Gilles Peskine
e30ad46f91
Add type annotations
...
Prepare to move InputsForTest to macro_collector.py.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:31:21 +02:00
Gilles Peskine
4d59f01bcd
Fix copypasta in documentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:31:21 +02:00
Ronald Cron
aede2d0c52
Merge pull request #4533 from gilles-peskine-arm/host_test-int32-2.x
...
Backport 2.x: Fix build error in host_test.function when int32_t is not int
2021-05-21 16:02:11 +02:00
Manuel Pégourié-Gonnard
7dea07610c
Merge pull request #4289 from gilles-peskine-arm/openssl-dhparam-robustness-development
...
Backport 2.x: Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman
2021-05-21 10:16:18 +02:00
Manuel Pégourié-Gonnard
db97b1e211
Merge pull request #4491 from netfoundry/fix-mingw-build
...
Backport 2.x : Use proper formatting macros when using MinGW provided stdio
2021-05-21 10:03:18 +02:00
Janos Follath
d76f7ba2e1
Merge pull request #4529 from hanno-arm/ssl_session_cache_fix_backport_2x
...
Backport 2.x: Add session ID as an explicit parameter to SSL session cache API
2021-05-21 08:49:11 +01:00
Hanno Becker
c304679c75
Add ChangeLog entry
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-21 05:29:01 +01:00
Gilles Peskine
d135b57e8c
Merge pull request #4412 from gilles-peskine-arm/undefined-reference-2.27
...
Backport 2.x: Fix missing compilation guard around psa_crypto_driver_wrappers.c
2021-05-20 17:20:36 +02:00
Gilles Peskine
a33cb76820
Merge pull request #4493 from netfoundry/gcc11.fixes_2.x
...
Backport 2.x: build with gcc11
2021-05-20 15:54:20 +02:00
Gilles Peskine
05c11e3dd5
Merge pull request #4503 from gilles-peskine-arm/ciphersuite-sha384-guard-2.x
...
Backport 2.x: fix SHA384 guards in TLS
2021-05-19 21:13:08 +02:00
Gilles Peskine
ad0e01248d
Fix missing compilation guard around psa_crypto_driver_wrappers.c
...
Fix #4411 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 21:03:46 +02:00
Gilles Peskine
c54010c3ec
Split SHA-512 and SHA-384 guards for hash availability code
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 16:58:15 +02:00
Gilles Peskine
fc9c07ff8f
Fix unused variable with MBEDTLS_SHA512_NO_SHA384
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 16:58:13 +02:00
Gilles Peskine
d2d59379ed
Remove dead code under MBEDTLS_SHA512_NO_SHA384
...
TLS code specific to SHA-384 was gated on MBEDTLS_SHA512_C. But SHA-384 also
requires that MBEDTLS_SHA512_NO_SHA384 is not defined. This lead to dead
code in TLS when MBEDTLS_SHA512_C and MBEDTLS_SHA512_NO_SHA384 were both
defined (i.e. when SHA-512 was enabled but not SHA-384).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 16:58:10 +02:00
Gilles Peskine
367379d7fc
Fix dependencies on SHA384 cipher suites
...
They depended on MBEDTLS_SHA512_C only. A check for !MBEDTLS_SHA512_NO_SHA384
was missing.
Fix #4499 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 16:58:08 +02:00
Gilles Peskine
3d23e28ee1
Fix dependency for TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384
...
Fix #4472
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 16:57:40 +02:00
Ronald Cron
7eee55e85f
Merge pull request #4527 from gilles-peskine-arm/psa-deprecated-macros-20210516
...
[2.x only] Remove some remaining uses of deprecated constants
ok with only one approval thus merging.
2021-05-19 14:44:37 +02:00
Dave Rodgman
f6de5d99f4
Merge pull request #4537 from daverodgman/padlock-docs-fix-2.x
...
2.x backport: Fix docs for mbedtls_padlock_has_support
2021-05-19 12:12:39 +01:00
Gilles Peskine
e14e839e1f
Merge pull request #4525 from gilles-peskine-arm/pr_4357-changelog
...
Backport 2.x: Add changelog entry for #4357
2021-05-19 11:58:08 +02:00
Hanno Becker
83e3671d87
Don't check ciphersuite and compression in SSL session cache lookup
...
Session-ID based session resumption requires that the resumed session
is consistent with the client's ClientHello in terms of choice of
ciphersuite and choice of compression.
This check was previously assumed to be performed in the session cache
implementation, which seems wrong: The session cache should be an id-based
lookup only, and protocol specific checks should be left to Mbed TLS.
This commit
- adds an explicit ciphersuite and compression consistency check after
the SSL session cache has been queried
- removes the ciphersuite and compression consistency check from
Mbed TLS' session cache reference implementation.
Don't use ssl_check_xxx() for functions with void return
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-19 05:09:56 +01:00
Dave Rodgman
6efa722e59
Fix docs for mbedtls_padlock_has_support
...
Fix a slight inaccuracy in the docs for the return value of
mbedtls_padlock_has_support.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-05-18 19:35:24 +01:00
Gilles Peskine
47cd121d18
Fix build error when int32_t is not int
...
Fix a pointer mismatch when int32_t is not int, for example on Cortex-M where
in32_t is long int. Fix #4530
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-18 16:43:00 +02:00
Gilles Peskine
8ce4ab18ab
Merge pull request #4460 from gilles-peskine-arm/generate-tests-python3-make-2.x
...
Backport 2.x: Use Python 3 instead of Python 2 to generate test files
2021-05-18 13:30:40 +02:00
Gilles Peskine
f9d0c17eaf
Remove some remaining uses of deprecated constants
...
Deprecated constants should only be used to test them specifically.
Remove a few stragglers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-17 22:31:15 +02:00
Gilles Peskine
6e0b043278
Add changelog entry for #4357
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-17 22:20:11 +02:00
Gilles Peskine
54650b3892
Merge pull request #4505 from d3zd3z/bp2x-posix-define
...
Backport 2.x: Check if feature macro is defined before define it
2021-05-17 12:09:59 +02:00
Gilles Peskine
bed4e9e214
Merge pull request #4357 from gabor-mezei-arm/3267_Implement_psa_sign_message_and_verify
...
Implement psa_sign_message and psa_verify_message
2021-05-17 10:14:46 +02:00
gabor-mezei-arm
c97b8ab0fd
Update key type name
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-14 10:11:48 +02:00
Shawn Carey
63ee881a9b
avoid -Wmaybe-uninitialized when buiding with gcc11
...
Signed-off-by: Shawn Carey <shawn.carey@netfoundry.io>
2021-05-13 10:26:52 -04:00
Gilles Peskine
bb66dac971
Fix spurious -Wstringop-overflow with GCC 11.1
...
A previous fix in d596ca8a1e
worked with
beta versions of GCC 11, but not with the final 11.1 release.
This time, just disable the warning locally.
Fix #4130
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-13 10:20:39 -04:00
David Brown
be2db1687e
Add changelog for posix definition
...
Signed-off-by: David Brown <david.brown@linaro.org>
2021-05-12 15:00:55 -06:00
Flavio Ceolin
a79c30b8f4
Check if feature macro is defined before define it
...
Zephyr's native posix port define _POSIX_C_SOURCE with a higher value
during the build, so when mbedTLS defines it with a different value
breaks the build.
As Zephyr is already defining a higher value is guaranteed that mbedTLS
required features will be available. So, just define it in case it was
not defined before.
[taken from Zephyr mbedtls module:
76dcd6eeca
]
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Signed-off-by: David Brown <david.brown@linaro.org>
2021-05-12 15:00:48 -06:00
eugene
3239eff409
fix changelog entry
...
Signed-off-by: eugene <eugene.kobyakov@netfoundry.io>
2021-05-12 14:37:24 -04:00
eugene
98d2fe9f85
add changelog entry
...
Signed-off-by: eugene <eugene.kobyakov@netfoundry.io>
2021-05-12 12:41:13 -04:00
Ronald Cron
456d547973
Merge pull request #4486 from gilles-peskine-arm/tniessen-typos-in-header-files-2.x
...
Backport 2.x: Fix typos in C header files
Enough to have only one reviewer.
2021-05-12 18:22:27 +02:00
Shawn Carey
4e54f25cc6
avoid "maybe-uninitialized" and "free-nonheap-object" errors/warnings with gcc11
...
Signed-off-by: Shawn Carey <shawn.carey@netfoundry.io>
2021-05-12 09:37:00 -04:00
eugene
7f5cd4786a
use proper formatting macros when using MinGW provided stdio
...
Signed-off-by: eugene <eugene.kobyakov@netfoundry.io>
2021-05-12 08:50:36 -04:00
gabor-mezei-arm
f25c9767a9
Enable fallback to software implementation in psa_sign/verify_message driver
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-12 11:12:25 +02:00
gabor-mezei-arm
c979578a83
Unify variable type and rename to be unambiguous
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-12 11:03:09 +02:00
gabor-mezei-arm
63c7a66320
Update documentation
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-12 10:49:27 +02:00
gabor-mezei-arm
41b5ec6fd2
Typo
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-12 10:48:55 +02:00
Tobias Nießen
02b6fba7f5
Fix typos in C header files
...
Signed-off-by: Tobias Nießen <tniessen@tnie.de>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-12 10:39:58 +02:00
Gilles Peskine
456cde1081
Merge pull request #4479 from stevew817/backport_4247
...
Backport 2.x: Dispatch MAC operations through the driver interface
2021-05-11 20:21:17 +02:00
Steven Cooreman
bbb1952414
Refactor out mac_sign_setup and mac_verify_setup
...
Since they became equivalent after moving the is_sign checking back to
the PSA core, they're now redundant, and the generic mac_setup function
can just be called directly.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
f8ad2123f9
Be explicit about why the zero-length check is there
...
Since a valid mac operation context would guarantee that the stored
mac size is >= 4, it wasn't immediately obvious that the zero-length
check is meant for static analyzers and a bit of robustness.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
be21dab099
Apply mbedtls namespacing to MAC driver test hooks
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
a6474de2ac
Supply actual key bits to PSA_MAC_LENGTH during MAC setup
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
9621f444a7
Correctly mark unused arguments when MAC algorithms are compiled out
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
63fa40e593
Add sanity tests for CMAC-(3)DES through PSA Crypto
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
aaf9944db3
Use the proper define guards in the MAC driver
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00