuts the communication
with the crypto service.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-29 13:14:50 +00:00
Ryan Everett
b0821959ae Make psa_purge_key thread safe
Relies on get_and_lock_X being thread safe.
There are two mutex locks here, one in psa_get_and_lock...
Linearization point is the final unlock (or first lock on failure).

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-29 13:14:50 +00:00
Ryan Everett
f23336e040 Make psa_close_key thread safe
There are two mutex locks here, the one performed in get_and_lock.. and the one performed outside.
Linearizes at the final unlock.
(This function is deprecated)
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-29 13:13:15 +00:00
Valerio Setti
4e048f1749 bignum: removing usage of MPI_VALIDATE_RET()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 12:00:21 +01:00
Valerio Setti
ea3a6114e6 aria: replace ARIA_VALIDATE_RET() with a simple "if" block
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 12:00:21 +01:00
Valerio Setti
a45a399a6b lib: remove NULL pointer checks performed with MBEDTLS_INTERNAL_VALIDATE[_RET]
Symbols defined starting from MBEDTLS_INTERNAL_VALIDATE[_RET]
are removed as well.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 12:00:15 +01:00
Valerio Setti
2bec5df945 psa_crypto_ffdh: fix typos
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 17:58:09 +01:00
Paul Elliott
47c74a4773
Merge pull request #8741 from Ryan-Everett-arm/add-locking-macros
Add macros for locking/unlocking the key slot mutex
2024-01-26 13:53:38 +00:00
Valerio Setti
1a54352f5a psa_crypto_ffdh: move dhm.h inclusion to c file
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 09:35:18 +01:00
Dave Rodgman
935182fe2b
Merge pull request #1158 from daverodgman/mbedtls-3.5.2rc
Mbedtls 3.5.2rc
2024-01-25 12:22:54 +00:00
Gilles Peskine
43643c4714 Remove now-redundant guard
fixup "mbedtls_pk_get_psa_attributes: require MBEDTLS_PSA_CRYPTO_C"

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-25 13:21:59 +01:00
Dave Rodgman
f5e231ca84
Merge pull request #8719 from daverodgman/iar-codegen
Improve codegen of unaligned access for IAR and gcc
2024-01-25 08:31:45 +00:00
Gilles Peskine
9cd2e9ad1b mbedtls_pk_get_psa_attributes: require MBEDTLS_PSA_CRYPTO_C
Ideally this and other pk functions would work with
MBEDTLS_PSA_CRYPTO_CLIENT (i.e. whether PSA API functions are implemented
locally or via client-server communication). However, at the moment, some
helper functions are missing when MBEDTLS_PSA_CRYPTO_C is disabled, at least
mbedtls_ecc_group_to_psa(). For the time being, don't provide
mbedtls_pk_get_psa_attributes() when MBEDTLS_PSA_CRYPTO_C is disabled. We
can improve later, looking generally at a group of functions to generalize,
not mixed with delivering new APIs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-24 22:10:50 +01:00
Paul Elliott
7fd162ec26 Refactor common PThreads CMake code
Move the flags and find of Threads to root CMakeLists.txt, rather
than duplicate these everywhere. Make explicit linking of library with
PThreads use the same mechanism.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-01-24 18:05:53 +00:00
Valerio Setti
6def24ce73 test_suite_[pkparse/rsa]: move RSA private key parsing tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:42:32 +01:00
Valerio Setti
688f795cb3 asn1: use the new symbol to guard dependencies of ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
f4d2dc2d77 psa_util: guard ECDSA conversion functions with proper (internal) symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
a7b83a04ee psa_util: add variable casting in convert_raw_to_der_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
86bae52c55 psa_util: skip leading zeros in der format with "if" instead of "while"
This is possible because we know that DER format can have at most
1 leading zero.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
c22e3ce8ef psa_util: remove CRYPTO_C guard from ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:31 +01:00
Valerio Setti
5713c8a5ac psa_util: minor code improvements
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:14:37 +01:00
Valerio Setti
84890c9be2 psa_util: improve description for ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:14:37 +01:00
Valerio Setti
bd5b9c61fe pk_wrap: use PSA util functions for ECDSA conversion instead of PK ones
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:14:37 +01:00
Valerio Setti
75501f5ede psa_util: add raw<->DER ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:14:37 +01:00
Ryan Everett
3877d4858b Refactor macros
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-24 13:26:26 +00:00
Valerio Setti
a5f36fcaae rsa: write documentation of new functions for parse/writing RSA priv/pub keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:37 +01:00
Valerio Setti
18dd00052e pk_wrap: use RSA module functions to write priv/pub key in RSA wrappers
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:37 +01:00
Valerio Setti
dccfd3612d rsa: update return values of priv/pub parse/write functions
The goal is to remove usage of PK return values in order to
completely eliminate that dependency.
This commit also updates pkparse and test_suite_x509parse to
align with this change in return values.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:34 +01:00
Dave Rodgman
13f2f4e7f1 Merge remote-tracking branch 'restricted/development' into mbedtls-3.5.2rc 2024-01-24 09:49:15 +00:00
Ryan Everett
cb05ce30e9 Minor fixes to locking macros
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-23 19:25:10 +00:00
Gilles Peskine
55effd9456 Fix the build with MBEDTLS_RSA_ALT
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
c09df2f24c Unify want_private detection
This commit makes the code arguably slightly simpler and fixes the build
with clang -Wimplicit-fallthrough. No intended semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
f3dbc98d96 mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_USE_PSA_EC_DATA
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
7354f1e178 Allow building with MBEDTLS_PK_USE_PSA_EC_DATA && MBEDTLS_ECP_C
This isn't officially supported, but it's convenient to build the library
this way for quick testing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
758d8c7631 mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_OPAQUE
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
ace7c7721e mbedtls_pk_get_psa_attributes: ECC support
Add code and unit tests for MBEDTLS_PK_ECxxx in
mbedtls_pk_get_psa_attributes().

This commit only supports built-in ECC (MBEDTLS_ECP_C). A subsequent commit
will handle driver-only ECC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
6ea18361df mbedtls_pk_get_psa_attributes: RSA support
Add code and unit tests for MBEDTLS_PK_RSA in mbedtls_pk_get_psa_attributes().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
1f97e73114 mbedtls_pk_get_psa_attributes: force enrollment algorithm off
This avoids a possible gotcha when if the application code reuses an
existing attribute structure.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
0b17255da1 Introduce mbedtls_pk_get_psa_attributes
Follow the specification in https://github.com/Mbed-TLS/mbedtls/pull/8657
as of dd77343381, i.e.
dd77343381/docs/architecture/psa-migration/psa-legacy-bridges.md (api-to-create-a-psa-key-from-a-pk-context)

This commit introduces the function declaration, its documentation, the
definition without the interesting parts and a negative unit test function.
Subsequent commits will add RSA, ECC and PK_OPAQUE support.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Ryan Everett
90afb132e0 Add ..._GOTO_EXIT macro
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-23 18:34:55 +00:00
Ryan Everett
d6d6a76e46 Add ..._GOTO_RETURN macro
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-23 18:32:42 +00:00
Valerio Setti
7b7ffd3bb9 psa_crypt_rsa: remove dependency from the PK module
Use new functions from the RSA module to parse and write
private and public keys in PKCS#1 format.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-23 16:14:18 +01:00
Valerio Setti
b328c44932 pk/rsa: move RSA parse/write private/public key functions to rsa module
These functions are meant to be used internally, so their prototype
declaration is kept into rsa_internal.h.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-23 15:18:57 +01:00
Chien Wong
019c2a7817
Handle sizeof(size_t) > sizeof(uint64_t)
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-23 21:38:06 +08:00
Janos Follath
aa3fa98bc4
Merge pull request #8726 from v1gnesh/patch-1
Update entropy_poll.c to allow build in z/OS
2024-01-23 12:43:18 +00:00
Dave Rodgman
c64280a2d7 Fix comment typo
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-23 10:05:08 +00:00
Dave Rodgman
00b530e395 Limit compiler hint to compilers that are known to benefit from it
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-23 09:41:34 +00:00
Valerio Setti
429cd50ac8 pkwrite: split pk_write_rsa_der() with a dedicated function for non-opaque RSA key
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-23 09:10:22 +01:00
Valerio Setti
fd49a46a36 pkparse: rename RSA key and pubkey parsing functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-23 08:35:11 +01:00
Dave Rodgman
e23d6479cc Bump version
./scripts/bump_version.sh --version 3.5.1

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-22 15:45:49 +00:00
Janos Follath
b4b8f3df3b RSA: improve readability
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
47ee770812 RSA: remove unneeded temporaries
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
e6750b2a0b RSA: document Montgomery trick in unblind
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
a62a554071 Fix style
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
100dcddfca Make local function static
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
6bcbc925bf Extend blinding to RSA result check
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
d6b096532c Make RSA unblinding constant flow
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Jonathan Winzig
a0c9448bea Update fix to be more platform-independent
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-22 15:31:05 +00:00
Jonathan Winzig
63b5e216f8 Fix Issue #8687
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-22 15:31:05 +00:00
Chien Wong
858bc65d74
Add comment on impossible overflows
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-22 20:47:26 +08:00
Chien Wong
bf4b5ed7a4
Add back restriction on AD length of GCM
Fixes: bd513bb53d
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-22 20:43:54 +08:00
v1gnesh
3c129dd6aa
Update entropy_poll.c
Signed-off-by: v1gnesh <v1gnesh@users.noreply.github.com>
2024-01-22 15:59:49 +05:30
Manuel Pégourié-Gonnard
34c6e8a770
Merge pull request #8700 from valeriosetti/issue8461
psa_asymmetric_encrypt() doesn't work with opaque driver
2024-01-22 08:43:08 +00:00
Ronald Cron
297c608915 tls13: cli: Fix setting of early data transform
Fix setting of early data transform when we
do not send dummy CCS for middlebox compatibility.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-22 09:37:45 +01:00