Commit Graph

432 Commits

Author SHA1 Message Date
Dave Rodgman
af9b4841fb
Merge pull request #4605 from gabor-mezei-arm/3267_sign_verify_key_policies
[Backport 2.x] Key policy extension for PSA_KEY_USAGE_SIGN/VERIFY_HASH
2021-06-30 14:51:03 +01:00
Dave Rodgman
0a4046e9ca
Merge pull request #4736 from daverodgman/alert_bugfixes_2.x
Backport 2.x: Fix alert raised for invalid fragment length
2021-06-30 09:02:49 +01:00
Dave Rodgman
de8c91bbae Improve Changelog for TLS alert codes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 14:43:09 +01:00
Nick Child
b6d5693be2 pk.c: Ensure hash_len equals hash in pk_hashlen_helper
The function `pk_hashlen_helper` exists to ensure a valid hash_len is
used in pk_verify and pk_sign functions. This function has been
used to adjust to the corrsponding hash_len if the user passes in 0
for the hash_len argument based on the md algorithm given. If the user
does not pass in 0 as the hash_len, then it is not adjusted. This is
problematic if the user gives a hash_len and hash buffer that is less than the
associated length of the md algorithm. This error would go unchecked
and eventually lead to buffer overread when given to specific pk_sign/verify
functions, since they both ignore the hash_len argument if md_alg is not MBEDTLS_MD_NONE.

This commit, adds a conditional to `pk_hashlen_helper` so that an
error is thrown if the user specifies a hash_length (not 0) and it is
not equal to the expected for the associated message digest algorithm.
This aligns better with the api documentation where it states "If
hash_len is 0, then the length associated with md_alg is used instead,
or an error returned if it is invalid"

Signed-off-by: Nick Child <nick.child@ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
2021-06-29 09:31:06 -04:00
gabor-mezei-arm
61739e3fd3
Fix changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 11:22:34 +02:00
Dave Rodgman
dd5f624f32 Fix TLS alert codes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 09:45:08 +01:00
gabor-mezei-arm
7a163603ea
Add changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 21:36:58 +02:00
Janos Follath
ef15ce502c Add ChangeLog entry
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-25 14:59:30 +01:00
gabor-mezei-arm
e81a0cf0b9
Fix changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-25 15:09:40 +02:00
Ronald Cron
132e8c3cab
Merge pull request #4715 from gilles-peskine-arm/psa_crypto_spm-from_platform_h-2.x
Backport 2.x: Fix and test the MBEDTLS_PSA_CRYPTO_SPM build
Straightforward backport from development to developement_2.x plus one trivial commit, only one approval is enough.
2021-06-25 09:00:58 +02:00
gabor-mezei-arm
8f8dc4c188
Add changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 16:57:29 +02:00
Ronald Cron
eaacabf98d
Merge pull request #4392 from gilles-peskine-arm/psa-storage-format-test-lifetimes
Backport 2.x: PSA storage format: test lifetimes
2021-06-23 15:22:24 +02:00
Gilles Peskine
76dec15d54 Move the inclusion of crypto_spe.h to psa/crypto_platform.h
This makes it easier to ensure that crypto_spe.h is included everywhere it
needs to be, and that it's included early enough to do its job (it must be
included before any mention of psa_xxx() functions with external linkage,
because it defines macros to rename these functions).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 14:45:17 +02:00
Janos Follath
53d1cf8e2b
Merge pull request #4644 from gilles-peskine-arm/mpi_montmul-null-2.x
Backport 2.x: Fix several bugs with the value 0 in bignum
2021-06-23 13:40:05 +01:00
Gilles Peskine
478ac0bcc1
Merge pull request #4704 from mpg/issue-3990-fix_psa_verify_with_alt-2.x
[Backport 2.x] Fix PSA RSA PSS verify with ALT implementations
2021-06-23 11:47:42 +02:00
Ronald Cron
f38646151e Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-22 13:43:13 +02:00
Janos Follath
0e89dafbab Add ChangeLog entry
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-22 12:57:05 +02:00
Gilles Peskine
c513934f8c Changelog entry for the mbedtls_mpi_read_xxx changes
mbedtls_mpi_read_binary{,_le} (in https://github.com/ARMmbed/mbedtls/pull/4276)
and mbedtls_mpi_read_string (in https://github.com/ARMmbed/mbedtls/pull/4644)
changed their behavior on an empty input from constructing an MPI object with
one limb to not allocating a limb. In principle, this change should be
transparent to applications, however it caused a bug in the library and it does
affect the value when writing back out, so list the change in the changelog.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:39:17 +02:00
Gilles Peskine
70a7dcda3f Fix multiplication producing a negative zero
Fix mbedtls_mpi_mul_mpi() when one of the operands is zero and the
other is negative. The sign of the result must be 1, since some
library functions do not treat {-1, 0, NULL} or {-1, n, {0}} as
representing the value 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:39:17 +02:00
Gilles Peskine
b5e56ec5fd mbedtls_mpi_gcd: fix the case B==0
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:39:17 +02:00
Gilles Peskine
37e7736d8e Changelog for the fix to mbedtls_mpi_exp_mod(A=0)
In Mbed TLS 2.26.0, the bug was hard to trigger, since all methods for
parsing a bignum (mbedtls_mpi_read_xxx functions) constructed an mbedtls_mpi
object with at least one limb.

In the development branch, after the commit
"New internal function mbedtls_mpi_resize_clear", this bug could be
triggered by a TLS server, by passing invalid custom Diffie-Hellman
parameters with G=0 transmitted as a 0-length byte string.

Since the behavior change in mbedtls_mpi_read_binary and
mbedtls_mpi_read_binary_le (constructing 0 limbs instead of 1 when passed
empty input) turned out to have consequences despite being in principle an
internal detail, mention it in the changelog.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:39:17 +02:00
Manuel Pégourié-Gonnard
6a55de9057
Merge pull request #4623 from gilles-peskine-arm/debug-print-mpi-null-2.x
Backport 2.x: Fix mbedtls_debug_print_mpi crash on 0
2021-06-22 12:08:57 +02:00
Manuel Pégourié-Gonnard
9a11ac9cc1
Merge pull request #4621 from gilles-peskine-arm/default-hashes-curves-2.x
Backport 2.x: Curve and hash selection for X.509 and TLS
2021-06-22 12:08:43 +02:00
Manuel Pégourié-Gonnard
82a5a9dcdd Merge branch 'development_2.x' into development_2.x-restricted
* development_2.x:
  Reword changelog - Test Resource Leak
  Fix fd range for select on Windows
  Refactor file descriptor checks into a common function
  Update changelog formatting - Missing Free Context
  Update changelog formatting Missing Free Context
  Update changelog formatting - Missing Free Context
  Changelog entry for Free Context in test_suite_aes fix
  Free context in at the end of aes_crypt_xts_size()
  Fix copypasta in test data
  Use UNUSED wherever applicable in derive_input tests
  Fix missing state check for tls12_prf output
  Key derivation: add test cases where the secret is missing
  Add bad-workflow key derivation tests
  More explicit names for some bad-workflow key derivation tests
2021-06-22 10:42:04 +02:00
Dave Rodgman
c158213b2e
Merge pull request #4678 from JoeSubbiani/FixedMissingContextFree-test_suite_aes
Backport 2.x: Add missing free context at the end of aes_crypt_xts_size()
2021-06-22 09:24:14 +01:00
Manuel Pégourié-Gonnard
b7a87e3059
Merge pull request #835 from mpg/rsa-lookup-2.x-restricted
[Backport 2.x] Use constant-time look-up in modular exponentiation
2021-06-22 09:33:24 +02:00
Joe Subbiani
7d5fa2be81 Reword changelog - Test Resource Leak
- “Fix an issue where X happens” → ”Fix X“
  the extra words are just a distraction.
- “resource” → “a resource”
- “where resource is never freed” has a name: it's a resource leak
- “when running one particular test suite” → “in a test suite”

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-06-21 16:57:28 +01:00
Gilles Peskine
51859aaff2 Fix fd range for select on Windows
Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with
MBEDTLS_ERR_NET_POLL_FAILED on Windows: they were testing that the file
descriptor is in range for fd_set, but on Windows socket descriptors are not
limited to a small range. Fixes #4465.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-20 23:17:39 +02:00
Joe Subbiani
02945bcab4 Update changelog formatting - Missing Free Context
Missing trailing full stop added to the end of the fixed issue number

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-06-18 18:55:57 +01:00
Joe Subbiani
707186d179 Update changelog formatting Missing Free Context
Trailing white space causing check_files.py to fail

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-06-18 17:45:34 +01:00
Joe Subbiani
5e1fac8b28 Update changelog formatting - Missing Free Context
The original formatting was in dos and the changelog
assembler would fail. The length of the description was
too long horizontally. This has been updated.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-06-18 15:42:42 +01:00
Joe Subbiani
2af8d04085 Changelog entry for Free Context in test_suite_aes fix
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-06-18 12:06:31 +01:00
Manuel Pégourié-Gonnard
fbf9aff285
Merge pull request #830 from gilles-peskine-arm/ecp_max_bits-check-2.x
Backport 2.x: check MBEDTLS_ECP_MAX_BITS
2021-06-15 11:31:11 +02:00
Gilles Peskine
f216f0d5d4 Fix missing state check for tls12_prf output
Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive
about missing inputs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-14 18:08:26 +02:00
Gilles Peskine
33c92f01a0 Determine MBEDTLS_ECP_MAX_BITS automatically
MBEDTLS_ECP_MAX_BITS is now determined automatically from the configured
curves and no longer needs to be configured explicitly to save RAM. Setting
it explicit in config.h is still supported for backward compatibility.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-11 21:44:58 +02:00
Gilles Peskine
6dba3200d4 Fail the build if MBEDTLS_ECP_MAX_BITS is not large enough
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-11 21:43:14 +02:00
Manuel Pégourié-Gonnard
7576f55f19 Add ChangeLog entry about RSA side channel.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-11 10:13:22 +02:00
Manuel Pégourié-Gonnard
c4c0d819ce Merge branch 'development_2.x' into development_2.x-restricted
* development_2.x:
  Disable OS X builds on Travis
  config: Allow Mbed to implement TIMING_C
  Fix misuse of MD API in SSL constant-flow HMAC
2021-06-11 10:09:53 +02:00
Jaeden Amero
128c94dd87 config: Allow Mbed to implement TIMING_C
Mbed OS now provides POSIX-like time functions, although not alarm() nor
signal(). It is possible to implement MBEDTLS_TIMING_ALT on Mbed OS, so
we should not artificially prevent this in check-config. Remove the the
check that prevents implementing MBEDTLS_TIMING_ALT on Mbed OS.

Note that this limitation originally was added in the following commit,
although there isn't much context around why the restriction was
imposed: 63e7ebaaa1 ("Add material for generating yotta module"). In
2015, Mbed OS was quite a different thing: no RTOS, no threads, just an
asynchronous event loop model. I'd suppose the asynchronous event loop
model made it difficult before to implement MBEDTLS_TIMING_C on Mbed OS,
but that is no longer the case.

Fixes #4633

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2021-06-09 14:09:11 +01:00
Gilles Peskine
2ee0bb333c Simplify mbedtls_debug_print_mpi and fix the case of empty bignums
Rewrite mbedtls_debug_print_mpi to be simpler and smaller. Leverage
mbedtls_mpi_bitlen() instead of manually looking for the leading
zeros.

Fix #4608: the old code made an invalid memory dereference when
X->n==0 (freshly initialized bignum with the value 0).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-07 21:41:59 +02:00
Gilles Peskine
b3ca90bc44 Reduce the default ECP window size
MBEDTLS_ECP_WINDOW_SIZE is a compromise between memory usage (growing based
on the value) and performance (faster with larger values). There are
disminishing returns as the value grows larger. Based on Manuel's benchmarks
recorded in https://github.com/ARMmbed/mbedtls/issues/4127, 4 is a good
compromise point, with larger values bringing little advantage. So reduce
the default from 6 to 4.

Document the default value as in optimized for performance mostly, but don't
document the specific value, so we may change it later or make it
platform-dependent.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-07 21:27:51 +02:00
Gilles Peskine
7a4c7589c8
Merge pull request #4541 from mpg/fix-ssl-cf-hmac-alt-2.x
[Backport 2.x] Fix misuse of MD API in SSL constant-flow HMAC
2021-06-07 20:53:48 +02:00
Gilles Peskine
74f66bb5c3 Fix non-constant-time comparison in mbedtls_mpi_random
Calling mbedtls_mpi_cmp_int reveals the number of leading zero limbs
to an adversary who is capable of very fine-grained timing
measurements. This is very little information, but could be practical
with secp521r1 (1/512 chance of the leading limb being 0) if the
adversary can measure the precise timing of a large number of
signature operations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-04 14:50:23 +02:00
Manuel Pégourié-Gonnard
62da8ac37a
Merge pull request #4276 from gilles-peskine-arm/random-range-uniformity
Backport 2.x: Fix non-uniform random generation in a range
2021-06-04 10:43:25 +02:00
Gilles Peskine
be4b5dd8c1 Add changelog entry for non-uniform MPI random generation
Fix #4245.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-02 21:39:30 +02:00
Gilles Peskine
cba4b35fcb Changelog entry for adding mbedtls_mpi_random()
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-02 21:31:24 +02:00
Gilles Peskine
251c774b91 Refuse to destroy read-only keys
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-28 12:53:15 +02:00
Gilles Peskine
ac9851f8d3 Forbid creating a read-only key
The persistence level PSA_KEY_PERSISTENCE_READ_ONLY can now only be used
as intended, for keys that cannot be modified through normal use of the API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-27 21:10:09 +02:00
Ronald Cron
9df7209bf6
Merge pull request #4546 from Patater/psa-without-genprime-fix-2.x
[Backport 2.x] psa: Support RSA signature without MBEDTLS_GENPRIME
2021-05-27 14:19:14 +02:00
Gilles Peskine
6a73f5592b Changelog entry for the ARIA_ALT and CAMELLIA_ALT fixes
Fix ARMmbed/mbed-os#14694

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 18:45:04 +02:00
Ronald Cron
aede2d0c52
Merge pull request #4533 from gilles-peskine-arm/host_test-int32-2.x
Backport 2.x: Fix build error in host_test.function when int32_t is not int
2021-05-21 16:02:11 +02:00
Jaeden Amero
c17f29309f psa: Support RSA signature without MBEDTLS_GENPRIME
On space-constrained platforms, it is a useful configuration to be able
to import/export and perform RSA key pair operations, but to exclude RSA
key generation, potentially saving flash space. It is not possible to
express this with the PSA_WANT_ configuration system at the present
time. However, in previous versions of Mbed TLS (v2.24.0 and earlier) it
was possible to configure a software PSA implementation which was
capable of making RSA signatures but not capable of generating RSA keys.
To do this, one unset MBEDTLS_GENPRIME.

Since the addition of MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR, this
expressivity was lost. Expressing that you wanted to work with RSA key
pairs forced you to include the ability to generate key pairs as well.

Change psa_crypto_rsa.c to only call mbedtls_rsa_gen_key() if
MBEDTLS_GENPRIME is also set. This restores the configuration behavior
present in Mbed TLS v2.24.0 and earlier versions.

It left as a future exercise to add the ability to PSA to be able to
express a desire for a software or accelerator configuration that
includes RSA key pair operations, like signature, but excludes key pair
generation.

Without this change, linker errors will occur when attempts to call,
which doesn't exist when MBEDTLS_GENPRIME is unset.
    psa_crypto_rsa.c.obj: in function `rsa_generate_key':
    psa_crypto_rsa.c:320: undefined reference to `mbedtls_rsa_gen_key'

Fixes #4512

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2021-05-21 10:21:27 +01:00
Manuel Pégourié-Gonnard
db97b1e211
Merge pull request #4491 from netfoundry/fix-mingw-build
Backport 2.x : Use proper formatting macros when using MinGW provided stdio
2021-05-21 10:03:18 +02:00
Janos Follath
d76f7ba2e1
Merge pull request #4529 from hanno-arm/ssl_session_cache_fix_backport_2x
Backport 2.x: Add session ID as an explicit parameter to SSL session cache API
2021-05-21 08:49:11 +01:00
Hanno Becker
c304679c75 Add ChangeLog entry
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-21 05:29:01 +01:00
Gilles Peskine
d135b57e8c
Merge pull request #4412 from gilles-peskine-arm/undefined-reference-2.27
Backport 2.x: Fix missing compilation guard around psa_crypto_driver_wrappers.c
2021-05-20 17:20:36 +02:00
Gilles Peskine
05c11e3dd5
Merge pull request #4503 from gilles-peskine-arm/ciphersuite-sha384-guard-2.x
Backport 2.x: fix SHA384 guards in TLS
2021-05-19 21:13:08 +02:00
Gilles Peskine
ad0e01248d Fix missing compilation guard around psa_crypto_driver_wrappers.c
Fix #4411.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 21:03:46 +02:00
Gilles Peskine
367379d7fc Fix dependencies on SHA384 cipher suites
They depended on MBEDTLS_SHA512_C only. A check for !MBEDTLS_SHA512_NO_SHA384
was missing.

Fix #4499.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 16:58:08 +02:00
Gilles Peskine
3d23e28ee1 Fix dependency for TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384
Fix #4472

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 16:57:40 +02:00
Gilles Peskine
e14e839e1f
Merge pull request #4525 from gilles-peskine-arm/pr_4357-changelog
Backport 2.x: Add changelog entry for #4357
2021-05-19 11:58:08 +02:00
Manuel Pégourié-Gonnard
21bfbdd703 Fix misuse of MD API in SSL constant-flow HMAC
The sequence of calls starts-update-starts-update-finish is not a
guaranteed valid way to abort an operation and start a new one. Our
software implementation just happens to support it, but alt
implementations may very well not support it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-19 10:40:02 +02:00
Gilles Peskine
47cd121d18 Fix build error when int32_t is not int
Fix a pointer mismatch when int32_t is not int, for example on Cortex-M where
in32_t is long int. Fix #4530

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-18 16:43:00 +02:00
Gilles Peskine
8ce4ab18ab
Merge pull request #4460 from gilles-peskine-arm/generate-tests-python3-make-2.x
Backport 2.x: Use Python 3 instead of Python 2 to generate test files
2021-05-18 13:30:40 +02:00
Gilles Peskine
6e0b043278 Add changelog entry for #4357
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-17 22:20:11 +02:00
David Brown
be2db1687e Add changelog for posix definition
Signed-off-by: David Brown <david.brown@linaro.org>
2021-05-12 15:00:55 -06:00
eugene
3239eff409 fix changelog entry
Signed-off-by: eugene <eugene.kobyakov@netfoundry.io>
2021-05-12 14:37:24 -04:00
eugene
98d2fe9f85 add changelog entry
Signed-off-by: eugene <eugene.kobyakov@netfoundry.io>
2021-05-12 12:41:13 -04:00
Manuel Pégourié-Gonnard
85bb47596c
Merge pull request #4456 from gilles-peskine-arm/remove-config-psa-crypto-2.x
Backport 2.x: Remove config-psa-crypto.h
2021-05-10 11:52:34 +02:00
Gilles Peskine
e0de27729e Changelog entry for no longer explicitly invoking python2
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-06 11:35:18 +02:00
Gilles Peskine
947360e428 Changelog entry for the removal of config-psa-crypto.h in 2.x
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-05 18:01:04 +02:00
Gilles Peskine
0d27366520
Merge pull request #4448 from stevew817/backport_allow_cmac_alt_without_3des
[Backport 2.x] Allow CMAC_ALT implementations to not support 3DES
2021-04-30 12:45:25 +02:00
Gilles Peskine
222921830a
Merge pull request #4438 from gilles-peskine-arm/aes2crypt-removal-2.x
Backport 2.x: Remove the sample program aescrypt2
2021-04-30 11:15:25 +02:00
Steven Cooreman
91e2bab7fb Add documentation for change in CMAC self-test behaviour
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-30 10:09:52 +02:00
Gilles Peskine
4ad0967125
Merge pull request #4430 from gilles-peskine-arm/dhm_min_bitlen-bits
Backport 2.x: Enforce dhm_min_bitlen exactly
2021-04-29 14:55:36 +02:00
Gilles Peskine
e0427c777f
Merge pull request #4434 from chris-jones-arm/development
Backport 2.x: Add macro to check error code additions/combinations
2021-04-28 16:47:26 +02:00
Gilles Peskine
98b3cd6b23 Remove the sample program aescrypt2
The sample program aescrypt2 shows bad practice: hand-rolled CBC
implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key
stretching, no algorithm agility. The new sample program pbcrypt does
the same thing, but better. So remove aescrypt2.

Fix #1906

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-28 15:57:30 +02:00
Ronald Cron
931d91e307
Merge pull request #4243 from bensze01/psa_vararg
PSA: Update AEAD output buffer macros to PSA API version 1.0
2021-04-28 08:36:06 +02:00
Dave Rodgman
46266670e9 Improve changelog entry for #4217
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-27 17:08:26 +01:00
Steven Cooreman
7f7f6b8ba9 Add changelog entry for #4217
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-27 17:08:26 +01:00
Gilles Peskine
065a1c8e3d Allow configuring MBEDTLS_TLS_EXT_CID at compile time
The numerical identifier of the CID extension hasn't been settled yet
and different implementations use values from different drafts. Allow
configuring the value at compile time.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-27 11:34:37 +02:00
Bence Szépkúti
58d8518eb1 Update changelog
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-27 04:41:43 +02:00
Ronald Cron
b5939e814e
Merge pull request #4160 from stevew817/feature/driver_builtin_keys
Add implementation for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS

Merging as it has been ready for four days now and I prefer not having to go through other rebases especially given the coming change of scope of development (3.0 rather than 2.2x).
2021-04-23 09:40:31 +02:00
Manuel Pégourié-Gonnard
0bbb38c67e
Merge pull request #4199 from TRodziewicz/mul_shortcut_fix
Fix ECDSA failing when the hash is all-bits-zero
2021-04-19 09:54:12 +02:00
Bence Szépkúti
8072db2fcb Add changelog
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 17:32:16 +02:00
Steven Cooreman
5be864f645 Add changelog for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Manuel Pégourié-Gonnard
247745ffc4 Revert "Changelog added"
This reverts commit 0961e3db49.

This was merged by mistake in development instead of development_3.0.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-15 12:27:04 +02:00
Chris Jones
fdb588b3a7 Fix an incorrect error code addition in pk_parse_key_pkcs8_unencrypted_der
An incorrect error code addition was spotted by the new invasive testing
infrastructure whereby pk_get_pk_alg will always return a high level
error or zero and pk_parse_key_pkcs8_unencrypted_der will try to add
another high level error, resulting in a garbage error code.

Apply the same fix from ae3741e8a to fix the bug.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-15 11:19:56 +01:00
Manuel Pégourié-Gonnard
c039514559
Merge pull request #4334 from TRodziewicz/origin/remove_old_func_from_hashing
Remove deprecated things from hashing modules
2021-04-15 10:13:32 +02:00
TRodziewicz
0961e3db49 Changelog added
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-12 17:19:43 +02:00
Gilles Peskine
8f28c24b4a Explain the problem in more concrete terms
Don't try to make the reader guess what a “negative zero” might mean.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-09 20:20:26 +02:00
Gilles Peskine
fd4fab0b24 mbedtls_mpi_read_string("-0") no longer produces a "negative zero"
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-09 17:13:15 +02:00
TRodziewicz
40de3c99c0 Fix Changelog, add separate test functions for hash of all-zero bits
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-07 19:16:18 +02:00
Gilles Peskine
7bc6a3749c
Merge pull request #3183 from meuter/development
RSA PSS signature generation with the option to specify the salt length
2021-04-06 21:36:06 +02:00
TRodziewicz
5feb6702dd Fix the Changelog and extend tests to cover the hash of all-bits zero
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-06 19:56:42 +02:00
Gilles Peskine
889828d0b4
Merge pull request #4279 from ronald-cron-arm/fix-invalid-id-error-code
Fix error code when creating/registering a key with invalid id
2021-04-06 18:46:30 +02:00
Ronald Cron
602f986511 Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:55:04 +02:00
Gilles Peskine
e8a2fc8461 Enforce dhm_min_bitlen exactly, not just the byte size
In a TLS client, enforce the Diffie-Hellman minimum parameter size
set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
minimum size was rounded down to the nearest multiple of 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-01 14:20:03 +02:00
Ronald Cron
2af9641a7d
Merge pull request #4198 from maulik-arm/maulik-arm/fix-4162
PSA Update return code for non-existing key in various key operations
2021-04-01 13:27:31 +02:00
Maulik Patel
f41be14269 Add Change log entry for bug fix.
Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
2021-04-01 10:01:32 +01:00