mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-28 19:21:08 +00:00
Merge pull request #874 from ARMmbed/mbedtls-3.1.0_merge_into_release
Mbedtls 3.1.0 merge into release
This commit is contained in:
commit
bff88ab086
@ -344,7 +344,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
|
||||
write_basic_package_version_file(
|
||||
"cmake/MbedTLSConfigVersion.cmake"
|
||||
COMPATIBILITY SameMajorVersion
|
||||
VERSION 3.0.0)
|
||||
VERSION 3.1.0)
|
||||
|
||||
install(
|
||||
FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake"
|
||||
|
179
ChangeLog
179
ChangeLog
@ -1,5 +1,184 @@
|
||||
mbed TLS ChangeLog (Sorted per branch, date)
|
||||
|
||||
= mbed TLS 3.1.0 branch released 2021-12-17
|
||||
|
||||
API changes
|
||||
* New error code for GCM: MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL.
|
||||
Alternative GCM implementations are expected to verify
|
||||
the length of the provided output buffers and to return the
|
||||
MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the buffer length is too small.
|
||||
* You can configure groups for a TLS key exchange with the new function
|
||||
mbedtls_ssl_conf_groups(). It extends mbedtls_ssl_conf_curves().
|
||||
* Declare a number of structure fields as public: the fields of
|
||||
mbedtls_ecp_curve_info, the fields describing the result of ASN.1 and
|
||||
X.509 parsing, and finally the field fd of mbedtls_net_context on
|
||||
POSIX/Unix-like platforms.
|
||||
|
||||
Requirement changes
|
||||
* Sign-magnitude and one's complement representations for signed integers are
|
||||
not supported. Two's complement is the only supported representation.
|
||||
|
||||
New deprecations
|
||||
* Deprecate mbedtls_ssl_conf_curves() in favor of the more generic
|
||||
mbedtls_ssl_conf_groups().
|
||||
|
||||
Removals
|
||||
* Remove the partial support for running unit tests via Greentea on Mbed OS,
|
||||
which had been unmaintained since 2018.
|
||||
|
||||
Features
|
||||
* Enable support for Curve448 via the PSA API. Contributed by
|
||||
Archana Madhavan in #4626. Fixes #3399 and #4249.
|
||||
* The identifier of the CID TLS extension can be configured by defining
|
||||
MBEDTLS_TLS_EXT_CID at compile time.
|
||||
* Implement the PSA multipart AEAD interface, currently supporting
|
||||
ChaChaPoly and GCM.
|
||||
* Warn if errors from certain functions are ignored. This is currently
|
||||
supported on GCC-like compilers and on MSVC and can be configured through
|
||||
the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled
|
||||
(where supported) for critical functions where ignoring the return
|
||||
value is almost always a bug. Enable the new configuration option
|
||||
MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This
|
||||
is currently implemented in the AES, DES and md modules, and will be
|
||||
extended to other modules in the future.
|
||||
* Add missing PSA macros declared by PSA Crypto API 1.0.0:
|
||||
PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL.
|
||||
* Add support for CCM*-no-tag cipher to the PSA.
|
||||
Currently only 13-byte long IV's are supported.
|
||||
For decryption a minimum of 16-byte long input is expected.
|
||||
These restrictions may be subject to change.
|
||||
* Add new API mbedtls_ct_memcmp for constant time buffer comparison.
|
||||
* Add functions to get the IV and block size from cipher_info structs.
|
||||
* Add functions to check if a cipher supports variable IV or key size.
|
||||
* Add the internal implementation of and support for CCM to the PSA multipart
|
||||
AEAD interface.
|
||||
* Mbed TLS provides a minimum viable implementation of the TLS 1.3
|
||||
protocol. See docs/architecture/tls13-support.md for the definition of
|
||||
the TLS 1.3 Minimum Viable Product (MVP). The MBEDTLS_SSL_PROTO_TLS1_3
|
||||
configuration option controls the enablement of the support. The APIs
|
||||
mbedtls_ssl_conf_min_version() and mbedtls_ssl_conf_max_version() allow
|
||||
to select the 1.3 version of the protocol to establish a TLS connection.
|
||||
* Add PSA API definition for ARIA.
|
||||
|
||||
Security
|
||||
* Zeroize several intermediate variables used to calculate the expected
|
||||
value when verifying a MAC or AEAD tag. This hardens the library in
|
||||
case the value leaks through a memory disclosure vulnerability. For
|
||||
example, a memory disclosure vulnerability could have allowed a
|
||||
man-in-the-middle to inject fake ciphertext into a DTLS connection.
|
||||
* In psa_aead_generate_nonce(), do not read back from the output buffer.
|
||||
This fixes a potential policy bypass or decryption oracle vulnerability
|
||||
if the output buffer is in memory that is shared with an untrusted
|
||||
application.
|
||||
* In psa_cipher_generate_iv() and psa_cipher_encrypt(), do not read back
|
||||
from the output buffer. This fixes a potential policy bypass or decryption
|
||||
oracle vulnerability if the output buffer is in memory that is shared with
|
||||
an untrusted application.
|
||||
* Fix a double-free that happened after mbedtls_ssl_set_session() or
|
||||
mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
|
||||
(out of memory). After that, calling mbedtls_ssl_session_free()
|
||||
and mbedtls_ssl_free() would cause an internal session buffer to
|
||||
be free()'d twice.
|
||||
|
||||
Bugfix
|
||||
* Stop using reserved identifiers as local variables. Fixes #4630.
|
||||
* The GNU makefiles invoke python3 in preference to python except on Windows.
|
||||
The check was accidentally not performed when cross-compiling for Windows
|
||||
on Linux. Fix this. Fixes #4774.
|
||||
* Prevent divide by zero if either of PSA_CIPHER_ENCRYPT_OUTPUT_SIZE() or
|
||||
PSA_CIPHER_UPDATE_OUTPUT_SIZE() were called using an asymmetric key type.
|
||||
* Fix a parameter set but unused in psa_crypto_cipher.c. Fixes #4935.
|
||||
* Don't use the obsolete header path sys/fcntl.h in unit tests.
|
||||
These header files cause compilation errors in musl.
|
||||
Fixes #4969.
|
||||
* Fix missing constraints on x86_64 and aarch64 assembly code
|
||||
for bignum multiplication that broke some bignum operations with
|
||||
(at least) Clang 12.
|
||||
Fixes #4116, #4786, #4917, #4962.
|
||||
* Fix mbedtls_cipher_crypt: AES-ECB when MBEDTLS_USE_PSA_CRYPTO is enabled.
|
||||
* Failures of alternative implementations of AES or DES single-block
|
||||
functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT,
|
||||
MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored.
|
||||
This does not concern the implementation provided with Mbed TLS,
|
||||
where this function cannot fail, or full-module replacements with
|
||||
MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092.
|
||||
* Some failures of HMAC operations were ignored. These failures could only
|
||||
happen with an alternative implementation of the underlying hash module.
|
||||
* Fix the error returned by psa_generate_key() for a public key. Fixes #4551.
|
||||
* Fix compile-time or run-time errors in PSA
|
||||
AEAD functions when ChachaPoly is disabled. Fixes #5065.
|
||||
* Remove PSA'a AEAD finish/verify output buffer limitation for GCM.
|
||||
The requirement of minimum 15 bytes for output buffer in
|
||||
psa_aead_finish() and psa_aead_verify() does not apply to the built-in
|
||||
implementation of GCM.
|
||||
* Move GCM's update output buffer length verification from PSA AEAD to
|
||||
the built-in implementation of the GCM.
|
||||
The requirement for output buffer size to be equal or greater then
|
||||
input buffer size is valid only for the built-in implementation of GCM.
|
||||
Alternative GCM implementations can process whole blocks only.
|
||||
* Fix the build of sample programs when neither MBEDTLS_ERROR_C nor
|
||||
MBEDTLS_ERROR_STRERROR_DUMMY is enabled.
|
||||
* Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length.
|
||||
This algorithm now accepts only the same salt length for verification
|
||||
that it produces when signing, as documented. Use the new algorithm
|
||||
PSA_ALG_RSA_PSS_ANY_SALT to accept any salt length. Fixes #4946.
|
||||
* The existing predicate macro name PSA_ALG_IS_HASH_AND_SIGN is now reserved
|
||||
for algorithm values that fully encode the hashing step, as per the PSA
|
||||
Crypto API specification. This excludes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and
|
||||
PSA_ALG_ECDSA_ANY. The new predicate macro PSA_ALG_IS_SIGN_HASH covers
|
||||
all algorithms that can be used with psa_{sign,verify}_hash(), including
|
||||
these two.
|
||||
* Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries
|
||||
not to list other shared libraries they need.
|
||||
* Fix a bug in mbedtls_gcm_starts() when the bit length of the iv
|
||||
exceeds 2^32. Fixes #4884.
|
||||
* Fix an uninitialized variable warning in test_suite_ssl.function with GCC
|
||||
version 11.
|
||||
* Fix the build when no SHA2 module is included. Fixes #4930.
|
||||
* Fix the build when only the bignum module is included. Fixes #4929.
|
||||
* Fix a potential invalid pointer dereference and infinite loop bugs in
|
||||
pkcs12 functions when the password is empty. Fix the documentation to
|
||||
better describe the inputs to these functions and their possible values.
|
||||
Fixes #5136.
|
||||
* The key usage flags PSA_KEY_USAGE_SIGN_MESSAGE now allows the MAC
|
||||
operations psa_mac_compute() and psa_mac_sign_setup().
|
||||
* The key usage flags PSA_KEY_USAGE_VERIFY_MESSAGE now allows the MAC
|
||||
operations psa_mac_verify() and psa_mac_verify_setup().
|
||||
|
||||
Changes
|
||||
* Explicitly mark the fields mbedtls_ssl_session.exported and
|
||||
mbedtls_ssl_config.respect_cli_pref as private. This was an
|
||||
oversight during the run-up to the release of Mbed TLS 3.0.
|
||||
The fields were never intended to be public.
|
||||
* Implement multi-part CCM API.
|
||||
The multi-part functions: mbedtls_ccm_starts(), mbedtls_ccm_set_lengths(),
|
||||
mbedtls_ccm_update_ad(), mbedtls_ccm_update(), mbedtls_ccm_finish()
|
||||
were introduced in mbedTLS 3.0 release, however their implementation was
|
||||
postponed until now.
|
||||
Implemented functions support chunked data input for both CCM and CCM*
|
||||
algorithms.
|
||||
* Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on and increasing the
|
||||
code size by about 80B on an M0 build. This option only gated an ability
|
||||
to set a callback, but was deemed unnecessary as it was yet another define
|
||||
to remember when writing tests, or test configurations. Fixes #4653.
|
||||
* Improve the performance of base64 constant-flow code. The result is still
|
||||
slower than the original non-constant-flow implementation, but much faster
|
||||
than the previous constant-flow implementation. Fixes #4814.
|
||||
* Ignore plaintext/ciphertext lengths for CCM*-no-tag operations.
|
||||
For CCM* encryption/decryption without authentication, input
|
||||
length will be ignored.
|
||||
* Indicate in the error returned if the nonce length used with
|
||||
ChaCha20-Poly1305 is invalid, and not just unsupported.
|
||||
* The mbedcrypto library includes a new source code module constant_time.c,
|
||||
containing various functions meant to resist timing side channel attacks.
|
||||
This module does not have a separate configuration option, and functions
|
||||
from this module will be included in the build as required. Currently
|
||||
most of the interface of this module is private and may change at any
|
||||
time.
|
||||
* The generated configuration-independent files are now automatically
|
||||
generated by the CMake build system on Unix-like systems. This is not
|
||||
yet supported when cross-compiling.
|
||||
|
||||
= Mbed TLS 3.0.0 branch released 2021-07-07
|
||||
|
||||
API changes
|
||||
|
@ -1,3 +0,0 @@
|
||||
Features
|
||||
* Implement the PSA multipart AEAD interface, currently supporting
|
||||
ChaChaPoly and GCM.
|
@ -1,3 +0,0 @@
|
||||
Features
|
||||
* Add the internal implementation of and support for CCM to the PSA multipart
|
||||
AEAD interface.
|
@ -1,3 +0,0 @@
|
||||
Features
|
||||
* Add functions to get the IV and block size from cipher_info structs.
|
||||
* Add functions to check if a cipher supports variable IV or key size.
|
@ -1,4 +0,0 @@
|
||||
Changes
|
||||
* Improve the performance of base64 constant-flow code. The result is still
|
||||
slower than the original non-constant-flow implementation, but much faster
|
||||
than the previous constant-flow implementation. Fixes #4814.
|
@ -1,4 +0,0 @@
|
||||
Bugfix
|
||||
* Fix a bug in mbedtls_gcm_starts() when bits of iv are longer than 2^32.
|
||||
* Fix #4884.
|
||||
|
@ -1,3 +0,0 @@
|
||||
Bugfix
|
||||
* Fix the build when no SHA2 module is included. Fixes #4930.
|
||||
* Fix the build when only the bignum module is included. Fixes #4929.
|
@ -1,10 +0,0 @@
|
||||
Changes
|
||||
* Ignore plaintext/ciphertext lengths for CCM*-no-tag operations.
|
||||
For CCM* encryption/decryption without authentication, input
|
||||
length will be ignored.
|
||||
|
||||
Features
|
||||
* Add support for CCM*-no-tag cipher to the PSA.
|
||||
Currently only 13-byte long IV's are supported.
|
||||
For decryption a minimum of 16-byte long input is expected.
|
||||
These restrictions may be subject to change.
|
@ -1,3 +0,0 @@
|
||||
Changes
|
||||
* Indicate in the error returned if the nonce length used with
|
||||
ChaCha20-Poly1305 is invalid, and not just unsupported.
|
@ -1,19 +0,0 @@
|
||||
Bugfix
|
||||
* Failures of alternative implementations of AES or DES single-block
|
||||
functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT,
|
||||
MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored.
|
||||
This does not concern the implementation provided with Mbed TLS,
|
||||
where this function cannot fail, or full-module replacements with
|
||||
MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092.
|
||||
* Some failures of HMAC operations were ignored. These failures could only
|
||||
happen with an alternative implementation of the underlying hash module.
|
||||
|
||||
Features
|
||||
* Warn if errors from certain functions are ignored. This is currently
|
||||
supported on GCC-like compilers and on MSVC and can be configured through
|
||||
the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled
|
||||
(where supported) for critical functions where ignoring the return
|
||||
value is almost always a bug. Enable the new configuration option
|
||||
MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This
|
||||
is currently implemented in the AES, DES and md modules, and will be
|
||||
extended to other modules in the future.
|
@ -1,8 +0,0 @@
|
||||
Changes
|
||||
* Implement multi-part CCM API.
|
||||
The multi-part functions: mbedtls_ccm_starts(), mbedtls_ccm_set_lengths(),
|
||||
mbedtls_ccm_update_ad(), mbedtls_ccm_update(), mbedtls_ccm_finish()
|
||||
were introduced in mbedTLS 3.0 release, however their implementation was
|
||||
postponed until now.
|
||||
Implemented functions support chunked data input for both CCM and CCM*
|
||||
algorithms.
|
@ -1,10 +0,0 @@
|
||||
Changes
|
||||
* The mbedcrypto library includes a new source code module constant_time.c,
|
||||
containing various functions meant to resist timing side channel attacks.
|
||||
This module does not have a separate configuration option, and functions
|
||||
from this module will be included in the build as required. Currently
|
||||
most of the interface of this module is private and may change at any
|
||||
time.
|
||||
|
||||
Features
|
||||
* Add new API mbedtls_ct_memcmp for constant time buffer comparison.
|
@ -1,5 +0,0 @@
|
||||
Bugfix
|
||||
* Don't use the obsolete header path sys/fcntl.h in unit tests.
|
||||
These header files cause compilation errors in musl.
|
||||
Fixes #4969.
|
||||
|
@ -1,4 +0,0 @@
|
||||
Bugfix
|
||||
* Prevent divide by zero if either of PSA_CIPHER_ENCRYPT_OUTPUT_SIZE() or
|
||||
PSA_CIPHER_UPDATE_OUTPUT_SIZE() were called using an asymmetric key type.
|
||||
|
@ -1,2 +0,0 @@
|
||||
Bugfix
|
||||
* Fix mbedtls_cipher_crypt: AES-ECB when MBEDTLS_USE_PSA_CRYPTO is enabled.
|
@ -1,3 +0,0 @@
|
||||
Bugfix
|
||||
* Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries
|
||||
not to list other shared libraries they need.
|
@ -1,5 +0,0 @@
|
||||
Bugfix
|
||||
* Fix a potential invalid pointer dereference and infinite loop bugs in
|
||||
pkcs12 functions when the password is empty. Fix the documentation to
|
||||
better describe the inputs to these functions and their possible values.
|
||||
Fixes #5136.
|
@ -1,2 +0,0 @@
|
||||
Bugfix
|
||||
* Fix the error returned by psa_generate_key() for a public key. Fixes #4551.
|
@ -1,3 +0,0 @@
|
||||
Bugfix
|
||||
* Fix an uninitialized variable warning in test_suite_ssl.function with GCC
|
||||
version 11.
|
@ -1,2 +0,0 @@
|
||||
Bugfix
|
||||
* Stop using reserved identifiers as local variables. Fixes #4630.
|
@ -1,3 +0,0 @@
|
||||
Bugfix
|
||||
* Fix compile-time or run-time errors in PSA
|
||||
AEAD functions when ChachaPoly is disabled. Fixes #5065.
|
@ -1,6 +0,0 @@
|
||||
Security
|
||||
* Zeroize several intermediate variables used to calculate the expected
|
||||
value when verifying a MAC or AEAD tag. This hardens the library in
|
||||
case the value leaks through a memory disclosure vulnerability. For
|
||||
example, a memory disclosure vulnerability could have allowed a
|
||||
man-in-the-middle to inject fake ciphertext into a DTLS connection.
|
@ -1,4 +0,0 @@
|
||||
Bugfix
|
||||
* The GNU makefiles invoke python3 in preference to python except on Windows.
|
||||
The check was accidentally not performed when cross-compiling for Windows
|
||||
on Linux. Fix this. Fixes #4774.
|
@ -1,5 +0,0 @@
|
||||
Bugfix
|
||||
* Fix missing constraints on x86_64 and aarch64 assembly code
|
||||
for bignum multiplication that broke some bignum operations with
|
||||
(at least) Clang 12.
|
||||
Fixes #4116, #4786, #4917, #4962.
|
@ -1,3 +0,0 @@
|
||||
Bugfix
|
||||
* Fix the build of sample programs when neither MBEDTLS_ERROR_C nor
|
||||
MBEDTLS_ERROR_STRERROR_DUMMY is enabled.
|
@ -1,5 +0,0 @@
|
||||
Bugfix
|
||||
* Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length.
|
||||
This algorithm now accepts only the same salt length for verification
|
||||
that it produces when signing, as documented. Use the new algorithm
|
||||
PSA_ALG_RSA_PSS_ANY_SALT to accept any salt length. Fixes #4946.
|
@ -1,2 +0,0 @@
|
||||
Bugfix
|
||||
* Fix a parameter set but unused in psa_crypto_cipher.c. Fixes #4935.
|
@ -1,11 +0,0 @@
|
||||
Features
|
||||
* Add missing PSA macros declared by PSA Crypto API 1.0.0:
|
||||
PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL.
|
||||
|
||||
Bugfix
|
||||
* The existing predicate macro name PSA_ALG_IS_HASH_AND_SIGN is now reserved
|
||||
for algorithm values that fully encode the hashing step, as per the PSA
|
||||
Crypto API specification. This excludes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and
|
||||
PSA_ALG_ECDSA_ANY. The new predicate macro PSA_ALG_IS_SIGN_HASH covers
|
||||
all algorithms that can be used with psa_{sign,verify}_hash(), including
|
||||
these two.
|
@ -1,3 +0,0 @@
|
||||
Features
|
||||
* Enable support for Curve448 via the PSA API. Contributed by
|
||||
Archana Madhavan in #4626. Fixes #3399 and #4249.
|
@ -1,16 +0,0 @@
|
||||
Bugfix
|
||||
* Remove PSA'a AEAD finish/verify output buffer limitation for GCM.
|
||||
The requirement of minimum 15 bytes for output buffer in
|
||||
psa_aead_finish() and psa_aead_verify() does not apply to the built-in
|
||||
implementation of GCM.
|
||||
* Move GCM's update output buffer length verification from PSA AEAD to
|
||||
the built-in implementation of the GCM.
|
||||
The requirement for output buffer size to be equal or greater then
|
||||
input buffer size is valid only for the built-in implementation of GCM.
|
||||
Alternative GCM implementations can process whole blocks only.
|
||||
|
||||
API changes
|
||||
* New error code for GCM: MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL.
|
||||
Alternative GCM implementations are expected to verify
|
||||
the length of the provided output buffers and to return the
|
||||
MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the buffer length is too small.
|
@ -1,3 +0,0 @@
|
||||
Removals
|
||||
* Remove the partial support for running unit tests via Greentea on Mbed OS,
|
||||
which had been unmaintained since 2018.
|
@ -1,5 +0,0 @@
|
||||
Changes
|
||||
* Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on and increasing the
|
||||
code size by about 80B on an M0 build. This option only gated an ability
|
||||
to set a callback, but was deemed unnecessary as it was yet another define
|
||||
to remember when writing tests, or test configurations. Fixes #4653.
|
@ -1,5 +0,0 @@
|
||||
Changes
|
||||
* Explicitly mark the fields mbedtls_ssl_session.exported and
|
||||
mbedtls_ssl_config.respect_cli_pref as private. This was an
|
||||
oversight during the run-up to the release of Mbed TLS 3.0.
|
||||
The fields were never intended to be public.
|
@ -1,7 +0,0 @@
|
||||
Features
|
||||
* Mbed TLS provides a minimum viable implementation of the TLS 1.3
|
||||
protocol. See docs/architecture/tls13-support.md for the definition of
|
||||
the TLS 1.3 Minimum Viable Product (MVP). The MBEDTLS_SSL_PROTO_TLS1_3
|
||||
configuration option controls the enablement of the support. The APIs
|
||||
mbedtls_ssl_conf_min_version() and mbedtls_ssl_conf_max_version() allow
|
||||
to select the 1.3 version of the protocol to establish a TLS connection.
|
@ -1,3 +0,0 @@
|
||||
Features
|
||||
* The identifier of the CID TLS extension can be configured by defining
|
||||
MBEDTLS_TLS_EXT_CID at compile time.
|
@ -1,3 +0,0 @@
|
||||
Requirement changes
|
||||
* Sign-magnitude and one's complement representations for signed integers are
|
||||
not supported. Two's complement is the only supported representation.
|
@ -22,7 +22,7 @@
|
||||
*/
|
||||
|
||||
/**
|
||||
* @mainpage mbed TLS v3.0.0 source code documentation
|
||||
* @mainpage mbed TLS v3.1.0 source code documentation
|
||||
*
|
||||
* This documentation describes the internal structure of mbed TLS. It was
|
||||
* automatically generated from specially formatted comment blocks in
|
||||
|
@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
|
||||
# identify the project. Note that if you do not use Doxywizard you need
|
||||
# to put quotes around the project name if it contains spaces.
|
||||
|
||||
PROJECT_NAME = "mbed TLS v3.0.0"
|
||||
PROJECT_NAME = "mbed TLS v3.1.0"
|
||||
|
||||
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
|
||||
# This could be handy for archiving the generated documentation or
|
||||
|
@ -37,7 +37,7 @@
|
||||
* Major, Minor, Patchlevel
|
||||
*/
|
||||
#define MBEDTLS_VERSION_MAJOR 3
|
||||
#define MBEDTLS_VERSION_MINOR 0
|
||||
#define MBEDTLS_VERSION_MINOR 1
|
||||
#define MBEDTLS_VERSION_PATCH 0
|
||||
|
||||
/**
|
||||
@ -45,9 +45,9 @@
|
||||
* MMNNPP00
|
||||
* Major version | Minor version | Patch version
|
||||
*/
|
||||
#define MBEDTLS_VERSION_NUMBER 0x03000000
|
||||
#define MBEDTLS_VERSION_STRING "3.0.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.0.0"
|
||||
#define MBEDTLS_VERSION_NUMBER 0x03010000
|
||||
#define MBEDTLS_VERSION_STRING "3.1.0"
|
||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.1.0"
|
||||
|
||||
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
|
||||
#define _CRT_SECURE_NO_DEPRECATE 1
|
||||
|
@ -245,7 +245,7 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
|
||||
|
||||
if(USE_SHARED_MBEDTLS_LIBRARY)
|
||||
add_library(${mbedcrypto_target} SHARED ${src_crypto})
|
||||
set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.0.0 SOVERSION 10)
|
||||
set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.1.0 SOVERSION 11)
|
||||
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
|
||||
|
||||
if(TARGET everest)
|
||||
@ -253,11 +253,11 @@ if(USE_SHARED_MBEDTLS_LIBRARY)
|
||||
endif()
|
||||
|
||||
add_library(${mbedx509_target} SHARED ${src_x509})
|
||||
set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.0.0 SOVERSION 4)
|
||||
set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.1.0 SOVERSION 4)
|
||||
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
|
||||
|
||||
add_library(${mbedtls_target} SHARED ${src_tls})
|
||||
set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.0.0 SOVERSION 16)
|
||||
set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.1.0 SOVERSION 17)
|
||||
target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
|
||||
endif(USE_SHARED_MBEDTLS_LIBRARY)
|
||||
|
||||
|
@ -47,9 +47,9 @@ LOCAL_CFLAGS += -fPIC -fpic
|
||||
endif
|
||||
endif
|
||||
|
||||
SOEXT_TLS=so.16
|
||||
SOEXT_TLS=so.17
|
||||
SOEXT_X509=so.4
|
||||
SOEXT_CRYPTO=so.10
|
||||
SOEXT_CRYPTO=so.11
|
||||
|
||||
# Set AR_DASH= (empty string) to use an ar implementation that does not accept
|
||||
# the - prefix for command line options (e.g. llvm-ar)
|
||||
|
@ -3362,8 +3362,8 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
|
||||
size_t *iv_length )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
*iv_length = 0;
|
||||
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
|
||||
size_t default_iv_length;
|
||||
|
||||
if( operation->id == 0 )
|
||||
{
|
||||
@ -3377,28 +3377,38 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( iv_size < operation->default_iv_length )
|
||||
default_iv_length = operation->default_iv_length;
|
||||
if( iv_size < default_iv_length )
|
||||
{
|
||||
status = PSA_ERROR_BUFFER_TOO_SMALL;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_generate_random( iv, operation->default_iv_length );
|
||||
if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE )
|
||||
{
|
||||
status = PSA_ERROR_GENERIC_ERROR;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_generate_random( local_iv, default_iv_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
status = psa_driver_wrapper_cipher_set_iv( operation,
|
||||
iv,
|
||||
operation->default_iv_length );
|
||||
local_iv, default_iv_length );
|
||||
|
||||
exit:
|
||||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
memcpy( iv, local_iv, default_iv_length );
|
||||
*iv_length = default_iv_length;
|
||||
operation->iv_set = 1;
|
||||
*iv_length = operation->default_iv_length;
|
||||
}
|
||||
else
|
||||
{
|
||||
*iv_length = 0;
|
||||
psa_cipher_abort( operation );
|
||||
}
|
||||
|
||||
return( status );
|
||||
}
|
||||
@ -3539,50 +3549,67 @@ psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key,
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_slot_t *slot;
|
||||
psa_key_type_t key_type;
|
||||
size_t iv_length;
|
||||
|
||||
*output_length = 0;
|
||||
psa_key_slot_t *slot = NULL;
|
||||
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
|
||||
size_t default_iv_length = 0;
|
||||
|
||||
if( ! PSA_ALG_IS_CIPHER( alg ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
{
|
||||
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_get_and_lock_key_slot_with_policy( key, &slot,
|
||||
PSA_KEY_USAGE_ENCRYPT,
|
||||
alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
goto exit;
|
||||
|
||||
psa_key_attributes_t attributes = {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
key_type = slot->attr.type;
|
||||
iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
|
||||
|
||||
if( iv_length > 0 )
|
||||
default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg );
|
||||
if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE )
|
||||
{
|
||||
if( output_size < iv_length )
|
||||
status = PSA_ERROR_GENERIC_ERROR;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( default_iv_length > 0 )
|
||||
{
|
||||
if( output_size < default_iv_length )
|
||||
{
|
||||
status = PSA_ERROR_BUFFER_TOO_SMALL;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_generate_random( output, iv_length );
|
||||
status = psa_generate_random( local_iv, default_iv_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_driver_wrapper_cipher_encrypt(
|
||||
&attributes, slot->key.data, slot->key.bytes,
|
||||
alg, input, input_length,
|
||||
output, output_size, output_length );
|
||||
alg, local_iv, default_iv_length, input, input_length,
|
||||
output + default_iv_length, output_size - default_iv_length,
|
||||
output_length );
|
||||
|
||||
exit:
|
||||
unlock_status = psa_unlock_key_slot( slot );
|
||||
if( status == PSA_SUCCESS )
|
||||
status = unlock_status;
|
||||
|
||||
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
|
||||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
if( default_iv_length > 0 )
|
||||
memcpy( output, local_iv, default_iv_length );
|
||||
*output_length += default_iv_length;
|
||||
}
|
||||
else
|
||||
*output_length = 0;
|
||||
|
||||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
|
||||
@ -3595,18 +3622,19 @@ psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_slot_t *slot;
|
||||
|
||||
*output_length = 0;
|
||||
psa_key_slot_t *slot = NULL;
|
||||
|
||||
if( ! PSA_ALG_IS_CIPHER( alg ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
{
|
||||
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_get_and_lock_key_slot_with_policy( key, &slot,
|
||||
PSA_KEY_USAGE_DECRYPT,
|
||||
alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
goto exit;
|
||||
|
||||
psa_key_attributes_t attributes = {
|
||||
.core = slot->attr
|
||||
@ -3630,8 +3658,13 @@ psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
|
||||
|
||||
exit:
|
||||
unlock_status = psa_unlock_key_slot( slot );
|
||||
if( status == PSA_SUCCESS )
|
||||
status = unlock_status;
|
||||
|
||||
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
|
||||
if( status != PSA_SUCCESS )
|
||||
*output_length = 0;
|
||||
|
||||
return( status );
|
||||
}
|
||||
|
||||
|
||||
@ -3885,6 +3918,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
|
||||
size_t *nonce_length )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
uint8_t local_nonce[PSA_AEAD_NONCE_MAX_SIZE];
|
||||
size_t required_nonce_size;
|
||||
|
||||
*nonce_length = 0;
|
||||
@ -3918,15 +3952,18 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_generate_random( nonce, required_nonce_size );
|
||||
status = psa_generate_random( local_nonce, required_nonce_size );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
status = psa_aead_set_nonce( operation, nonce, required_nonce_size );
|
||||
status = psa_aead_set_nonce( operation, local_nonce, required_nonce_size );
|
||||
|
||||
exit:
|
||||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
memcpy( nonce, local_nonce, required_nonce_size );
|
||||
*nonce_length = required_nonce_size;
|
||||
}
|
||||
else
|
||||
psa_aead_abort( operation );
|
||||
|
||||
|
@ -449,6 +449,8 @@ psa_status_t mbedtls_psa_cipher_encrypt(
|
||||
const uint8_t *key_buffer,
|
||||
size_t key_buffer_size,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *iv,
|
||||
size_t iv_length,
|
||||
const uint8_t *input,
|
||||
size_t input_length,
|
||||
uint8_t *output,
|
||||
@ -457,7 +459,7 @@ psa_status_t mbedtls_psa_cipher_encrypt(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
|
||||
size_t olength, accumulated_length;
|
||||
size_t update_output_length, finish_output_length;
|
||||
|
||||
status = mbedtls_psa_cipher_encrypt_setup( &operation, attributes,
|
||||
key_buffer, key_buffer_size,
|
||||
@ -465,33 +467,27 @@ psa_status_t mbedtls_psa_cipher_encrypt(
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
accumulated_length = 0;
|
||||
if( operation.iv_length > 0 )
|
||||
if( iv_length > 0 )
|
||||
{
|
||||
status = mbedtls_psa_cipher_set_iv( &operation,
|
||||
output, operation.iv_length );
|
||||
status = mbedtls_psa_cipher_set_iv( &operation, iv, iv_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
accumulated_length = operation.iv_length;
|
||||
}
|
||||
|
||||
status = mbedtls_psa_cipher_update( &operation, input, input_length,
|
||||
output + operation.iv_length,
|
||||
output_size - operation.iv_length,
|
||||
&olength );
|
||||
output, output_size,
|
||||
&update_output_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
accumulated_length += olength;
|
||||
|
||||
status = mbedtls_psa_cipher_finish( &operation, output + accumulated_length,
|
||||
output_size - accumulated_length,
|
||||
&olength );
|
||||
status = mbedtls_psa_cipher_finish( &operation,
|
||||
output + update_output_length,
|
||||
output_size - update_output_length,
|
||||
&finish_output_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
*output_length = accumulated_length + olength;
|
||||
*output_length = update_output_length + finish_output_length;
|
||||
|
||||
exit:
|
||||
if( status == PSA_SUCCESS )
|
||||
|
@ -213,16 +213,12 @@ psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation
|
||||
* \param[in] alg The cipher algorithm to compute
|
||||
* (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_CIPHER(\p alg) is true).
|
||||
* \param[in] input Buffer containing the message to encrypt.
|
||||
* \param[in] input_length Size of the \p input buffer in bytes.
|
||||
* \param[in] iv Buffer containing the IV for encryption. The
|
||||
* IV has been generated by the core.
|
||||
* \param[in] iv_length Size of the \p iv in bytes.
|
||||
* \param[in] input Buffer containing the message to encrypt.
|
||||
* \param[in] input_length Size of the \p input buffer in bytes.
|
||||
* \param[in,out] output Buffer where the output is to be written.
|
||||
* The core has generated and written the IV
|
||||
* at the beginning of this buffer before
|
||||
* this function is called. The size of the IV
|
||||
* is PSA_CIPHER_IV_LENGTH( key_type, alg ) where
|
||||
* \c key_type is the type of the key identified
|
||||
* by \p key and \p alg is the cipher algorithm
|
||||
* to compute.
|
||||
* \param[in] output_size Size of the \p output buffer in bytes.
|
||||
* \param[out] output_length On success, the number of bytes that make up
|
||||
* the returned output. Initialized to zero
|
||||
@ -235,7 +231,7 @@ psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation
|
||||
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||
* The size of the \p output buffer is too small.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* The size of \p iv is not acceptable for the chosen algorithm,
|
||||
* The size \p iv_length is not acceptable for the chosen algorithm,
|
||||
* or the chosen algorithm does not use an IV.
|
||||
* The total input size passed to this operation is not valid for
|
||||
* this particular algorithm. For example, the algorithm is a based
|
||||
@ -249,6 +245,8 @@ psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer,
|
||||
size_t key_buffer_size,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *iv,
|
||||
size_t iv_length,
|
||||
const uint8_t *input,
|
||||
size_t input_length,
|
||||
uint8_t *output,
|
||||
|
@ -873,6 +873,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
|
||||
const uint8_t *key_buffer,
|
||||
size_t key_buffer_size,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *iv,
|
||||
size_t iv_length,
|
||||
const uint8_t *input,
|
||||
size_t input_length,
|
||||
uint8_t *output,
|
||||
@ -894,6 +896,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
alg,
|
||||
iv,
|
||||
iv_length,
|
||||
input,
|
||||
input_length,
|
||||
output,
|
||||
@ -910,6 +914,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
alg,
|
||||
iv,
|
||||
iv_length,
|
||||
input,
|
||||
input_length,
|
||||
output,
|
||||
@ -927,6 +933,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
alg,
|
||||
iv,
|
||||
iv_length,
|
||||
input,
|
||||
input_length,
|
||||
output,
|
||||
@ -941,6 +949,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
|
||||
(void)key_buffer;
|
||||
(void)key_buffer_size;
|
||||
(void)alg;
|
||||
(void)iv;
|
||||
(void)iv_length;
|
||||
(void)input;
|
||||
(void)input_length;
|
||||
(void)output;
|
||||
|
@ -119,6 +119,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
|
||||
const uint8_t *key_buffer,
|
||||
size_t key_buffer_size,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *iv,
|
||||
size_t iv_length,
|
||||
const uint8_t *input,
|
||||
size_t input_length,
|
||||
uint8_t *output,
|
||||
|
@ -53,6 +53,7 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key, size_t key_length,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *iv, size_t iv_length,
|
||||
const uint8_t *input, size_t input_length,
|
||||
uint8_t *output, size_t output_size, size_t *output_length);
|
||||
|
||||
@ -98,6 +99,7 @@ psa_status_t mbedtls_test_opaque_cipher_encrypt(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key, size_t key_length,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *iv, size_t iv_length,
|
||||
const uint8_t *input, size_t input_length,
|
||||
uint8_t *output, size_t output_size, size_t *output_length);
|
||||
|
||||
|
@ -44,6 +44,8 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt(
|
||||
const uint8_t *key_buffer,
|
||||
size_t key_buffer_size,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *iv,
|
||||
size_t iv_length,
|
||||
const uint8_t *input,
|
||||
size_t input_length,
|
||||
uint8_t *output,
|
||||
@ -68,19 +70,17 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt(
|
||||
if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
|
||||
return( mbedtls_test_driver_cipher_hooks.forced_status );
|
||||
|
||||
psa_generate_random( output, PSA_CIPHER_IV_LENGTH( attributes->core.type, alg ) );
|
||||
|
||||
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
|
||||
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
|
||||
return( libtestdriver1_mbedtls_psa_cipher_encrypt(
|
||||
(const libtestdriver1_psa_key_attributes_t *)attributes,
|
||||
key_buffer, key_buffer_size,
|
||||
alg, input, input_length,
|
||||
alg, iv, iv_length, input, input_length,
|
||||
output, output_size, output_length ) );
|
||||
#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
|
||||
return( mbedtls_psa_cipher_encrypt(
|
||||
attributes, key_buffer, key_buffer_size,
|
||||
alg, input, input_length,
|
||||
alg, iv, iv_length, input, input_length,
|
||||
output, output_size, output_length ) );
|
||||
#endif
|
||||
|
||||
@ -314,6 +314,7 @@ psa_status_t mbedtls_test_opaque_cipher_encrypt(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key, size_t key_length,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *iv, size_t iv_length,
|
||||
const uint8_t *input, size_t input_length,
|
||||
uint8_t *output, size_t output_size, size_t *output_length)
|
||||
{
|
||||
@ -321,6 +322,8 @@ psa_status_t mbedtls_test_opaque_cipher_encrypt(
|
||||
(void) key;
|
||||
(void) key_length;
|
||||
(void) alg;
|
||||
(void) iv;
|
||||
(void) iv_length;
|
||||
(void) input;
|
||||
(void) input_length;
|
||||
(void) output;
|
||||
|
@ -2907,6 +2907,9 @@ void cipher_encrypt_alg_without_iv( int alg_arg,
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_type_t key_type = key_type_arg;
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
|
||||
uint8_t iv[1] = { 0x5a };
|
||||
size_t iv_length;
|
||||
unsigned char *output = NULL;
|
||||
size_t output_buffer_size = 0;
|
||||
size_t output_length = 0;
|
||||
@ -2924,6 +2927,14 @@ void cipher_encrypt_alg_without_iv( int alg_arg,
|
||||
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
|
||||
&key ) );
|
||||
|
||||
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
|
||||
TEST_EQUAL( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ),
|
||||
PSA_ERROR_BAD_STATE );
|
||||
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
|
||||
TEST_EQUAL( psa_cipher_generate_iv( &operation, iv, sizeof( iv ),
|
||||
&iv_length ),
|
||||
PSA_ERROR_BAD_STATE );
|
||||
|
||||
PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output,
|
||||
output_buffer_size, &output_length ) );
|
||||
TEST_ASSERT( output_length <=
|
||||
|
@ -872,6 +872,39 @@ void cipher_entry_points( int alg_arg, int key_type_arg,
|
||||
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
|
||||
&key ) );
|
||||
|
||||
/*
|
||||
* Test encrypt failure
|
||||
* First test that if we don't force a driver error, encryption is
|
||||
* successfull, then force driver error.
|
||||
*/
|
||||
status = psa_cipher_encrypt(
|
||||
key, alg, input->x, input->len,
|
||||
output, output_buffer_size, &function_output_length );
|
||||
TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
|
||||
TEST_EQUAL( status, PSA_SUCCESS );
|
||||
mbedtls_test_driver_cipher_hooks.hits = 0;
|
||||
|
||||
mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
|
||||
/* Set the output buffer in a given state. */
|
||||
for( size_t i = 0; i < output_buffer_size; i++ )
|
||||
output[i] = 0xa5;
|
||||
|
||||
status = psa_cipher_encrypt(
|
||||
key, alg, input->x, input->len,
|
||||
output, output_buffer_size, &function_output_length );
|
||||
TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
|
||||
TEST_EQUAL( status, PSA_ERROR_GENERIC_ERROR );
|
||||
/*
|
||||
* Check that the output buffer is still in the same state.
|
||||
* This will fail if the output buffer is used by the core to pass the IV
|
||||
* it generated to the driver (and is not restored).
|
||||
*/
|
||||
for( size_t i = 0; i < output_buffer_size; i++ )
|
||||
{
|
||||
TEST_EQUAL( output[i], 0xa5 );
|
||||
}
|
||||
mbedtls_test_driver_cipher_hooks.hits = 0;
|
||||
|
||||
/* Test setup call, encrypt */
|
||||
mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
|
||||
status = psa_cipher_encrypt_setup( &operation, key, alg );
|
||||
@ -923,10 +956,23 @@ void cipher_entry_points( int alg_arg, int key_type_arg,
|
||||
mbedtls_test_driver_cipher_hooks.hits = 0;
|
||||
|
||||
mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
|
||||
/* Set the output buffer in a given state. */
|
||||
for( size_t i = 0; i < 16; i++ )
|
||||
output[i] = 0xa5;
|
||||
|
||||
status = psa_cipher_generate_iv( &operation, output, 16, &function_output_length );
|
||||
/* When generating the IV fails, it should call abort too */
|
||||
TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
|
||||
TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
|
||||
/*
|
||||
* Check that the output buffer is still in the same state.
|
||||
* This will fail if the output buffer is used by the core to pass the IV
|
||||
* it generated to the driver (and is not restored).
|
||||
*/
|
||||
for( size_t i = 0; i < 16; i++ )
|
||||
{
|
||||
TEST_EQUAL( output[i], 0xa5 );
|
||||
}
|
||||
/* Failure should prevent further operations from executing on the driver */
|
||||
mbedtls_test_driver_cipher_hooks.hits = 0;
|
||||
status = psa_cipher_update( &operation,
|
||||
|
@ -1,8 +1,8 @@
|
||||
Check compiletime library version
|
||||
check_compiletime_version:"3.0.0"
|
||||
check_compiletime_version:"3.1.0"
|
||||
|
||||
Check runtime library version
|
||||
check_runtime_version:"3.0.0"
|
||||
check_runtime_version:"3.1.0"
|
||||
|
||||
Check for MBEDTLS_VERSION_C
|
||||
check_feature:"MBEDTLS_VERSION_C":0
|
||||
|
Loading…
x
Reference in New Issue
Block a user