Commit graph

263 commits

Author SHA1 Message Date
Gilles Peskine e252868be4
Merge pull request #4067 from stevew817/feature/allow_multilength_aead
Add support for key policies (MAC & AEAD)
2021-03-08 15:04:17 +01:00
Steven Cooreman 7de9e2db1f Language / verbiage fixes
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman 5d81481a1c Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman caad49316b rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman ee18b1f5a4 Style and language updates after review
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman b3ce8156ce Add support for minimum-tag-length AEAD and MAC policies
Includes tests.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
Gilles Peskine ddf4374879 Fix stack buffer overflow in net functions with large file descriptor
Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout() when given a file descriptor that is beyond
FD_SETSIZE. The bug was due to not checking that the file descriptor
is within the range of an fd_set object.

Fix #4169

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-25 15:56:48 +01:00
Gilles Peskine b15832160b Make entropy double-free work
Although the library documentation does not guarantee that calling
mbedtls_entropy_free() twice works, it's a plausible assumption and it's
natural to write code that frees an object twice. While this is uncommon for
an entropy context, which is usually a global variable, it came up in our
own unit tests (random_twice tests in test_suite_random).

Announce this in the same changelog entry as for RSA because it's the same
bug in the two modules.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 11:27:03 +01:00
Gilles Peskine 4337a9cb18 Document mutex usage for RSA
The mutex is now initialized iff ver != 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine 1226ecef01 Changelog entry for RSA mutex usage fix
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine 71edf749e1 Changelog entry for DRBG mutex usage fix
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Dave Rodgman d6ee36ed04
Merge pull request #4110 from gilles-peskine-arm/psa-external-random-in-mbedtls
Expose the PSA RNG in mbedtls
2021-02-22 14:47:29 +00:00
Gilles Peskine d548d964db Clarify where mbedtls_psa_get_random might be useful
Also fix some typos.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:46:06 +01:00
Gilles Peskine e3ed802138 Expose mbedtls_psa_get_random()
Expose whatever RNG the PSA subsystem uses to applications using the
mbedtls_xxx API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:39:48 +01:00
Gilles Peskine bb86d0c61c
Merge pull request #3995 from stevew817/feature/psa_configurable_static_ram_usage
Allow tweaking PSA_KEY_SLOT_COUNT
2021-02-16 12:52:24 +01:00
Manuel Pégourié-Gonnard 495ef98b24
Merge pull request #3976 from devnexen/fbsd_dfly_upd
Implements getrandom's wrapper for handful of BSD.
2021-02-16 09:41:55 +01:00
Steven Cooreman 863470a5f9 Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 14:26:44 +01:00
David Carlier 4971c3fce7 Changelog entry.
Signed-off-by: David Carlier <devnexen@gmail.com>
2021-02-15 13:13:13 +00:00
Steven Cooreman 7976574f82 Allow tweaking PSA_KEY_SLOT_COUNT
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 13:58:27 +01:00
Gilles Peskine 59ad77032f
Merge pull request #4131 from paul-elliott-arm/fix_crypto_leak
Fix memory leak in error case in psa_crypto
2021-02-15 11:38:13 +01:00
Ronald Cron 5cd00d28bf
Merge pull request #4092 from ronald-cron-arm/psa-crypto-client
Psa crypto client
2021-02-15 10:46:35 +01:00
Paul Elliott d17062e6bf Correct english in changelog.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-12 14:48:16 +00:00
Bence Szépkúti a63b20d28b Rename AEAD tag length macros
This brings them in line with PSA Crypto API 1.0.0

PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
PSA_ALG_AEAD_WITH_TAG_LENGTH         -> PSA_ALG_AEAD_WITH_SHORTENED_TAG

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-11 11:39:31 +01:00
Paul Elliott da3e7db495 Fix memory leak in error case in psa_crypto
In psa_generate_derived_key_internal() an error case was returning
directly rather than jumping to the exit label, which meant that an
allocated buffer would not be free'd.

Found via coverity.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-09 19:03:47 +00:00
Ronald Cron 07907ae84e Add change log entry
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-09 15:36:14 +01:00
Gilles Peskine 2fa6b5f503 ECC import: more useful choice of INVALID_ARGUMENT vs NOT_SUPPORTED
Attempting to create an ECC key with a curve specification that is not
valid can plausibly fail with PSA_ERROR_INVALID_ARGUMENT ("this is not
a curve specification at all") or PSA_ERROR_NOT_SUPPORTED ("this may
be a curve specification, but not one I support"). The choice of error
is somewhat subjective.

Before this commit, due to happenstance in the implementation, an
attempt to use a curve that is declared in the PSA API but not
implemented in Mbed TLS returned PSA_ERROR_INVALID_ARGUMENT, whereas
an attempt to use a curve that Mbed TLS supports but for which support
was disabled at compile-time returned PSA_ERROR_NOT_SUPPORTED. This
inconsistency made it difficult to write negative tests that could
work whether the curve is implemented via Mbed TLS code or via a
driver.

After this commit, any attempt to use parameters that are not
recognized fails with NOT_SUPPORTED, whether a curve with the
specified size might plausibly exist or not, because "might plausibly
exist" is not something Mbed TLS can determine.

To keep returning INVALID_ARGUMENT when importing an ECC key with an
explicit "bits" attribute that is inconsistent with the size of the
key material, this commit changes the way mbedtls_ecc_group_of_psa()
works: it now works on a size in bits rather than bytes, with an extra
flag indicating whether the bit-size must be exact or not.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 18:43:26 +01:00
Janos Follath 6a32ad83e3
Merge pull request #4094 from d-otte/development
wrong RSA_PRV_DER_MAX_BYTES for odd MBEDTLS_MPI_MAX_SIZE
2021-02-02 16:15:07 +00:00
Daniel Otte da43d78017 adjusting Changelog entry for PR #4094
Signed-off-by: Daniel Otte <d.otte@wut.de>
2021-02-02 12:38:26 +01:00
Daniel Otte 21cbe4a494 adding entry file to ChangeLog.d for PR4094
Signed-off-by: Daniel Otte <d.otte@wut.de>
2021-02-01 18:47:22 +01:00
Gilles Peskine c8a9177110 mbedtls_mpi_sub_abs: fix buffer overflow in error case
Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
|A| - |B| where |B| is larger than |A| and has more limbs (so the
function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE).

Fix #4042

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 17:28:03 +01:00
Gilles Peskine 53943ca434
Merge pull request #3992 from stevew817/feature/ecp_no_fallback
Add a flag for disabling software fallback in ecp.c
2021-01-29 16:08:51 +01:00
Ronald Cron 318515b384
Merge pull request #3984 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size_renames
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0
2021-01-29 09:31:59 +01:00
gabor-mezei-arm 47278ee8f8
Add changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-21 14:03:57 +01:00
Steven Cooreman 6226a12acc Documentation update for MBEDTLS_ECP_NO_FALLBACK
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-21 13:58:31 +01:00
Steven Cooreman 97b4984657 Add a flag for disabling fallback in ecp.c
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-08 16:43:43 +01:00
Gilles Peskine ae3741e8a4 Fix an incorrect error code if RSA private operation glitched
mbedtls_rsa_private() could return the sum of two RSA error codes
instead of a valid error code in some rare circumstances:

* If rsa_prepare_blinding() returned  MBEDTLS_ERR_RSA_RNG_FAILED
  (indicating a misbehaving or misconfigured RNG).
* If the comparison with the public value failed (typically indicating
  a glitch attack).

Make sure not to add two high-level error codes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine a51e1dbe76
Merge pull request #3895 from gilles-peskine-arm/psa-external-random
Alternative random generator support for PSA
2021-01-06 17:09:11 +01:00
Manuel Pégourié-Gonnard 75fdd0640f
Merge pull request #3973 from stroebeljc/development
Fixed seed variable concatenation pointer.
2021-01-06 10:07:52 +01:00
stroebeljc 03ee3834a0 Updated change description as suggested by @gilles-peskine-arm.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-05 11:28:30 -06:00
Gilles Peskine 73d783244f
Merge pull request #3969 from frestr/bugfix/psa_close_key_leak
PSA Crypto: Don't skip key data removal when SE driver is not in use
2021-01-05 16:55:52 +01:00
stroebeljc e67ba98581 Fixed verb tense in change log.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-04 18:19:29 -06:00
stroebeljc 2b50d78972 Fixed incorrect change log formatting.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-04 18:17:35 -06:00
stroebeljc d4de1b5d4e Updated per comments from @gilles-peskine-arm.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-04 18:14:32 -06:00
ENT\stroej1 6a5f10cdc7 Added ChangeLog entry for related issue.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-24 12:39:13 -06:00
Fredrik Strupe 462aa575a4 PSA Crypto: Don't skip key data removal when SE driver is not in use
Closing a wrapped key with the new SE driver interface while
MBEDTLS_PSA_CRYPTO_SE_C is also enabled leads to the key material not
being freed, even though an old SE driver is not in use, leading to a
memory leak. This is because a wrapped key is also considered external.

This commit extends the check for skipping by checking whether an
old-style SE driver is registered with the provided slot, in addition to
checking whether the key is external.

Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
2020-12-17 11:05:36 +01:00
Bence Szépkúti 0bd9d226bc Add Changelog entry
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-16 15:02:50 +01:00
Janos Follath 7ac5fd1861 Assemble ChangeLog
Executed scripts/assemble_changelog.py.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:03:46 +00:00
Janos Follath 248900d9b9 Fix Changelog format
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:03:03 +00:00
Janos Follath debe71988f Add missing ChangeLog entries
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:02:45 +00:00
Janos Follath a946dcf8b2 Merge branch 'development-restricted' into mbedtls-2.25.0r0-pr 2020-12-08 20:59:45 +00:00