yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
23791 commits 89 branches 205 tags 114 MiB
Commit graph

10531 commits

Author SHA1 Message Date
Mihir Raj Singh fdc314b6fe bignum_mod: Renamed m -> N in mbedtls_mpi_mod_read() 
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
 2023-01-16 23:06:16 +05:30
Mihir Raj Singh 928a07ba49 bignum_mod: Renamed m -> N in mbedtls_mpi_mod_modulus_free 
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
 2023-01-16 23:04:37 +05:30
Mihir Raj Singh f438ad1ab9 bignum_mod: Renamed m -> N in mbedtls_mpi_mod_modulus_setup() 
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
 2023-01-16 23:03:06 +05:30
Mihir Raj Singh b6fa940fc4 bignum_mod: Renamed m -> N in mbedtls_mpi_mod_modulus_init() 
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
 2023-01-16 23:02:04 +05:30
Mihir Raj Singh b13a58938a bignum_mod: Renamed m -> N in mbedtls_mpi_mod_residue_setup() 
Signed-off-by: Mihir Raj Singh <mihirrajsingh123@gmail.com>
 2023-01-16 23:01:25 +05:30
Pengyu Lv 9b84ea75de remove ssl_tls13_has_compat_ticket_flags 
This content of the function is moved to
ssl_tls13_has_configured_ticket.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-16 14:08:23 +08:00
Pengyu Lv e2f1dbf5ae update docs of ssl_client2 and improve code format 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-16 12:38:12 +08:00
Pengyu Lv 4938a566bf refine ticket_flags printing helper 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-16 11:28:49 +08:00
Pengyu Lv acecf9c95b make ticket_flags param types consistent 
When ticket_flags used as parameter, use unsigned int,
instead of uint8_t or mbedtls_ssl_tls13_ticket_flags.Also
remove the definition of mbedtls_ssl_tls13_ticket_flags.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-16 11:23:24 +08:00
Pengyu Lv 3643fdbab9 refine the state setting in tls13_handshake_wrapup 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:06:02 +08:00
Pengyu Lv ee455c01ce move ticket_flags debug helpers 
The debug helpers printing ticket_flags status are
moved to ssl_tls.c and ssl_debug_helpers.h.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:06:01 +08:00
Pengyu Lv 189465306d remove MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE error 
Return MBEDTLS_ERR_ERROR_GENERIC_ERROR when ticket_flags
are not compatible with advertised key exchange mode.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:06:00 +08:00
Pengyu Lv 80270b2151 rename ticket_flags helper functions to generic ones 
Ticket flags is quite generic and may make sense in the
future versions of TLS or even in TLS 1.2 with new
extensions. This change remane the ticket_flags helper
functions with more generic `mbedtls_ssl_session` prefix
instead of `mbedtls_ssl_tls13_session`.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:59 +08:00
Pengyu Lv a1aa31b8b1 fix review comments 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:58 +08:00
Pengyu Lv 1735ba30ea fix review comments 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:57 +08:00
Pengyu Lv 9eacb44a5e improve code format and readability 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:57 +08:00
Pengyu Lv 9356678047 filter the tickets with tls13_kex_mode on client side. 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:56 +08:00
Pengyu Lv e6487fe3c2 guard tls13_kex_modes related function calls with macro 
Handshake parameter field, tls13_kex_mode is only valid when
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED is set.
So, any functions / calls should be guarded by this macros.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:55 +08:00
Pengyu Lv 3eb49be6a8 move kex mode check in ticket_flags to psks_check_identity_match_ticket 
Move the kex mode check in ticket_flags to
ssl_tls13_offered_psks_check_identity_match_ticket and add new error
'MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE' to indicate the check
failure.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:55 +08:00
Pengyu Lv c7af2c4f8c tls13: send new session ticket only when client supports psk 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:54 +08:00
Pengyu Lv c55eeb682d tls13: check if the session ticket is compatible with key exchange modes 
The server check if the ticket_flags is compatible with the advertised
key exchange modes in Pre-Shared Key Exchange Modes extension. The
incompatible ticket should be mark as not matched.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:53 +08:00
Pengyu Lv 9f92695c8d tls13: set key exchange mode in ticket_flags on client/server 
Set the ticket_flags when:
  - server: preparing NST (new session ticket) message
  - client: postprocessing NST message

Clear the ticket_flags when:
  - server: preparing NST message
  - client: parsing NST message

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:53 +08:00
Pengyu Lv b7d50acb37 tls13: add helpers to manipulate ticket_flags 
Add helper functions to get/set/clear ticket_flags.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:52 +08:00
Pengyu Lv 5b8dcd2097 Add debug helper to print ticket_flags status 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:52 +08:00
Valerio Setti 856cec45eb test: x509: add more tests for checking certificate serial 
- added 2 new certificates: 1 for testing a serial which is full lenght
  and another one for a serial which starts with 0x80

- added also proper Makefile and openssl configuration file to generate
  these 2 new certificates

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:45 +01:00
Valerio Setti 4752aac11d x509: enhancement and fixes 
- enhance mbedtls_x509write_crt_set_serial(): avoid use of useless
  temporary buffer

- fix mbedtls_x509write_crt_der(): add an extra 0x00 byte at the
  beginning of serial if the MSb of serial is 1, as required from
  ASN.1

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Valerio Setti 746def5ade x509: renaming of buffer variables in new serial setting function 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Valerio Setti acf12fb744 x509: fix endianness and input data format for x509write_crt_set_serial_new 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Valerio Setti 5d164c4e23 fix: add missing deprecation guards 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Valerio Setti da0afcc2fb x509: remove direct dependency from BIGNUM_C 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Yanray Wang ef5ec8f5ba Rename static functions in ssl_tls13_keys.c 
As some static functions are only used inside ssl_tls13_keys.c,
the prefix mbedtls_ should be removed. Furthermore, code format is
also maintained to fix code style.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-01-12 15:11:03 +08:00
Yanray Wang 0540211078 Enhancement: change some functions to static in ssl_tls13_keys.c 
Since some functions are only used in ssl_tls13_keys.c not by any
other modules, those functions are changed to static.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-01-12 14:54:26 +08:00
Yanray Wang 16c895dff3 TLS1.3: zeroize tls13_early_secrets after its lifetime 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-01-12 14:27:06 +08:00
Yanray Wang bae9e74d39 Enhancement: change tls13_early_secrets to local variable 
Since tls13_early_secrets is only temperately used in the function,
there is no need to keep it in the handshake context.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-01-12 14:27:06 +08:00
Gilles Peskine 449bd8303e Switch to the new code style 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-11 14:50:10 +01:00
Gilles Peskine 03e99cf14d Remove redundant error code definitions 
We're including psa/crypto_values.h, which defines the necessary error
codes. Remove redundant definitions, which hurt because they need to be
styled in exactly the same way (same presence/absence of spaces between
tokens).

This completes the fix of https://github.com/Mbed-TLS/mbedtls/issues/6875.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-11 11:15:18 +01:00
Ronald Cron 83c5ad4873
Merge pull request #6787 from yuhaoth/pr/workaround-gnutls_anti_replay_fail 
TLS 1.3: EarlyData: Workaround anti replay fail from GnuTLS
 2023-01-11 09:05:36 +01:00
Gilles Peskine 0770efe4e1
Merge pull request #6888 from daverodgman/iar-bignum-warning 
Fix IAR warning
 2023-01-10 22:08:37 +01:00
Manuel Pégourié-Gonnard 28d4d43416
Merge pull request #6863 from valeriosetti/issue6830 
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
 2023-01-10 10:01:17 +01:00
Jerry Yu 3e60cada5d Improve comment and changlog 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-01-10 14:58:08 +08:00
Valerio Setti a0b97bc803 fix wrong type in debug message 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-09 19:10:32 +01:00
Valerio Setti 1e868ccbac fix several typos and extra blank spaces 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-09 17:59:46 +01:00
Valerio Setti 2b5d3ded1f remove remaining occurencies of mbedtls_ecc_group_to_psa() from TLS 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-09 11:04:52 +01:00
Jerry Yu bdb936b7a5 Workaround anti replay fail of GnuTLS 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-01-07 20:19:55 +08:00
Glenn Strauss 14db51224e Fix IAR warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-01-06 14:20:14 +00:00
Gilles Peskine cd0a565644
Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype 
TLS 1.3: Upstream misc fix from prototype
 2023-01-05 14:35:54 +01:00
David Horstmann bec95320ba Don't restyle end of file 
Move the *INDENT-ON* annotation to the end of the file so that
uncrustify does not restyle the later sections (since it introduces a
risk of future problems).

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-01-05 09:50:47 +00:00
David Horstmann cb3b6ae580 Disable code style correction for bignum assembly 
The inline assembly defined in bn_mul.h confuses code style parsing,
causing code style correction to fail. Disable code style correction for
the whole section gated by "#if defined(MBEDTLS_HAVE_ASM)" to prevent
this.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-01-04 17:50:08 +00:00
Valerio Setti 67419f0e11 tls: fix + save code size when DEBUG_C is not enabled 
Some PSA curves' symbols (PSA_WANT_) were not matching the corresponding
MBEDTLS_ECP_DP_. This was fixed together with the removal of extra code
when DEBUG_C is not enabled.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-04 17:36:00 +01:00
Valerio Setti 40d9ca907b tls: remove useless legacy function 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-04 16:08:04 +01:00
Valerio Setti 18c9fed857 tls: remove dependency from mbedtls_ecp_curve functions 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-03 13:03:34 +01:00
David Horstmann e3d8f31ba1 Workaround Uncrustify parsing of "asm" 
The following code:

 #ifndef asm
 #define asm __asm
 #endif

causes Uncrustify to stop correcting the rest of the file. This may be
due to parsing the "asm" keyword in the definition.

Work around this by wrapping the idiom in an *INDENT-OFF* comment
wherever it appears.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-01-03 11:07:09 +00:00
Manuel Pégourié-Gonnard 7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702 
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
 2023-01-03 09:36:58 +01:00
Janos Follath b4b0bb737d
Merge pull request #5907 from mpg/use-psa-rsa-pss 
Use PSA more often in `pk_verify_ext()`
 2022-12-30 12:33:50 +00:00
Gilles Peskine b402e4bde1
Merge pull request #6595 from mfischer/lms_heap 
lms: Move merkle tree generation to heap allocation
 2022-12-23 18:29:04 +01:00
Valerio Setti 326cf46764 test: improved readability in sha self tests 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-23 14:57:18 +01:00
Manuel Pégourié-Gonnard 676766ff77
Merge pull request #6776 from gabor-mezei-arm/6222_bignum_mod_mul 
Bignum: Implement fixed width modular multiplication
 2022-12-23 10:39:30 +01:00
Manuel Pégourié-Gonnard 2fcb4c1d06
Merge pull request #6747 from gilles-peskine-arm/bignum-mod-random 
Bignum mod random
 2022-12-23 10:36:22 +01:00
Valerio Setti 543d00ef6f sha: remove SHA1 from ssl_cookie 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-22 14:27:34 +01:00
Manuel Pégourié-Gonnard 2510dd41bf
Merge pull request #6282 from gstrauss/sw_derive_y 
mbedtls_ecp_point_read_binary from compressed fmt
 2022-12-22 10:20:31 +01:00
Manuel Pégourié-Gonnard 4dacf58d6d Take advantage of now-public macro in pk.c 
Used to be private, hence the duplication, but that's been fixed in the
meantime, I guess we just missed this occurrence.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-12-21 09:50:17 +01:00
Manuel Pégourié-Gonnard 6958355a51 Use PSA Crypto more often in pk_verify_ext() 
See https://github.com/Mbed-TLS/mbedtls/issues/5277 - strategy 1.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-12-21 09:49:57 +01:00
Gilles Peskine e1d8326e90 Fix representation of mod-random output 
mbedtls_mpi_mod_raw_random() and mbedtls_mpi_mod_random() were producing
output in the Montgomery representation, instead of obeying the
representation chosen in the modulus structure. Fix this.

Duplicate the test cases for mod-random output to have separate test cases
for each representation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-20 20:28:02 +01:00
Gilles Peskine e655479528 Generalize representation handling in mbedtls_mpi_mod_read 
Call mbedtls_mpi_mod_raw_canonical_to_modulus_rep instead of assuming that
anything that isn't MBEDTLS_MPI_MOD_REP_MONTGOMERY is canonical.

mbedtls_mpi_mod_write should get the same treatment, but I'm holding off
until https://github.com/Mbed-TLS/mbedtls/issues/6679 is done.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-20 19:55:51 +01:00
Gilles Peskine eb2e77f617 Document modulus representation selectors 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-20 19:55:51 +01:00
Gilles Peskine 1e2a4d4089 Functions to convert raw residues to/from the modulus representation 
Test cases will be generated automatically by a subsequent commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-20 19:55:51 +01:00
Gabor Mezei 496cd37bac
Use equality checking for NULL value 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-12-20 17:30:20 +01:00
Gabor Mezei 2840884c35
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-12-20 17:30:19 +01:00
Gabor Mezei 6a31b7252d
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-12-20 17:30:19 +01:00
Gabor Mezei 9db81e9cca
Add mod_mul function 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-12-20 17:30:13 +01:00
Glenn Strauss efde9d58de remove duplicated consecutive preproc directives 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-12-20 04:20:12 -05:00
Manuel Pégourié-Gonnard 8b6d14be8b Extract common code for computing X^3 + AX + B 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-12-20 04:17:03 -05:00
Glenn Strauss 452416121d move mbedtls_ecp_sw_derive_y after MPI_ECP_ macros 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-12-19 21:25:27 -05:00
Glenn Strauss fcabc28cfc use MPI_ECP_* macros in mbedtls_ecp_sw_derive_y() 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-12-19 21:24:50 -05:00
Gilles Peskine e162b4725c
Merge pull request #6777 from tom-cosgrove-arm/issue-6292-mod_inv 
Bignum: Implement high level fixed width modular inversion
 2022-12-17 13:26:02 +01:00
Gilles Peskine cf86d70162
Merge pull request #6742 from gabor-mezei-arm/6022_bignum_mod_raw_mul 
Bignum: Implement fixed width raw modular multiplication
 2022-12-17 13:25:43 +01:00
Tom Cosgrove f723754f6d Fix typos 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-16 16:10:36 +00:00
Glenn Strauss cbfd5e9db7 comment 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-12-16 11:03:41 -05:00
Glenn Strauss 369bfb94c5 comments and whitespace 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-12-16 10:49:04 -05:00
Gabor Mezei 210ea63d8b
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-12-16 16:35:24 +01:00
Valerio Setti e7221a21ad test: adjust depends.py to new SHA224/SHA384 changes 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-16 14:43:48 +01:00
Tom Cosgrove 342d00bc22 Oops, use mbedtls_free() not plain free() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-16 11:02:06 +00:00
Gilles Peskine b1eea02f74 Implement and test mbedtls_mpi_mod_random 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-16 10:13:29 +01:00
Gilles Peskine a57cf9813a Implement and test mbedtls_mpi_mod_raw_random 
In the basic/XXX=core test cases, use odd upper bounds, because the mod
version of random() only supports odd upper bounds (the upper bound is a
modulus and the mod modules only support odd moduli).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-16 10:13:29 +01:00
Manuel Pégourié-Gonnard 057b458583
Merge pull request #6766 from wernerlewis/bignum_mod_docs 
Bignum: document conventions for bignum mod and mod_raw
 2022-12-16 09:58:36 +01:00
Manuel Pégourié-Gonnard 5bf8629b2c
Merge pull request #6303 from gilles-peskine-arm/bignum-core-random 
Bignum: Implement mbedtls_mpi_core_random
 2022-12-16 09:58:07 +01:00
Gilles Peskine d1dd41f3fc
Merge pull request #6723 from mpg/restartable-vs-use-psa 
Document ECP_RESTARTABLE and make it compatible with USE_PSA
 2022-12-15 19:47:44 +01:00
Werner Lewis 6bb49ba121 Document const parameter conventions 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-12-15 17:04:43 +00:00
Tom Cosgrove b38c2ed3d9 Fix double space between words 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-15 16:56:36 +00:00
Tom Cosgrove d692ba4248 Note that (as usual) for mbedtls_mpi_mod_inv() residues must be associated with the modulus 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-15 16:56:36 +00:00
Tom Cosgrove a9e0f95903 Split mbedtls_mpi_mod_inv() into separate functions for mont/non-mont form 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-15 16:56:36 +00:00
Tom Cosgrove 4302d02fa8 Add mbedtls_mpi_mod_inv() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-15 16:56:36 +00:00
Tom Cosgrove 786848b5c5 Add low-level Montgomery conversion functions to bignum_core 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-15 16:56:36 +00:00
Tom Cosgrove 28ff92cc3a Add an explicit mbedtls_mpi_core_montmul_working_limbs() function 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-15 16:56:36 +00:00
Tom Cosgrove 30f3b4d601 Add mbedtls_mpi_core_check_zero_ct() and tests 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-15 16:56:36 +00:00
Tom Cosgrove e9ffb6c8e9 Fix mbedtls_platform_zeroize() call in mbedtls_mpi_mod_modulus_free() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-15 16:56:36 +00:00
Werner Lewis 756a34aadc Use lower case for p and r 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-12-15 14:53:43 +00:00
Werner Lewis 0f644f48e9 Add output initialization requirement 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-12-15 14:13:32 +00:00
Gilles Peskine 6b7ce968d2 Clarify some comments 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-15 15:04:33 +01:00
Gabor Mezei 95b754dfac
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-12-15 15:04:20 +01:00
Gabor Mezei 979d34ca7d
Add mod_raw_mul function 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-12-15 15:04:20 +01:00
Werner Lewis 214ae64349 Replace \p with \c for non-parameter code typeset 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-12-15 13:36:07 +00:00
Werner Lewis 1d89ebf548 Clarify all functions operate modulo N 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-12-15 13:35:41 +00:00
Werner Lewis a306886b3a Add modulus to parameter ordering 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-12-15 13:35:41 +00:00
Werner Lewis 2e70b9afef Reword bignum sizes section 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-12-15 13:35:41 +00:00
Werner Lewis 2bd263da1e Fix grammar and spelling 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-12-15 13:35:40 +00:00
Werner Lewis 945a165a3c Clarify output requirements 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-12-15 13:22:27 +00:00
Werner Lewis eac8be76d6 Remove unnecessary type comment 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-12-15 13:22:17 +00:00
Werner Lewis e1eb75dc99 Specify modulus constraints 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-12-15 12:27:56 +00:00
Manuel Pégourié-Gonnard 50faa55e4d
Merge pull request #6732 from wernerlewis/bignum_6019_mod_add 
Bignum: Implement mbedtls_mpi_mod_add()
 2022-12-15 11:39:24 +01:00
Dave Rodgman 01f6e61781
Merge pull request #986 from Mbed-TLS/merge-back-3.3.0-3 
Merge back 3.3.0 3
 2022-12-14 19:18:05 +00:00
Dave Rodgman ebef3562c3 Revert "Add generated files" 
This reverts commit c18d932705.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-14 19:14:00 +00:00
Dave Rodgman e90ed7d249 Bump versions for libmbedcrypto and libmbedtls 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-14 17:04:00 +00:00
Manuel Pégourié-Gonnard c98624af3c
Merge pull request #6680 from valeriosetti/issue6599 
Allow isolation of EC J-PAKE password when used in TLS
 2022-12-14 11:04:33 +01:00
Valerio Setti a3f99591f6 sha: make SHA-224 independent from SHA-256 
Using proper configuration options (i.e. MBEDTLS_SHA224_C and
MBEDTLS_SHA256_C) it is now possible to build SHA224 and SHA256
independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-14 10:56:54 +01:00
Manuel Pégourié-Gonnard 4064a82802
Merge pull request #5600 from yuhaoth/pr/refactor-cookie-members-of-handshake 
Refactor cookie members of handshake
 2022-12-14 10:55:34 +01:00
Valerio Setti 898e7a3afe test: sha: test SHA384 and SHA512 separately 
This is meant to adapt to the new library design in which
SHA384 and SHA512 can be built independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-14 10:50:54 +01:00
Werner Lewis eed01aabd3 Clarify wording in documentation 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-12-14 09:44:00 +00:00
Valerio Setti 43363f5962 sha: make SHA-384 independent from SHA-512 
Using proper configuration options (i.e. MBEDTLS_SHA384_C and
MBEDTLS_SHA512_C) it is now possible to build SHA384 and SHA512
independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-14 08:53:23 +01:00
Manuel Pégourié-Gonnard 2b70a3f831
Merge pull request #6558 from lpy4105/6416-psa_macros_name_typo 
check_names: extend typo check to PSA macro/enum names
 2022-12-13 09:56:27 +01:00
Manuel Pégourié-Gonnard 48232ed2c1
Merge pull request #6743 from minosgalanakis/bignum/implement_modular_negation 
Bignum: Implement fixed width modular negation
 2022-12-13 09:54:38 +01:00
Bence Szépkúti f7641544ea Correct the fix for the PKCS 7 memory leak 
This corrects an issue in the origina fix in
4f01121f6e.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-12-12 21:59:03 +01:00
Dave Rodgman 8a05c069a5
Merge pull request #6751 from ZachFleck42/development 
Fix typo in `library/entropy.c`
 2022-12-12 16:30:54 +00:00
Werner Lewis 5e9d2e9019 Add conventions for bignum mod and mod_raw 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-12-12 14:00:25 +00:00
Manuel Pégourié-Gonnard a9ac61203b
Merge pull request #6666 from daverodgman/fast_unaligned 
Fast unaligned memory access macros
 2022-12-12 12:18:17 +01:00
Minos Galanakis 5e8443e6ef mbedtls_mpi_mod_raw_neg: Updated documentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-12-12 11:13:56 +00:00
Minos Galanakis 21fe8bdeac bignum_mod_raw: Added modular negation. 
This patch adds the `mpi_mod_raw_neg()` method.

Co-authored-by: Hanno Becker <hanno.becker@arm.com>
Co-authored-by: Minos Galanakis <minos.galanakis@arm.com>

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-12-12 11:13:56 +00:00
Valerio Setti 016f682796 tls: pake: small code refactoring for password setting functions 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-09 14:17:50 +01:00
Tom Cosgrove 5f09930017 Clarify use of temporary in mbedtls_mpi_mod_raw_inv_prime() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-09 10:58:15 +00:00
Dave Rodgman c18d932705 Add generated files 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-09 09:44:10 +00:00
Manuel Pégourié-Gonnard df0c73c308 Readability improvement in pk_wrap.c 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-12-09 10:09:34 +01:00
Manuel Pégourié-Gonnard 79ae7eb4d1 Use deterministic ECDSA in PSA when we do in legacy 
This fixes the two failing cases in test_suite_pk when ECP_RESTARTABLE
and USE_PSA_CRYPTO are both enabled. The two failing cases where

    ECDSA restartable sign/verify: ECDSA, max_ops=0 (disabled)
    ECDSA restartable sign/verify: ECKEY, max_ops=0 (disabled)

associated with test function pk_sign_verify_restart(). The failure was
caused by the interaction of several things that are each reasonable on
their own:

1. The test function relies on ECDSA restartable, which is reasonable as it
allows making sure that the generated signature is correct with a simple
memcmp().
2. The implementation of pk_sign_restartable() has a shortcut to
dispatch to the sign function (as opposed to sign_restartable) when
restart is disabled (max_ops == 0).
3. When USE_PSA is enabled, the sign function dispatches to PSA, which
so far always used ECDSA (non-deterministic) even when the non-PSA
version would use deterministic ECDSA.

This could be fixed by changing any of those. I chose (3) because I
think it makes sense that when PK dispatches to PSA instead of legacy
this should not change which version of ECDSA is selected.

OTOH, I think it makes sense to keep (2), because that means more
opportunities to dispatch to PSA.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-12-09 10:07:19 +01:00
Jerry Yu 0c2a738c23 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-09 09:51:20 +08:00
Jerry Yu 141bbe7bee tls13: Adjust include files 
- remove duplicate and unused included
- Adjust the order to system, mbedtls global, local.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-09 09:51:20 +08:00
Jerry Yu ddda050604 tls13: Upstream various fix in prototype 
- Adjust max input_max_frag_len
- Guard transform_negotiate
- Adjust function position
- update comments
- fix wrong requirements

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-09 09:51:20 +08:00
Jerry Yu 2e19981e17 tls13: guards transform negotiate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-09 09:51:20 +08:00
Valerio Setti eb3f788b03 tls: pake: do not destroy password key in TLS 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-08 18:42:58 +01:00
Dave Rodgman 48223bc19e Bump version to 3.3.0. No changes to .so versions. 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-08 14:43:19 +00:00
Dave Rodgman a5b2c52885 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-3.3.0rc0-pr 2022-12-08 14:10:59 +00:00
Zachary Fleckenstein 73defe4da0 Fix typo in library/entropy.c 
Signed-off-by: Zachary Fleckenstein <ZachFleck42@Gmail.com>
 2022-12-08 07:28:29 -05:00
Tom Cosgrove 6129268fee Bignum: Implement mbedtls_mpi_mod_raw_inv_prime() and tests 
Fixes #6023.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-08 09:44:10 +00:00
Tom Cosgrove a7f0d7b029 mbedtls_mpi_core_exp_mod() ouuput may alias input A 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-08 08:46:28 +00:00
Valerio Setti ae7fe7ee53 tls: pake: avoid useless psa_pake_abort in setting opaque password 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-07 17:36:59 +01:00
Valerio Setti 70d1fa538a tls: pake: fix missing return values check 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-07 16:20:27 +01:00
Valerio Setti c689ed8633 tls: pake: minor adjustments 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-07 14:40:38 +01:00
Dave Rodgman 90af1a10ab
Merge pull request #6734 from daverodgman/fix_test_dep_spelling 
Fix spelling of test dependency
 2022-12-07 09:06:29 +00:00
Ronald Cron fbba0e9d75
Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface 
TLS 1.3: Refactor early data configuration interface.
 2022-12-07 09:42:12 +01:00
Janos Follath d45924d862
Merge pull request #6733 from tom-cosgrove-arm/issue-6293-mod_exp-memory 
Have mbedtls_mpi_core_exp_mod() take a temporary instead of allocating memory
 2022-12-07 08:32:31 +00:00
Janos Follath 1d26d976e8
Merge pull request #6731 from tom-cosgrove-arm/issue-6293-mod_exp 
Require input to mbedtls_mpi_core_exp_mod() to already be in Montgomery form
 2022-12-07 08:31:49 +00:00
Dave Rodgman 556e8a3219 Fix additional mis-spelling 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-06 16:31:25 +00:00
Dave Rodgman 92011eef34
Merge pull request #6717 from tom-cosgrove-arm/fix-typos-2212 
Fix typos prior to release
 2022-12-06 15:00:34 +00:00
Tom Cosgrove 0a0ddedfb7 Have mbedtls_mpi_core_exp_mod() take a temporary instead of allocating memory 
Last PR needed for #6293

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-06 14:37:18 +00:00
Werner Lewis e1b6b7c0ac Implement mbedtls_mpi_mod_add() 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-12-06 11:55:32 +00:00
Tom Cosgrove ecda186893 Require input to mbedtls_mpi_core_exp_mod() to already be in Montgomery form 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-06 10:46:30 +00:00
Jerry Yu 6ee56aa18f Add default values for conf->*early_data* 
- early_data default to disable
- max_early_data_size default to built-in value

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-06 18:00:47 +08:00
Jerry Yu 39da9857df remove limitation of max_early_data_size 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-06 16:58:36 +08:00
Jerry Yu 12c46bd14f fix various issues 
- disable reuse of max_early_data_size.
- make conf_early_data available for server.
- various comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-06 11:02:51 +08:00
Tom Cosgrove ed4f59eec3 Fix another typo where 'PSK' was 'PKS' 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-05 12:07:50 +00:00
Jerry Yu e01304f6d8 fix type conversion issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-05 19:58:46 +08:00
Jerry Yu ac5ca5a0ea Refactor cookie members of handshake struct 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-05 19:58:45 +08:00
Dave Rodgman acbb6dc364 Merge remote-tracking branch 'origin/development' into merge-dev 2022-12-05 10:59:23 +00:00
Tom Cosgrove 1797b05602 Fix typos prior to release 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-04 17:19:59 +00:00
Valerio Setti 757f359474 tls: pake: do not destroy key on errors while setting opaque password 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-02 11:07:11 +01:00
Gilles Peskine 70375b2028 Move mbedtls_mpi_core_random to the proper source file 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 23:46:26 +01:00
Gilles Peskine 78cf3bbf22 Bignum core: break mbedtls_mpi_core_random out of mbedtls_mpi_random 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 23:45:45 +01:00
Gilles Peskine 4a8c5cdfbf Bignum core: random: prototype 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 23:44:07 +01:00
Gilles Peskine 26be89b3f6 Bignum core: random: prepare to break out the core function 
Shuffle things around a bit inside mbedtls_mpi_random() in preparation for
breaking out mbedtls_mpi_core_random().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 23:06:43 +01:00
Gilles Peskine 8a32a75aa2 mbedtls_mpi_random: avoid local allocation 
Rewrite the minimum bound comparison to avoid a local allocation. This costs
a bit of code size, but saves RAM. This is in preparation for moving the
bulk of the function to the bignum_core module where allocation is not
permitted.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 23:06:43 +01:00
Gilles Peskine 6f949ea67b New constant-flow function mbedtls_mpi_core_uint_le_mpi 
Compare a single-limb MPI with a multi-limb MPI. This is rather ad hoc, but
will be useful for mbedtls_mpi_core_random.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-12-01 23:06:43 +01:00
Jerry Yu cc4e007ff6 Add max_early_data_size to mbedtls_ssl_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-01 23:11:48 +08:00
Tom Cosgrove 62b20488f1 Implement mbedtls_mpi_mod_sub() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-01 14:27:37 +00:00
Valerio Setti 0944329036 tls: pake: add check for empty passwords in mbedtls_ssl_set_hs_ecjpake_password() 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-01 15:06:09 +01:00
Paul Elliott 266f79c136
Merge pull request #6426 from aditya-deshpande-arm/driver-wrapper-key-agreement 
Add driver dispatch layer for raw key agreement, along with test call for transparent drivers.
 2022-12-01 11:40:52 +00:00
Dave Rodgman 2dae4b3ef6 Support armcc builtin byteswap routine 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-30 15:18:39 +00:00
Dave Rodgman 2d0f27d0fc Make use of optimised bswap from ARIA 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-30 12:16:21 +00:00
Ronald Cron 7df787c019
Merge pull request #6538 from yuhaoth/pr/tls13-add-early-data-transform-computation 2022-11-30 09:56:00 +01:00
Gilles Peskine edaa17b350
Merge pull request #6547 from yanesca/extract_mod_exp_from_prototype 
Bignum: Extract mod exp from prototype
 2022-11-29 21:40:07 +01:00
Aditya Deshpande b6bc7524f9 Minor formatting fixes to address code review comments 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-29 16:53:29 +00:00
Manuel Pégourié-Gonnard 0b9b560770
Merge pull request #6601 from valeriosetti/issue6502 
Avoid assumptions about implementation in EC J-PAKE tests
 2022-11-29 11:21:23 +01:00
Manuel Pégourié-Gonnard f9720cfa78
Merge pull request #6670 from gilles-peskine-arm/pkcs7-use-after-free-20221127 
PKCS7: Fix some memory management errors
 2022-11-29 11:17:27 +01:00
Manuel Pégourié-Gonnard ffc330fafa
Merge pull request #6264 from hannestschofenig/rfc9146_2 
CID update to RFC 9146
 2022-11-29 09:25:14 +01:00
Jerry Yu aec08b3f42 fix various format issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-29 15:19:27 +08:00
Janos Follath 97915c8685
Merge pull request #6619 from minosgalanakis/bignum/add_high_lv_IO_methods 
Bignum: Adding High level I/O methods
 2022-11-28 17:27:48 +00:00
Valerio Setti a9a97dca63 psa_pake: add support for opaque password 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-28 18:26:16 +01:00
Dave Rodgman 6d23ff60dd Make use of optimised bswap from bignum 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-28 15:41:13 +00:00
Dave Rodgman f7f1f748e3 Support built-in byteswap routines from clang, gcc, MSVC 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-28 15:41:13 +00:00
Dave Rodgman a5110b0d79 Make use of efficient unaligned access functions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-28 15:41:13 +00:00
Dave Rodgman 6298b24127 Add byteswap routines 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-28 15:41:13 +00:00
Dave Rodgman e5c42594e5 Add byte order detection macro 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-28 15:41:13 +00:00
Dave Rodgman a360e1987a Add efficent unaligned get/put functions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-28 15:41:04 +00:00
Dave Rodgman d98ac8b75e Merge remote-tracking branch 'dave/fast_xor' into fast_unaligned 2022-11-28 15:06:25 +00:00
Janos Follath 1f8afa22a4 Bignum Mod: improve documentation and style 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-28 14:58:08 +00:00
Aditya Deshpande 1ac41dec09 Add test function for opaque driver (simply returns PSA_ERROR_NOT_SUPPORTED), and address other review comments. 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-28 14:46:30 +00:00
Janos Follath 84bee4c492 mbedtls_mpi_mod_write: improve readability 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-28 10:27:14 +00:00
Jerry Yu 3d78e08ac0 erase early secrets and transcripts 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu a5db6c0ce3 fix coding style issues. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu e31688b7fa fix comments issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu a8771839e8 Refactor make_traffic_keys 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu 3ce61ffca6 fix comments and function name issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu b094e124f2 fix various issues 
- Alignments
- comment words in doxygen paragraph

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu 91b560f38d Add compute early transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu 3d9b590f02 guards transform_earlydata 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu 84a6edac10 change signature of get_cipher_key_info 
- it is a static function. The name is not follow nameing ruler
- move the position.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Gilles Peskine 4f01121f6e Fix memory leak on error in pkcs7_get_signers_info_set 
mbedtls_x509_name allocates memory, which must be freed if there is a
subsequent error.

Credit to OSS-Fuzz (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53811).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-27 22:02:10 +01:00
Gilles Peskine e7f8c616d0 Fix dangling freed pointer in pkcs7_free_signer_info 
This may have been a use-after-free, but I haven't worked out whether it was
a problem or not. Even if it turns out to have been ok, keeping invalid
pointers around is fragile.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-27 21:55:29 +01:00
Gilles Peskine 47a732635b Simplify control flow in PKCS7 functions 
Remove useless goto in several functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-27 21:55:29 +01:00
Gilles Peskine 290f01b3f5 Fix dangling freed pointer on error in pkcs7_get_signers_info_set 
This fixes a use-after-free in PKCS#7 parsing when the signer data is
malformed.

Credit to OSS-Fuzz (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53798).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-27 21:55:29 +01:00
Janos Follath 6eb92c0410 Bignum Mod: improve documentation and style 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-26 17:34:37 +00:00
Janos Follath 8dfc8c41b7 mbedtls_mpi_mod_write: prevent data corruption 
The function wasn't converting back data to internal representation when
writing it out.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-26 15:39:02 +00:00
Janos Follath d7bb35257b mbedtls_mpi_mod_read/write: restrict pre-conditions 
Require equality for the number of limbs in the modulus and the residue.
This makes these functions consistent with residue_setup().

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-26 14:59:27 +00:00
Janos Follath 75b9f0fd2e mbedtls_mpi_mod_read/write: remove redundant checks 
The function isn't documented as accepting null pointer, and there's no
reason why it should be. Just let it dereference the pointer.

The null/zero checks are only marginally useful: they validate that m
and r are properly populated objects, not freshly initialized ones. For
that, it's enough to check that the pointers aren't null or that the
sizes aren't zero, we don't need to check both.

Also, use separate if statements for unrelated checks.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-26 14:28:50 +00:00
Gilles Peskine 89e31adbee Move mps modules to the correct library 
This is a private interface only, so it's an ABI change but not an API change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-26 14:18:45 +01:00
Gilles Peskine 898db6b8e5 Move ssl_debug_helpers_generated to the correct library 
This is a private interface only, so it's an ABI change but not an API change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-26 14:15:32 +01:00
Janos Follath ee530cc644 Bignum Mod: improve documentation 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-25 17:55:00 +00:00
Janos Follath fc6fbb4e96 Bignum Mod: improve documentation 
Signed-off-by: Janos Follath <janos.follath@arm.com>

Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-25 17:55:00 +00:00
Janos Follath 41427dee80 Bignum Mod: improve documentation 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-25 17:55:00 +00:00
Janos Follath 91295d2b8f Bignum Mod: remove endianness from modulus 
The external representation before included more than just endianness
(like reading in Mongtomery curve scalars or converting hashes to
numbers in a standard compliant way).

These are higher level concepts and are out of scope for Bignum and for
the modulus structure.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-25 17:55:00 +00:00
Janos Follath 3e3fc91c33 Bignum Mod: pass endianness as a parameter 
The external representation before included more than just endianness
(like reading in Mongtomery curve scalars or converting hashes to
numbers in a standard compliant way).

These are higher level concepts and are out of scope for Bignum and for
the modulus structure.

Passing endianness as a parameter is a step towards removing it from the
modulus structure.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-25 17:55:00 +00:00
Janos Follath d3eed33709 Bignum Mod Raw: pass endianness as a parameter 
The external representation before included more than just endianness
(like reading in Mongtomery curve scalars or converting hashes to
numbers in a standard compliant way).

These are higher level concepts and are out of scope for Bignum and for
the modulus structure.

Passing endianness as a parameter is a step towards removing it from the
modulus structure.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-25 17:55:00 +00:00
Janos Follath 50cd4b842b Bignum Mod: Restrict residue setup 
In theory we could allow residues to have more allocated limbs than the
modulus, but we might or might not need it in the end.

Go for the simpler option for now and we can extend it later if we
really need it.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-25 17:55:00 +00:00
Janos Follath b62bad442e Bidnum Mod: fix check in setup 
We want to make sure that the value has at least as many limbs allocated
as the modulus as we need this to be able to do any operations in
constant time.

An invariant of the API is that the residue values are canonical, make
sure that the residue is compared to the entire modulus.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-25 17:55:00 +00:00
Minos Galanakis 8b375451c5 bignum_mod: Refactored mbedtls_mpi_mod_read/write() 
This patch adjusts the I/O methods and the tests.
Documentation has also been updated to be more clear.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-11-25 17:55:00 +00:00
Minos Galanakis aed832ac16 bignum_mod: Adjusted input checking for mbedtls_mpi_mod_residue_setup() 
This patch adjusts the logic of the size checking of the method,
and refactors the tests. Documentation has also been updated.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-11-25 17:55:00 +00:00
Minos Galanakis a17ad48e2d bignum_mod: Fixed an issue with input checking in mpi_mod_residue_setup 
This patch is inverting the input type checking logic in the method,
in order to ensure that residue < modulus.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-11-25 17:55:00 +00:00
Minos Galanakis 81f4b11010 bignum_mod: Added mbedtls_mpi_mod_read/write() IO functions 
This patch adds input and ouput fucntions in the `bignum_mod` layer.
The data will be automatically converted between Cannonical and
Montgomery representation if required.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-11-25 17:55:00 +00:00
Janos Follath 590ae5363d
Merge pull request #6656 from tom-cosgrove-arm/bignum_pr_6225-updated 
Bignum: add mod_raw_add
 2022-11-25 17:53:31 +00:00
Dave Rodgman a616afeae4 Remove redundant inline workarounds 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-25 17:11:45 +00:00
Dave Rodgman 5a1d00f03d Merge remote-tracking branch 'origin/development' into fast_xor 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-25 17:10:25 +00:00
Dave Rodgman bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0 
Fix NULL+0 undefined behavior in PSA crypto ECB
 2022-11-25 17:07:46 +00:00
Bence Szépkúti 6e85673e8d
Merge pull request #3431 from naynajain/development-pkcs7 
PKCS7 Parser - RFC 2315
 2022-11-25 15:55:46 +01:00
Janos Follath 505a228b7b
Merge pull request #6606 from gabor-mezei-arm/6222_bignum_low_level_subtraction 
Bignum: Add low level subtraction
 2022-11-25 13:27:23 +00:00
Gilles Peskine 7d23778178 Explain why p + n isn't good enough 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-25 13:34:59 +01:00
Gilles Peskine 5a34b36bbd Remove more now-redundant definitions of inline 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-25 13:26:44 +01:00
Dave Rodgman f1419dbbe8
Merge pull request #6381 from tom-cosgrove-arm/pr2164 
mbedtls: fix possible false success in mbedtls_cipher_check_tag()
 2022-11-25 10:55:10 +00:00
Manuel Pégourié-Gonnard 61336848a9 Fix bug when legacy CID is enabled but not used 
When legacy CID is enabled at compile time, but not used at runtime, we
would incorrectly skip the sequence number at the beginning of the AAD.

There was already two "else" branches for writing the sequence number
but none of them was taken in that particular case.

Simplify the structure of the code: with TLS 1.2 (we're already in that
branch), we always write the sequence number, unless we're using
standard CID.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-25 11:48:17 +01:00
Dave Rodgman 8f6583d836 Fix for MSVC unsupported #inline keyword 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-25 09:16:41 +00:00
Bence Szépkúti ae79fb2c2e Merge branch 'development' into pr3431 2022-11-25 03:12:43 +01:00
Dave Rodgman b8c4a0d940 Minor formatting tweaks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 21:18:55 +00:00
Dave Rodgman 7a910a8be0 Minor formatting tweaks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 21:17:40 +00:00
Dave Rodgman 875d2383d0 Improve documentation 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 20:43:15 +00:00
Dave Rodgman aaf69fd682 Fix missing newline 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 20:40:28 +00:00
Dave Rodgman c58858865b Fix off-by-one error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 20:35:04 +00:00
Dave Rodgman 66433444fc Fix static inline linker issues 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 20:07:39 +00:00
Dave Rodgman 4b910c1ed1 Fix whitespace 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 19:44:52 +00:00
Dave Rodgman 069e7f462a Correct mixed up comments 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 19:37:26 +00:00
Dave Rodgman 96d61d14d8 Use memcpy for unaligned accesses 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 19:33:22 +00:00
Dave Rodgman fbc23225d6 Tidy up alignment-related code into separate header 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 18:07:37 +00:00
Tom Cosgrove abddad4af8 Add note about aliasing of operands for mbedtls_mpi_mod_raw_add() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-24 16:22:43 +00:00
Werner Lewis e4c0a6c3ba Change cast to correct type 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-11-24 16:18:06 +00:00
Werner Lewis 1a277d9ad6 Replace comparison with XOR 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-11-24 16:18:06 +00:00
Werner Lewis d391b8ce61 Change types and move const before type 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-11-24 16:18:06 +00:00
Werner Lewis 9fa91ebcb9 Use modulus structure in mbedtls_mpi_mod_raw_add 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-11-24 16:18:06 +00:00
Werner Lewis 0eea827cbd Rename MPI_CORE(add_mod) to mbedtls_mpi_mod_raw_add 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-11-24 16:18:06 +00:00
Hanno Becker a45b6fee91 Extract MPI_CORE(add_mod) from the prototype 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-24 16:17:49 +00:00
Dave Rodgman 6921959b83 Remove unused variable 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 09:27:15 +00:00
Ronald Cron 4cf77e99ab
Merge pull request #6621 from ronald-cron-arm/tls13-early-data-write 
TLS 1.3: Add definition of mbedtls_ssl_{write,read}_early_data
 2022-11-24 09:58:07 +01:00
Dave Rodgman 358c7d6eb0 Fix naming inconsistency 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 20:29:03 +00:00
Dave Rodgman dd3103e9e7 Tidy up UNALIGNED_UINT32_T macro 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 19:42:13 +00:00
Dave Rodgman e7cd137606 Define UNALIGNED_UINT32_PTR for unaligned access 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 19:14:26 +00:00
Dave Rodgman a6778013b4 Tidy up UBSan detection 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 17:17:30 +00:00
Dave Rodgman 468df317bf Fix MSVC support for inline keyword 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 16:56:35 +00:00
Dave Rodgman 1bab27f983 Prevent unaligned access under ASan builds 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 16:51:59 +00:00
Dave Rodgman 3c8eb7e990 Provide external definition of mbedtls_xor 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 14:50:03 +00:00
Dave Rodgman 63d114305f Whitespace cleanup 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 14:03:30 +00:00
Dave Rodgman f9a1c37bc8 Whitespace cleanup 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 14:02:00 +00:00
Gabor Mezei 02d2313829
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-11-23 14:44:14 +01:00
Gabor Mezei 3411e949cd
Cas variable to proper type 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-11-23 14:44:13 +01:00
Gabor Mezei 4c7cf7d742
Add low level subtraction with modulus 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-11-23 14:44:07 +01:00
Janos Follath 531a871b88
Merge pull request #6235 from tom-cosgrove-arm/issue-6231-core-sub-int 
Bignum: extract core_sub_int from the prototype
 2022-11-23 13:32:02 +00:00
Ronald Cron 4a8c9e2cff tls13: Add definition of mbedtls_ssl_{write,read}_early_data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-23 14:29:37 +01:00
Gilles Peskine 42649d9270 Fix NULL+0 undefined behavior in ECB encryption and decryption 
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-23 14:16:52 +01:00
Manuel Pégourié-Gonnard ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847 
Use PSA EC-JPAKE in TLS (1.2) - Part 2
 2022-11-23 13:27:30 +01:00
Ronald Cron 1d1d53622f
Merge pull request #6490 from xkqian/tls13_parse_early_data_indication_ee 
The internal CI merge job ran successfully.
 2022-11-23 12:31:25 +01:00
Ronald Cron cb0e680779
Merge pull request #6476 from yuhaoth/pr/fix-tls13-mbedtls_ssl_is_handshake_over 
TLS 1.3: Fix tls13 mbedtls ssl is handshake over
 2022-11-23 12:12:02 +01:00
Manuel Pégourié-Gonnard 660b396e41
Merge pull request #975 from yanesca/issue-946 
Fix RSA side channel
 2022-11-23 10:30:35 +01:00
Xiaokang Qian b157e915ad Move the early data status set afeter all of the extensions parse 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-23 08:12:26 +00:00
Xiaokang Qian e861ba01d4 Remove the duplicate early_data_status check 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-23 03:21:02 +00:00
Xiaokang Qian ca09afc60a Remove useless function and parse early data in ee 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-23 02:16:49 +00:00
Moritz Fischer a6a94ad599 lms: Move merkle tree generation to heap allocation 
Larger height (e.g. H=20) trees cannot be put on the stack.
Allocate memory for them based on need using mbedtls_calloc().

Signed-off-by: Moritz Fischer <moritzf@google.com>
 2022-11-22 15:49:56 -08:00
Janos Follath 3321b5842c mpi_exp_mod: improve documentation 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine 7d89d351e6 Zeroize sensitive data 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine 0b270a5603 Explain a little more 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine 4380d7b7f3 Simplify cleanup logic 
Take advantage of the fact that there's a single point of failure.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine 3b63d09fea Make the main loop's logic clearer 
The loop ends when there are no more bits to process, with one twist: when
that happens, we need to clear the window one last time. Since the window
does not start empty (E_limbs==0 is not supported), the loop always starts
with a non-empty window and some bits to process. So it's correct to move
the window clearing logic to the end of the loop. This lets us exit the loop
when the end of the exponent is reached.

It would be clearer not to do the final window clearing inside the loop, so
we wouldn't need to repeat the loop termination condition (end of exponent
reached) inside the loop. However, this requires duplicating the code to
clear the window. Empirically, this causes a significant code size increase,
even if the window clearing code is placed into a function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine c718a3ce94 Simplify exponent bit selection 
Use indices instead of mutating data to extract the bits of the exponent.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine d83b5cb504 Local readability improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine 0de0a049f1 Move window precomputation into an auxiliary function 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine cf979b0fc1 Define variables closer to their use 
Make variables const where possible.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine 7af166b827 Change E closer to where it's used 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine 07f2c69511 More consistent variable names 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:53 +00:00
Janos Follath 0ec6e3f394 mpi_core_mod_exp: improve style and documentation 
No intended change in behaviour.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 21:22:53 +00:00
Janos Follath a77911e5c1 core_exp_mod: improve window selection 
We are looking at the exponent at limb granularity and therefore
exponent bits can't go below 32.

The `mpi_` prefix is also removed as it is better not to have prefix at
all than to have just a partial. (Full prefix would be overly long and
would hurt readability.)

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 21:22:53 +00:00
Janos Follath 59cbd1be27 Make mbedtls_mpi_core_ct_uint_table_lookup static 
Now that we have a function that calls
mbedtls_mpi_core_ct_uint_table_lookup(), the compiler won't complain if
we make it static.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 21:22:53 +00:00
Janos Follath bad42c4d0d mpi_core_exp_mod: fix local variable type 
On platforms with size_t different from int, mismatch between size_t and
mpi_uint can cause incorrect results or complaints from the compiler.

Signed-off-by: Janos Follath <janos.follath@arm.com>

mpi_core_exp_mod: Cast local variable explicitly

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 21:22:53 +00:00
Janos Follath b6673f0f19 Add modular exponentiation to bignum core 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 21:22:53 +00:00
Dave Rodgman fdd967ebdc Detect support for unaligned memory access 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 18:55:17 +00:00
Aditya Deshpande 5e3c70e3be Merge branch 'development' into driver-wrapper-key-agreement 2022-11-22 17:58:52 +00:00
Aditya Deshpande 8cc1470c18 Merge branch 'development' into driver-wrapper-key-agreement 2022-11-22 17:55:53 +00:00
Valerio Setti 6d4e75f0c6 psa_crypto_pake: initialize psa_status_t stack variables 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:52:17 +01:00
Valerio Setti fdb77cdae3 psa_crypto_pake: internally call to psa_pake_abort() in case of errors 
In this way, in case of error, it is not possible to continue using
the same psa_pake_operation_t without reinitializing it.
This should make the PSA pake's behavior closer to what expected by
the specification

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:41:01 +01:00
Dave Rodgman c36a56e890 Use mbedtls_xor in TLS messaging layer 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman 74b345f282 Use mbedtls_xor in PKCS #5 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman 99a507ee55 Use mbedtls_xor in md 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman d22fb73e3e Use mbedtls_xor in GCM 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman 2e9db8e9bf Use mbedtls_xor in DES 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman ffb5499988 Use mbedtls_xor in CTR_DRBG 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman 8c0ff81ce7 Use mbedtls_xor in CMAC 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman c1d9022bab Use mbedtls_xor in ChaCha20 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:43 +00:00
Dave Rodgman 0d3b55bca8 Use mbedtls_xor in ccm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:43 +00:00
Dave Rodgman d23399eb69 Use mbedtls_xor in Camellia 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:43 +00:00
Dave Rodgman 7bb6b84b29 Use mbedtls_xor in ARIA 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:43 +00:00
Dave Rodgman a8cf607458 Use mbedtls_xor in AES 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:43 +00:00
Janos Follath 3165f063b5 mpi_exp_mod: use x_index consistently 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:11 +00:00
Janos Follath c8d66d50d0 mpi_exp_mod: reduce the table size by one 
The first half of the table is not used, let's reuse index 0 for the
result instead of appending it in the end.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:11 +00:00
Janos Follath 060009518b mpi_exp_mod: fix out of bounds access 
The table size was set before the configured window size bound was
applied which lead to out of bounds access when the configured window
size bound is less.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:11 +00:00
Janos Follath 9c09326572 mpi_mod_exp: be pedantic about right shift 
The window size starts giving diminishing returns around 6 on most
platforms and highly unlikely to be more than 31 in practical use cases.
Still, compilers and static analysers might complain about this and
better to be pedantic.

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:11 +00:00
Janos Follath be54ca77e2 mpi_exp_mod: improve documentation 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath 74601209fa mpi_exp_mod: remove the 'one' variable 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath b2c2fca974 mpi_exp_mod: simplify freeing loop 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath 3646ff02ad mpi_exp_mod: move X next to the precomputed values 
With small exponents (for example, when doing RSA-1024 with CRT, each
prime is 512 bits and we'll use wsize = 5 which may be smaller that the
maximum - or even worse when doing public RSA operations which typically
have a 16-bit exponent so we'll use wsize = 1) the usage of W will have
pre-computed values, then empty space, then the accumulator at the very
end.

Move X next to the precomputed values to make accesses more efficient
and intuitive.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath 7fa11b88f3 mpi_exp_mod: rename local variables 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath 844614814e mpi_exp_mod: remove memory ownership confusion 
Elements of W didn't all have the same owner: all were owned by this
function, except W[x_index]. It is more robust if we make a proper copy
of X.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath f08b40eaab mpi_exp_mod: improve documentation 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath b764ee1603 mpi_exp_mod: protect out of window zeroes 
Out of window zeroes were doing squaring on the output variable
directly. This leaks the position of windows and the out of window
zeroes.

Loading the output variable from the table in constant time removes this
leakage.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath 8e7d6a0386 mpi_exp_mod: load the output variable to the table 
This is done in preparation for constant time loading that will be added
in a later commit.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Valerio Setti 99d88c1ab4 tls: psa_pake: fix missing casting in mbedtls_psa_ecjpake_write_round 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 16:03:43 +01:00
Dave Rodgman c3d8041fe7 Introduce mbedtls_xor 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 15:01:39 +00:00
Tom Cosgrove 452c99c173 Use mbedtls_mpi_core_sub_int() in mbedtls_mpi_sub_abs() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-22 14:58:15 +00:00
Tom Cosgrove f7ff4c9a11 Tidy up, remove MPI_CORE(), and apply the naming convention 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-22 14:58:15 +00:00
Hanno Becker d9b2348d8f Extract MPI_CORE(sub_int) from the prototype 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-22 14:58:15 +00:00
Bence Szépkúti a17d038ee1 Merge branch 'development' into pr3431 2022-11-22 15:54:52 +01:00
Gilles Peskine 4f19d86e3f
Merge pull request #6608 from mprse/ecjpake_password_fix 
Make a copy of the password key in operation object while setting j-pake password
 2022-11-22 14:52:12 +01:00
Aditya Deshpande 2f7fd76d91 Replace PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE with PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE in psa_key_agreement_internal(). 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-22 11:10:34 +00:00
Valerio Setti d4a9b1ab8d tls: psa_pake: remove useless defines and fix a comment 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 11:11:10 +01:00
Xiaokang Qian 8bee89994d Add parse function for early data in encrypted extentions 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-22 09:40:07 +00:00
Przemek Stekiel 0bdec19c93 Further optimizations of pake set_password implementation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-22 09:10:35 +01:00
Jerry Yu fdd24b8c49 Revert change in flight transmit 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-22 14:08:03 +08:00
Gilles Peskine 339406daf9
Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub 
Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
 2022-11-21 19:51:58 +01:00
Przemek Stekiel ad0f357178 Optimize pake code that sets/use password key 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-21 15:04:37 +01:00
Przemek Stekiel e2d6b5f45b psa_key_slot_get_slot_number: Move documentation to header file 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-21 15:03:52 +01:00
Valerio Setti 5151bdf46e tls: psa_pake: add missing braces 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-21 14:30:02 +01:00
Valerio Setti 79f6b6bb1b tls: psa_pake: fixing mbedtls_psa_ecjpake_write_round() 
It might happen that the psa_pake_output() function returns
elements which are not exactly 32 or 65 bytes as expected, but
1 bytes less.
As a consequence, insted of hardcoding the expected value for
the length in the output buffer, we write the correct one as
obtained from psa_pake_output()

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-21 14:17:03 +01:00
Dave Rodgman 9e1836cc16
Merge pull request #6593 from Mbed-TLS/fix_tls12_sent_sigalgs 
Fix TLS1.2 signature algorithms list entry getting overwritten by length.
 2022-11-21 10:09:57 +00:00
Jerry Yu 9b421456b0 Revert change in dtls1.2 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:35 +08:00
Jerry Yu 668070d5f4 Remove unnecessary replace 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:35 +08:00
Jerry Yu a8d3c5048f Rename new session ticket name for TLS 1.3 
NewSessionTicket is different with TLS 1.2.
It should not share same state.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:35 +08:00
Jerry Yu cfda4bbeac Replace handshake over in flight transmit 
Fix deadloop in DTLS resumption test.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:35 +08:00
Jerry Yu 1fb3299ad7 Replace internal usage of is_handshake_over. 
NEW_SESSION_TICKETS* are processed in handshake_step.
Change the stop condition from `mbedtls_ssl_is_handshake_over`
to directly check.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:34 +08:00
Jerry Yu 5ed73ff6de Add NEW_SESSION_TICKET* into handshake over states 
All state list after HANDSHAKE_OVER as is_handshakeover

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:34 +08:00
Jerry Yu 6848a61922 Revert "Replace internal usage of mbedtls_ssl_is_handshake_over" 
This reverts commit 1d3ed2975e7ef0d84050a3aece02eec1f890dec3.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:34 +08:00
Jerry Yu e219c11b4e Replace internal usage of mbedtls_ssl_is_handshake_over 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:34 +08:00
Valerio Setti 61ea17d30a tls: psa_pake: fix return values in parse functions 
Ensure they all belong to the MBEDTLS_ERR_SSL_* group

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-18 12:11:00 +01:00
Valerio Setti aca21b717c tls: psa_pake: enforce not empty passwords 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 18:20:50 +01:00
Valerio Setti 819de86895 tls: removed extra white spaces and other minor fix 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 18:05:19 +01:00
Valerio Setti 6b3dab03b5 tls: psa_pake: use a single function for round one and two in key exchange read/write 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 17:14:54 +01:00
Valerio Setti 9bed8ec5d8 tls: psa_pake: make round two reading function symmatric to the writing one 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 16:36:19 +01:00
Valerio Setti 30ebe11f86 tls: psa_pake: add a check on read size on both rounds 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 16:35:02 +01:00
Valerio Setti a988364767 tls: psa_pake: fix missing new round one parsing function on tls12 server 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 16:35:02 +01:00
Valerio Setti a08b1a40a0 tls: psa_pake: move move key exchange read/write functions to ssl_tls.c 
Inlined functions might cause the compiled code to have different sizes
depending on the usage and this not acceptable in some cases.
Therefore read/write functions used in the initial key exchange are
moved to a standard C file.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 16:34:59 +01:00
Andrzej Kurek ec71b0937f Introduce a test for single signature algorithm correctness 
The value of the first sent signature algorithm is overwritten.
This test forces only a single algorithm to be sent and then
validates that the client received such algorithm.
04 03 is the expected value for SECP256R1_SHA256.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-11-17 14:58:14 +00:00
Paul Elliott 96a0fd951f Fix signature algorithms list entry getting overwritten by length. 
Fix bug whereby the supported signature algorithm list sent by the
server in the certificate request would not leave enough space for the
length to be written, and thus the first element would get overwritten,
leaving two random bytes in the last entry.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-11-17 14:58:14 +00:00
Przemek Stekiel 369ae0afc3 Zeroize pake password buffer before free 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-17 14:14:31 +01:00
Przemek Stekiel 152ae07682 Change password ec j-pake operation fields to more suitable 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-17 13:24:36 +01:00
Ronald Cron d12922a69a
Merge pull request #6486 from xkqian/tls13_add_early_data_indication 
The merge job of the internal CI ran successfully. This is good to go.
 2022-11-17 12:48:50 +01:00
Przemyslaw Stekiel 1def5becc2 Add psa_get_and_lock_key_slot_with_policy to header file 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-16 16:28:04 +01:00
Valerio Setti 6f1b5741ae tls12: psa_pake: simplify EC info parsing in server's 2nd round 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-16 14:50:13 +01:00
Valerio Setti 4a9caaa0c9 tls12: psa_pake: check elliptic curve's TLS ID on handshake 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-16 14:50:10 +01:00
Valerio Setti fbbc1f3812 tls12: psa_pake: use proper defines for the output size of each step in ECJPAKE 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-16 14:49:52 +01:00
Valerio Setti 02c25b5f83 tls12: psa_pake: use common code for parsing/writing round one and round two data 
Share a common parsing code for both server and client for parsing
round one and two.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-16 13:56:12 +01:00
Ronald Cron e9f92c4fbc tls: Fix in_cid buffer size in transform structure 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-16 10:23:05 +01:00
Xiaokang Qian 0cc4320e16 Add EARLY_DATA guard to the early data extension in session ticket 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-16 08:43:50 +00:00
Gilles Peskine ef7f4e47b1 Express abs(z) in a way that satisfies GCC and MSVC 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-15 23:25:27 +01:00
Gilles Peskine af601f9751 Fix undefined behavior with the most negative mbedtls_mpi_sint 
When x is the most negative value of a two's complement type,
`(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x`
has well-defined behavior and does what was intended.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-15 23:02:14 +01:00
Gilles Peskine db14a9d180 Fix NULL+0 in addition 0 + 0 
Fix undefined behavior (typically harmless in practice) of
mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() when
both operands are 0 and the left operand is represented with 0 limbs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-15 23:00:21 +01:00
Przemek Stekiel 348410f709 Make a copy of the key in operation while setting pake password 
Additionally use psa_get_and_lock_key_slot_with_policy() to obtain key.
This requires making this function public. This will have to be solved while adding driver dipatch for EC-JPAKE.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-15 22:22:07 +01:00
Gilles Peskine 4a768dd17d Fix negative zero created by (-A) + (+A) or (-A) - (-A) 
In mbedtls_mpi_add_mpi() and mbedtls_mpi_sub_mpi(), and by extention
mbedtls_mpi_add_int() and mbedtls_mpi_sub_int(), when the resulting value
was zero, the sign bit of the result was incorrectly set to -1 when the
left-hand operand was negative. This is not a valid mbedtls_mpi
representation. Fix this: always set the sign to +1 when the result is 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-15 20:36:18 +01:00
Gilles Peskine 72ee1e3f3c Unify mbedtls_mpi_add_mpi and mbedtls_mpi_sub_mpi 
mbedtls_mpi_add_mpi() and mbedtls_mpi_sub_mpi() have the same logic, just
with one bit to flip in the sign calculation. Move the shared logic to a new
auxiliary function. This slightly reduces the code size (if the compiler
doesn't inline) and reduces the maintenance burden.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-15 20:30:09 +01:00
Xiaokang Qian 2cd5ce0c6b Fix various issues cause rebase to latest code 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-15 10:33:53 +00:00
Dave Rodgman d384b64dd2
Merge branch 'development' into rfc9146_2 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-14 17:43:15 +00:00
Janos Follath 4d0ea7f4cc
Merge pull request #6550 from minosgalanakis/minos/6017_add_montgomery_conversion 
Bignum: Add Montgomery conversion from/to cannonical form
 2022-11-14 11:12:13 +00:00
Xiaokang Qian fe3483f9a1 Update early data doument and config dependencies 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:22 +00:00
Xiaokang Qian ae07cd995a Change ticket_flag base on review 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:22 +00:00
Xiaokang Qian 2d87a9eeb5 Pend one alert in case wrong EXT_EARLY_DATA length 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:22 +00:00
Xiaokang Qian a042b8406d Address some format issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:19 +00:00
Xiaokang Qian f447e8a8d3 Address comments base on reviews 
Improve early data indication check
Update test case to gnutls server

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:15:36 +00:00
Xiaokang Qian a341225fd0 Change function name ssl_tls13_early_data_has_valid_ticket 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:15:05 +00:00
Xiaokang Qian 01323a46c6 Add session ticket related check when send early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:15:05 +00:00
Xiaokang Qian ecc2948f21 Fix format issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:15:05 +00:00
Xiaokang Qian 76332816c7 Define the EARLY_DATA_STATUS 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:15:05 +00:00
Xiaokang Qian 338f727683 Move EARLY_DATA_OFF/ON guard to ssl_misc.h 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:15:03 +00:00
Xiaokang Qian b781a2323c Move ssl_tls13_has_configured_ticket() back to tls13 client 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:13:51 +00:00
Xiaokang Qian 893ad81966 Remove useless early_secrets field 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:13:51 +00:00
Xiaokang Qian 911c0cc4f0 Fix format issues in comments 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:13:50 +00:00
Xiaokang Qian 0e97d4d16d Add early data indication to client side 
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:13:50 +00:00
Paul Elliott aeb8bf2ab0
Merge pull request #6170 from yuhaoth/pr/tls13-cleanup-extensions-parser 
TLS 1.3: Add extension check for message parsers
 2022-11-11 19:00:46 +00:00
Minos Galanakis d9299c388e bignum_mod_raw: Refactored Montgomery conversion functions 
This patch updates the `mbedtls_mpi_mod_raw_conv_xx()` methods
as follows:

* Renamed for simplicity: conv_fwd -> from_mont_rep, conv_inv -> to_mont_rep.
* Uncoupled the dependency on the legaly bignum interface.
* `mbedtls_mpi` is no longer used for temporary buffer allocation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-11-11 10:54:58 +00:00
Hanno Becker 5ad4a93596 bignum_mod_raw: Added conversion methods for internal/public data representation 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-11-11 10:54:58 +00:00
Dave Rodgman f58172fe43 Merge remote-tracking branch 'origin/development' into pr3431 2022-11-10 09:54:49 +00:00
Gilles Peskine ed4b34aa7c
Merge pull request #6570 from gilles-peskine-arm/bignum-mbedtls_test_read_mpi_core-nonempty 
Forbid empty mpi_core in test data
 2022-11-09 19:02:24 +01:00
Jerry Yu 97be6a913e fix various issues 
- typo error
- replace `ssl->hanshake` with handshake

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-09 22:43:31 +08:00