Move `mbedtls_dev` to `mbedtls_framework` in the framework repo #15

Signed-off-by: Ronald Cron <[email protected]>

Add ALPN information in session tickets

Add testing for concurrently loading/using/destroying the same key

Expand MSVC to Visual Studio and announce the moving of the solution files. Signed-off-by: Bence Szépkúti <[email protected]>

All supported versions of Visual Studio support AESNI, so drop the version number. Signed-off-by: Bence Szépkúti <[email protected]>

Signed-off-by: Waleed Elmelegy <[email protected]>

…ompat-tests TLS 1.3: Resumption and early data compatibility tests

Test the behavior of mbedtls_pk_get_psa_attributes() and mbedtls_pk_import_into_psa() with respect to lifetime. In particular, test that they work with persistent keys as documented. Test cases generated by the following script: ``` for old in [('transparent', '0:0:1'), ('opaque volatile [export]', '1:0:1'), ('opaque volatile [copy]', '1:0:0'), ('opaque persistent [export]', '1:1:1'), ('opaque persistent [copy]', '1:1:0')]: for to_public in [('pair', '0'), ('public', '1')]: for to_persistent in [('volatile', '0'), ('persistent', '1')]: depends = ('\ndepends_on:MBEDTLS_USE_PSA_CRYPTO' if old[0].startswith('opaque') else '') print(f"""\ PSA import into PSA: {old[0]} -> {to_persistent[0]} {to_public[0]}{depends} pk_import_into_psa_lifetime:{old[1]}:{to_public[1]}:{to_persistent[1]} """) ``` Signed-off-by: Gilles Peskine <[email protected]>

Drop Support for MSVC 2013, 2015 and Arm Compiler 5

Signed-off-by: Paul Elliott <[email protected]>

Signed-off-by: Ronald Cron <[email protected]>

…-nego-testing TLS: Improve server version negotiation testing

Signed-off-by: Ronald Cron <[email protected]>

…eiving-early-data Check ALPN when receiving early data

Catch potential invalid calls to init. Signed-off-by: Paul Elliott <[email protected]>

Signed-off-by: Paul Elliott <[email protected]>

TLS 1.3: Documentation update for 3.6 release

Adds missing transition and italicises internal functions Signed-off-by: Ryan Everett <[email protected]>

A few typo fixes, extrapolations and extra details. Signed-off-by: Ryan Everett <[email protected]>

Make PSA global_data thread safe

Signed-off-by: Paul Elliott <[email protected]>

…est-lifetime pk_import_into_psa: test persistent keys

Co-authored-by: Paul Elliott <[email protected]> Signed-off-by: Ryan Everett <[email protected]>

Add changelog entry for threading MVP

Signed-off-by: Dave Rodgman <[email protected]>

…ty-docs Update psa-thread-safety.md to reflect version 3.6 changes

Signed-off-by: Ronald Cron <[email protected]>

Signed-off-by: Dave Rodgman <[email protected]>

We were successful in adding transparent memory-poisoning testing, so simplify to the real design decision we made. Signed-off-by: David Horstmann <[email protected]>

The actual functions were called mbedtls_test_memory_poison() and mbedtls_test_memory_unpoison(). Update the design section to reflect this. Signed-off-by: David Horstmann <[email protected]>

Since this is just an example, remove specific-sounding references to mbedtls_psa_core_poison_memory() and replace with more abstract and generic-sounding memory_poison_hook() and memory_unpoison_hook(). Signed-off-by: David Horstmann <[email protected]>

Signed-off-by: Paul Elliott <[email protected]>

Namely LOCAL_INPUT_DECLARE() and friends Signed-off-by: David Horstmann <[email protected]>

Codestyle autogen fix

Signed-off-by: Dave Rodgman <[email protected]>

Signed-off-by: David Horstmann <[email protected]>

The configuration of memory poisoning is now performed via compile-time detection setting MBEDTLS_MEMORY_CAN_POISON. Update the design to take account of this. Signed-off-by: David Horstmann <[email protected]>

Add a note that validation of validation was implemented in metatest.c and explain briefly what that program is for. Signed-off-by: David Horstmann <[email protected]>

Try to perform verify_ext() using the opaque context when the key type is MBEDTLS_PK_RSASSA_PSS. This currently leads to a crash while running the test suite and this will be fixed by the next commit. Signed-off-by: Valerio Setti <[email protected]>

…A PSS Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Dave Rodgman <[email protected]>

…_changelog Add issues fixed to threading MVP changelog entry

This question has been resolved, as we know that we can test transparently. Signed-off-by: David Horstmann <[email protected]>

Explain this option and the way it relates to the copying macros. Signed-off-by: David Horstmann <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

…g-design-doc Rewrite PSA shared memory design document

Signed-off-by: Mingjie Shen <[email protected]>

…_sign_ext() Signed-off-by: Valerio Setti <[email protected]>

Enable TLS 1.3 by default

Signed-off-by: Steven WdV <[email protected]>

[Bugfix] Fix null dereference in `mbedtls_pk_verify_ext()`

Fix potential stack buffer overread when checking PSK binders. Signed-off-by: Ronald Cron <[email protected]>

The behavior of the functions is kept intact. Changes concern: - generate the initial PK context using PSA parameters only; this allows to remove 1 input parameter for the test function. - add/fix comments. Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

…C are defined This bug was not found until now because: - !PK_[WRITE|PARSE]_C is only tested in component_full_no_pkparse_pkwrite() - the test only case concerning RSA key had MBEDTLS_PK_WRITE_C as dependency so it was not executed in that component. Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

tls13: srv: Fix potential stack buffer overread

…psa_sign() Previously only only PKCS1 v1.5 was tested. Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Minos Galanakis <[email protected]>

Use mbedtls_test_key_consistency_psa_pk() to verify that the generated PK contexts match with the original PSA keys instead of doing sign/verify and encrypt/decrypt. Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

… length This is also used in pk_psa_sign() to properly size buffers holding the public key. Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

…lopment-restricted-merge-19032024 Merge development on restricted 10/03/2024

If the public key is exported with mbedtls_pk_write_pubkey_der() it should be re-imported with mbedtls_pk_parse_public_key(). Alternative options (when PK_WRITE is not defined), i.e. mbedtls_ecp_point_write_binary() and mbedtls_rsa_write_pubkey(), export the key in a different format which cannot be parsed by pk_parse module so mbedtls_ecp_point_read_binary() and mbedtls_rsa_parse_pubkey() should be used respectively in this case. Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Ronald Cron <[email protected]>

mbedtls_pk_setup_opaque always uses PKCS#1v1.5 for RSA keys

Update BRANCHES for 3.6

…ompat_sh Fix fake cases listed of compat.sh

Signed-off-by: Minos Galanakis <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

…on-tests-titles ssl-opt.sh: Improve version selection test titles

Unify consistency tests for mbedtls_pk_import_into_psa and mbedtls_pk_copy_from_psa

The #ifdef guard in the get_builtin_key() should be PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT to allow for multiple drivers to be plugged into the wrapper. Signed-off-by: Antonio de Angelis <[email protected]>

Signed-off-by: Minos Galanakis <[email protected]>

./scripts/bump_version.sh --version 3.6.0 --so-crypto 16 --so-x509 7 --so-tls 21 Signed-off-by: Minos Galanakis <[email protected]>

In case of opaque keys skip the check of the supported primary/enrollment algorithms. Just try to perfom the signature and if the wrapped key does not support RSA PSS the operation will fail automatically. Signed-off-by: Valerio Setti <[email protected]>

…xt() If the wrapped key has a PKCS1 v1.5 signature algorithm, then try to call sign_ext() to perform PSA RSS. Of course this will fail because it's not supported by the wrapped key. Signed-off-by: Valerio Setti <[email protected]>

This also updates use-psa-crypto.md accordingly. Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Minos Galanakis <[email protected]>

Mbedtls 3.6.0 Release Candidate

Signed-off-by: Valerio Setti <[email protected]>

check_pair() is not supported by opaque RSA keys, but we want to be sure that calling this functions fails nicely instead for crashing. Signed-off-by: Valerio Setti <[email protected]>

…or testing Signed-off-by: Tom Cosgrove <[email protected]>

Signed-off-by: Tom Cosgrove <[email protected]>

…oduction_parameters_t-doc Signed-off-by: Minos Galanakis <[email protected]>

…ort-is-now-released Signed-off-by: Minos Galanakis <[email protected]>

Mbedtls 3.6.0rc1

Guard ssl_tls13_write_new_session_ticket_coordinate with MBEDTLS_SSL_SESSION_TICKETS macro. Signed-off-by: Norbert Fabritius <[email protected]>

Signed-off-by: Ronald Cron <[email protected]>

Signed-off-by: Norbert Fabritius <[email protected]>

Signed-off-by: Ronald Cron <[email protected]>

Signed-off-by: Norbert Fabritius <[email protected]> Signed-off-by: Ronald Cron <[email protected]>

Signed-off-by: Norbert Fabritius <[email protected]> Signed-off-by: Jerry Yu <[email protected]> Signed-off-by: Ronald Cron <[email protected]>

If a TLS 1.3 client receives a ticket and the feature is not enabled, ignore it. Signed-off-by: Ronald Cron <[email protected]>

Add tests where we explicitely check that tickets are ignored on client side when the support is not enabled. Signed-off-by: Ronald Cron <[email protected]>

Automatically generated with the following bash script: ``` LIST="secp521r1 brainpoolP512r1 secp384r1 brainpoolP384r1 secp256r1 secp256k1 brainpoolP256r1 secp224r1 secp224k1 secp192r1 secp192k1 x25519 x448" for item in $LIST; do ./programs/pkey/gen_key type=ec ec_curve=$item filename="tests/data_files/ec_$item.der" format=der done LIST="1024 1026 1028 1030 2048 4096" for item in $LIST; do ./programs/pkey/gen_key type=rsa rsa_keysize=$item filename="tests/data_files/rsa_$item.der" format=der done ``` Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

Use predefined keys instead of generating them at runtime as already done for pk_genkey(). Signed-off-by: Valerio Setti <[email protected]>

…ependencies EC and RSA keys are now loaded from a file so there is no need to generate them at runtime. Signed-off-by: Valerio Setti <[email protected]>

This reverts commit e8a6833. Signed-off-by: Minos Galanakis <[email protected]>

Mbedtls 3.6.0 mergeback

This helps dropping dependency on FS_IO. This commit also removes DER files that were previusly added and which are not more needed/used. Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

Add pk_info parameter in order to ease the requirements on the provided PK context. Now it can simply be initialized, but not setup. Signed-off-by: Valerio Setti <[email protected]>

Instead of using PK module to import/export the key in a PSA friendly format: - for RSA keys we use the DER input data directly; - for EC keys we extract the private key manually. This helps avoiding dependencies from PK_WRITE and PK_PARSE. Signed-off-by: Valerio Setti <[email protected]>

Fix compilation on macOS without apple-clang

This commit adds "generate_test_keys.py" script to generate predefined keys used in test_suite_pk. Keys are generated with "programs/pkey/gen_key" tool and converted to C array using the python script. tests/src/test_keys.h is automatically generated using the above mentioned script. test_suite_pk is updated in order to use the new format. Signed-off-by: Valerio Setti <[email protected]>

key_bits is unused when neither MBEDTLS_RSA_C or MBEDTLS_PK_HAVE_ECC_KEYS are defined. Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Ronald Cron <[email protected]>

Add RSA key certificates using SHA256 instead of SHA1 for the signature algorithm. Those are needed for some TLS 1.3 compatibility tests with OpenSSL 3 to avoid having to enable in OpenSSL 3 the support for the deprecated SHA-1 based signature algorithms. Signed-off-by: Ronald Cron <[email protected]>

Signed-off-by: Ronald Cron <[email protected]>

Now that key generation has been replaced with parsing predefined keys, guards for MBEDTLS_PK_PARSE_C need to be added in test code. This commits also removes remaining usage of GENPRIME. Signed-off-by: Valerio Setti <[email protected]>

…ke macro Fixes #8994 Signed-off-by: Tom Cosgrove <[email protected]>

Signed-off-by: Ronald Cron <[email protected]>

- remove BEGIN_FILE/END_FILE lines from output header file. - add single disclaimer at the beginning of the file instead of having it repeated for every array. - improved exception message for missing key generation program. This commits also regenerates "test_keys.h" in order to fully comply with the new format. Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Add 3.6 backport checkbox to the PR template

Fix documentation of mbedtls_ssl_session_save() regarding its dependency on MBEDTLS_SSL_SESSION_TICKETS in TLS 1.3 session case. Signed-off-by: Ronald Cron <[email protected]>

The API has eventually not been changed to return multiple tickets through multiple subsequent call to it. Signed-off-by: Ronald Cron <[email protected]>

Fix documentation of mbedtls_ssl_session_get() regarding its interaction with session ticket enablement. Signed-off-by: Ronald Cron <[email protected]>

It was eventually decided to not support multiple tickets in TLS 1.3 ClientHello messages thus removing the parts in mbedtls_ssl_session_set() documentation that were anticipating that. Signed-off-by: Ronald Cron <[email protected]>

Clarify the documentation of mbedtls_pk_setup_opaque

Test gap: mbedtls_pk_check_pair with MBEDTLS_PK_OPAQUE

Fix documentation of mbedtls_ssl_session_set() regarding its dependency on MBEDTLS_SSL_SESSION_TICKETS in TLS 1.3 case. Signed-off-by: Ronald Cron <[email protected]>

Signed-off-by: Ronald Cron <[email protected]>

Guard ticket specific TLS 1.3 function with macro

Signed-off-by: Pengyu Lv <[email protected]>

To pass a fallback test, we need a dependency on built-in implementation. Signed-off-by: Pengyu Lv <[email protected]>

- "in-driver" test should depend on the present of a driver. - add new counter in key manangement driver test hook which counts the calls of generate_key. - We only care about the hits when processing `psa_generate_key`. Signed-off-by: Pengyu Lv <[email protected]>

We use logical '&&' everywhere, let's be consistent. (Unless I'm mistaken, binary '&' happens to give the same results for booleans so this wasn't an actual bug, just style/readability issue.) Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Fix wrong dependencies in test cases

…emcpy-is-function-like-macro Fix compilation when memcpy() is a function-like macro

asymmetric_key_data.py already provides EC/RSA key pair values that are suitable for generate_test_keys.py. So instead of re-generating the keys using gen_key program, we use those keys. This commit also: - extends asymmetric_key_data.py to introduce RSA bit sizes that are used in test_suite_pk but were missing from asymmetric_key_data.py. - updates test_keys.h with new keys. Signed-off-by: Valerio Setti <[email protected]>

Don't just silently continue. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Skipping DTLS 1.2 with old versions was already done, but now properly test support only once and use the results. Note that historically, this script's policy was that it's the user's job to find the right value of -e (EXCLUDE) for their version for OpenSSL & config. Now it's a weird mix of that and the script doing some detection and skipping. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Was missing several key types and algs. Also, list those that are not implemented, but comment them out, to make it clearer what's not implemented yet. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

The coverage data for the test drivers was generated using the following patch: diff --git a/scripts/lcov.sh b/scripts/lcov.sh index 9258ba788874..1ef071a65c06 100755 --- a/scripts/lcov.sh +++ b/scripts/lcov.sh @@ -63,8 +63,8 @@ if [ $# -gt 0 ] && [ "$1" = "--help" ]; then fi if in_mbedtls_build_dir; then - library_dir='library' - title='Mbed TLS' + library_dir='tests/src/drivers' + title='Mbed TLS test drivers' else library_dir='core' title='TF-PSA-Crypto' diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 734d8323ca73..f6b17ca5692b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4795,14 +4795,17 @@ component_test_psa_crypto_drivers () { msg "build: full + test drivers dispatching to builtins" scripts/config.py full scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG - loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL" + loc_cflags="--coverage -DPSA_CRYPTO_DRIVER_TEST_ALL" loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" - loc_cflags="${loc_cflags} -I../tests/include -O2" + loc_cflags="${loc_cflags} -I../tests/include -Og -g3" - make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="--coverage" -C tests test_suite_psa_crypto_driver_wrappers msg "test: full + test drivers dispatching to builtins" - make test + (cd tests && ./test_suite_psa_crypto_driver_wrappers --verbose) + #make test + + scripts/lcov.sh } component_test_make_shared () { Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

As the comment says, this component's only goal was to make sure the legacy+driver test cases in test_suite_md.psa were executed. But actually these are already executed in component_test_psa_crypto_drivers which tests with everything having both a driver and the built-in, as can be seen in the outcomes file. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Most of them (2 exceptions, see below) are of the "driver + built-in" type, so they're all a subset of test_psa_crypto_driver which tests everything with driver + built-in at once. Furthermore, all those components were build-only, while test_psa_crypto_driver runs the test suites. Special cases: two of the components looked like they were trying to go for driver-only (ecdh disabling ECDH_C and hkdf disabling HKDF_C). For ECDH, built-in would actually be re-enabled because not enough was accelerated: you also need ECC key types and curves - see component_test_psa_crypto_config_accel_ecdh which does this correctly. For HKDF, we don't have test driver support for key derivation yet. I guess that shows how little testing value these build-only components really had. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Improved by Mbed-TLS/mbedtls#8616 - closing 8553. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Been merged in the meantime. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Mbed-TLS/mbedtls#8700 merged in the meantime. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Use latest installed OpenSSL 3 as OPENSSL_NEXT

And fix a typo while at it. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

This is to manage RSA and EC keys in the same way in order to prepare for the following commits. Signed-off-by: Valerio Setti <[email protected]>

…ta.py Only unused (from test_suite_pk point of view) EC curves are skipped. Signed-off-by: Valerio Setti <[email protected]>

Remove static declaration of look-up table from test_suite_pk and generate it automatically with Python. Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

- pk_genkey -> pk_setup - pk_psa_genkey -> pk_psa_setup Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

…psa_wrap_sign_ext() Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

- MBEDTLS_GENPRIME is removed because now we rely on predefined RSA keys. - MBEDTLS_RSA_GEN_KEY_MIN_BITS is replaced with RSA_KEY_SIZE which is set on top of test_suite_pk to a value which is supported in the predefined_keys[] array. Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

Document driver testing status

We actually only need two invocations. This also moves all the default tests to OPENSSL_NEXT, which is good because OPENSSL is ancient. I have no idea why NULL doesn't work with OPENSSL_NEXT (1.1.1a) server, because according to the manpage [1], "ALL,COMPLEMENTOFALL" (which is what we are using) should do it, and indeed $OPENSSL_NEXT ciphers "ALL,COMPLEMENTOFALL" | tr ':' '\n' lists NULL ciphersuites, and also they work client-side with OPENSSL_NEXT... [1] https://www.openssl.org/docs/man1.1.1/man1/ciphers.html Also, while at it, remove partial invocation (only non-default) from one component, as we already have a full invocation in the same config (plus ASan) in another component. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

…tructure - group_id is only used for EC keys; - key bitsize only for RSA. Signed-off-by: Valerio Setti <[email protected]>

Prepare this component for PSA_CRYPTO_CONFIG to be on by default. Rename it so that the name is still accurate when we remove legacy symbols Signed-off-by: Ryan Everett <[email protected]>

RSA needs ASN1 functions to parse/write private and public keys, but there is no guards in the code for that. So we need to enable ASN1 support whenever RSA is enabled. Signed-off-by: Valerio Setti <[email protected]>

Signed-off-by: Valerio Setti <[email protected]>

Auto-enable ASN1 when RSA is enabled

The previous commit had: - one obvious mistake (-f NULL with default -e runs nothing) - one unforeseen issue: OPENSSL_NEXT skips static ECDH - arguably scope creep: the stated goal was to simplify the full invocation (in particular, make it obvious that everything is run without having to remember the default value of EXCLUDE), but it also made an unrelated change: running most tests with OPENSSL_NEXT (hence the previous point). This commit should fix all this, in particular it switches back to running most tests with OPENSSL and using OPENSSL_NEXT only when needed. Hopefully in the future we'll do the opposite: most tests will run with a recent OpenSSL, and only those that need an older one will use something older. But that will be another PR. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>

Signed-off-by: Ryan Everett <[email protected]>

In the test data, remove a dependency that is already present on the function. Signed-off-by: Gilles Peskine <[email protected]>

Work around Mbed-TLS/mbedtls#9048 Signed-off-by: Gilles Peskine <[email protected]>

Signed-off-by: Gilles Peskine <[email protected]>

…to_rsa_no_genprime Make component_test_psa_crypto_rsa_no_genprime work with PSA_CRYPTO_CONFIG set

[dev] Small fixes to compat.sh (partial forward-port)

We can use DER keys in builds without PEM, so it's good to have them around. Signed-off-by: Gilles Peskine <[email protected]>

These are sufficiently large for PKCS#1v1.5 signature with SHA-512 or SHA3-512. Cover some non-word-aligned sizes. Signed-off-by: Gilles Peskine <[email protected]>

When PSA is available, we exercise the parsed RSA key with PKCS#1v1.5 signature, which requires the modulus size in bytes to be at least tLen + 11 (per RFC 8017 §9.2) where tLen = hLen + oidLen + 6 and hLen = 32, oidLen = 9 for SHA-512 or SHA3-512. 10 is the DER overhead (3 ASN.1 type-length headers with lengths <128). Replace 512-bit test cases (good enough for SHA-256 but not SHA-384 and up) by 768-bit and up (good enough for SHA-512). Signed-off-by: Gilles Peskine <[email protected]>

With OpenSSL 3.0.2 (which I used to generate the previous set of "pkcs1" DER files), the output of `openssl rsa -outform DER` is actually a PKCS#8-encoded key, despite what the documentation says. This is a change from OpenSSL 1.x, where the output is a PKCS#1-encoded key. OpenSSL 3.0.8 documents the output as PKCS#8. Change to `openssl pkey`, which seems more reliable. The documentation states that the output is PKCS#8, but the output is actually consistently PKCS#1 at least from 1.0.2g to 3.3.0. Signed-off-by: Gilles Peskine <[email protected]>

Like `openssl rsa`, `openssl genrsa` changed its output format from PKCS8 to PKCS1 in OpenSSL 3.0. Note that the makefile instructions assume older OpenSSL. Convert the files that were generated with OpenSSL 3.x and hence were not in the intended format. The files are converted, not regenerated, so the key material is the same. Signed-off-by: Gilles Peskine <[email protected]>

With multipart AEAD, if we attempt to add zero length additional data, then with the buffer sharing fixes this can now lead to undefined behaviour when using gcm. Fix this by returning early, as there is nothing to do if the input length is zero. Signed-off-by: Paul Elliott <[email protected]>

Signed-off-by: Paul Elliott <[email protected]>

Improve test key generation in test_suite_pk

If psa_get_and_lock_key_slot fails, the slot must be wiped. This fixes a bug where a pointer to some valid key slot can be incorrectly returned Signed-off-by: Ryan Everett <[email protected]>

A bug existed previously where this guarantee was not met, causing some issues in multi-threaded code. Signed-off-by: Ryan Everett <[email protected]>

Signed-off-by: Ryan Everett <[email protected]>

This should be CRYPTO_CLIENT and not CRYPTO_C as this function can be used even when CRYPTO_C is not defined. Signed-off-by: Valerio Setti <[email protected]>

Add early exit if zero length AEAD additional data passed in.

Signed-off-by: Ryan Everett <[email protected]>

…240314-development Fix some test case dependencies (PEM_C)

Signed-off-by: Ronald Cron <[email protected]>

ChangeLog: Add missing reference to CVE in security entry

…lot-threading-bug Wipe the returned slot pointer upon failure in `psa_get_and_lock_key_slot`

…g-for-secure-element-keys-in-psa_start_key_creation Fix error handling for secure element keys in `psa_start_key_creation`

ssl_mail_client: Fix unbounded write of sprintf()

Undefined reference to mbedtls_md_error_from_psa() function

Signed-off-by: David Horstmann <[email protected]>

…mann-arm/add-mbedtls-framework-module

Signed-off-by: David Horstmann <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Move `mbedtls_dev` to `mbedtls_framework` in the framework repo #15

Move `mbedtls_dev` to `mbedtls_framework` in the framework repo #15

Commits on Mar 15, 2024

Commits on Mar 17, 2024

Commits on Mar 18, 2024

Commits on Mar 19, 2024

Commits on Mar 20, 2024

Commits on Mar 21, 2024

Commits on Mar 22, 2024

Commits on Mar 25, 2024

Commits on Mar 26, 2024

Commits on Mar 27, 2024

Commits on Mar 28, 2024

Commits on Mar 29, 2024

Commits on Apr 2, 2024

Commits on Apr 3, 2024

Commits on Apr 4, 2024

Commits on Apr 5, 2024

Commits on Apr 8, 2024

Commits on Apr 9, 2024

Commits on Apr 10, 2024

Commits on Apr 11, 2024

Commits on Apr 12, 2024

Commits on Apr 15, 2024

Commits on Apr 16, 2024

Commits on Apr 17, 2024

Commits on Apr 18, 2024

Commits on Apr 19, 2024

Commits on Apr 22, 2024

Commits on Apr 23, 2024

Commits on Apr 24, 2024

Commits on Apr 25, 2024

Commits on Apr 26, 2024

Commits on Apr 29, 2024

Commits on Apr 30, 2024

Commits on May 2, 2024

Commits on May 3, 2024

Move mbedtls_dev to mbedtls_framework in the framework repo #15

Move mbedtls_dev to mbedtls_framework in the framework repo #15

Commits on Mar 15, 2024

Commits on Mar 17, 2024

Commits on Mar 18, 2024

Commits on Mar 19, 2024

Commits on Mar 20, 2024

Commits on Mar 21, 2024

Commits on Mar 22, 2024

Commits on Mar 25, 2024

Commits on Mar 26, 2024

Commits on Mar 27, 2024

Commits on Mar 28, 2024

Commits on Mar 29, 2024

Commits on Apr 2, 2024

Commits on Apr 3, 2024

Commits on Apr 4, 2024

Commits on Apr 5, 2024

Commits on Apr 8, 2024

Commits on Apr 9, 2024

Commits on Apr 10, 2024

Commits on Apr 11, 2024

Commits on Apr 12, 2024

Commits on Apr 15, 2024

Commits on Apr 16, 2024

Commits on Apr 17, 2024

Commits on Apr 18, 2024

Commits on Apr 19, 2024

Commits on Apr 22, 2024

Commits on Apr 23, 2024

Commits on Apr 24, 2024

Commits on Apr 25, 2024

Commits on Apr 26, 2024

Commits on Apr 29, 2024

Commits on Apr 30, 2024

Commits on May 2, 2024

Commits on May 3, 2024

Move `mbedtls_dev` to `mbedtls_framework` in the framework repo #15

Move `mbedtls_dev` to `mbedtls_framework` in the framework repo #15