mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 17:43:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1254 from waleed-elmelegy-arm/merge-devel-to-resricted

Browse Source 
Merge Public development into restricted
This commit is contained in:
Manuel Pégourié-Gonnard 2024-07-23 09:59:47 +02:00 committed by GitHub
commit e5bcb6c9ed
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
349 changed files with 32722 additions and 15171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/pull_request_template.md vendored
View File

@ -9,7 +9,8 @@ Please write a few sentences describing the overall goals of the pull request's
Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")
- [ ] **changelog** provided, or not required
- [ ] **backport** done, or not required
- [ ] **3.6 backport** done, or not required
- [ ] **2.28 backport** done, or not required
- [ ] **tests** provided, or not required

6
.gitignore vendored
View File

@ -2,6 +2,9 @@
seedfile
# MBEDTLS_PSA_INJECT_ENTROPY seed file created by the test framework
00000000ffffff52.psa_its
# Log files created by all.sh to reduce the logs in case a component runs
# successfully
quiet-make.*
# CMake build artifacts:
CMakeCache.txt
@ -67,3 +70,6 @@ massif-*
compile_commands.json
# clangd index files
/.cache/clangd/index/
# VScode folder to store local debug files and configurations
.vscode

2
3rdparty/everest/CMakeLists.txt vendored
View File

@ -8,6 +8,8 @@ add_library(${everest_target}
target_include_directories(${everest_target}
PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/include>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/include>
$<INSTALL_INTERFACE:include>
PRIVATE include/everest
include/everest/kremlib

1
3rdparty/p256-m/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
Makefile

2
3rdparty/p256-m/CMakeLists.txt vendored
View File

@ -8,6 +8,8 @@ target_include_directories(${p256m_target}
PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/p256-m>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/include>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/include>
$<INSTALL_INTERFACE:include>
PRIVATE ${MBEDTLS_DIR}/library/)

53
CMakeLists.txt
View File

@ -73,10 +73,16 @@ endif()
option(DISABLE_PACKAGE_CONFIG_AND_INSTALL "Disable package configuration, target export and installation" ${MBEDTLS_AS_SUBPROJECT})
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}")
string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${CMAKE_C_COMPILER_ID}")
string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${CMAKE_C_COMPILER_ID}")
if (CMAKE_C_SIMULATE_ID)
set(COMPILER_ID ${CMAKE_C_SIMULATE_ID})
else()
set(COMPILER_ID ${CMAKE_C_COMPILER_ID})
endif(CMAKE_C_SIMULATE_ID)
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${COMPILER_ID}")
string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${COMPILER_ID}")
string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${COMPILER_ID}")
string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${COMPILER_ID}")
# the test suites currently have compile errors with MSVC
if(CMAKE_COMPILER_IS_MSVC)
@ -184,8 +190,6 @@ function(get_name_without_last_ext dest_var full_name)
set(${dest_var} ${no_ext_name} PARENT_SCOPE)
endfunction(get_name_without_last_ext)
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
include(CheckCCompilerFlag)
set(CMAKE_C_EXTENSIONS OFF)
@ -294,6 +298,8 @@ add_subdirectory(3rdparty)
add_subdirectory(library)
add_subdirectory(tf-psa-crypto)
add_subdirectory(pkgconfig)
#
@ -315,9 +321,42 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS)
${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c
${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c)
add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES})
if(GEN_FILES)
add_custom_command(
OUTPUT
${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/tests
COMMAND
"${MBEDTLS_PYTHON_EXECUTABLE}"
"${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_keys.py"
"--output"
"${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h"
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_keys.py
)
add_custom_target(test_keys_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h)
add_custom_command(
OUTPUT
${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/tests
COMMAND
"${MBEDTLS_PYTHON_EXECUTABLE}"
"${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_cert_macros.py"
"--output"
"${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h"
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_cert_macros.py
)
add_custom_target(test_certs_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h)
add_dependencies(mbedtls_test test_keys_header test_certs_header)
endif()
target_include_directories(mbedtls_test
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library)
# Request C11, needed for memory poisoning tests
set_target_properties(mbedtls_test PROPERTIES C_STANDARD 11)
@ -328,6 +367,8 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS)
target_include_directories(mbedtls_test_helpers
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/everest/include)

1
ChangeLog
View File

@ -144,6 +144,7 @@ Security
* Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3
ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A
malicious client could cause information disclosure or a denial of service.
Fixes CVE-2024-30166.
* Passing buffers that are stored in untrusted memory as arguments
to PSA functions is now secure by default.
The PSA core now protects against modification of inputs or exposure

5
ChangeLog.d/9126.txt Normal file
View File

@ -0,0 +1,5 @@
Default behavior changes
* In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT &&
!MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the
corresponding PSA mechanism is enabled, since the server provides the
crypto. Fixes #9126.

3
ChangeLog.d/asn1-missing-guard-in-rsa.txt Normal file
View File

@ -0,0 +1,3 @@
Bugfix
* MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled
as soon as MBEDTLS_RSA_C is enabled. Fixes #9041.

9
ChangeLog.d/check-config.txt Normal file
View File

@ -0,0 +1,9 @@
Changes
* Warn if mbedtls/check_config.h is included manually, as this can
lead to spurious errors. Error if a *adjust*.h header is included
manually, as this can lead to silently inconsistent configurations,
potentially resulting in buffer overflows.
When migrating from Mbed TLS 2.x, if you had a custom config.h that
included check_config.h, remove this inclusion from the Mbed TLS 3.x
configuration file (renamed to mbedtls_config.h). This change was made
in Mbed TLS 3.0, but was not announced in a changelog entry at the time.

2
ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt Normal file
View File

@ -0,0 +1,2 @@
Bugfix
* Fix compilation error when memcpy() is a function-like macros. Fixes #8994.

4
ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt Normal file
View File

@ -0,0 +1,4 @@
Bugfix
* Fix rare concurrent access bug where attempting to operate on a
non-existent key while concurrently creating a new key could potentially
corrupt the key store.

4
ChangeLog.d/fix-psa-cmac.txt Normal file
View File

@ -0,0 +1,4 @@
Bugfix
* Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in
CMAC is enabled, but no built-in unauthenticated cipher is enabled.
Fixes #9209.

5
ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt Normal file
View File

@ -0,0 +1,5 @@
Bugfix
* Fix issue of redefinition warning messages for _GNU_SOURCE in
entropy_poll.c and sha_256.c. There was a build warning during
building for linux platform.
Resolves #9026

5
ChangeLog.d/fix-secure-element-key-creation.txt Normal file
View File

@ -0,0 +1,5 @@
Bugfix
* Fix error handling when creating a key in a dynamic secure element
(feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition,
the creation could return PSA_SUCCESS but using or destroying the key
would not work. Fixes #8537.

3
ChangeLog.d/fix-test-suite-pk-warnings.txt Normal file
View File

@ -0,0 +1,3 @@
Bugfix
* Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled.
Fixes #9029.

3
ChangeLog.d/fix_ubsan_mp_aead_gcm.txt Normal file
View File

@ -0,0 +1,3 @@
Bugfix
* Fix undefined behaviour (incrementing a NULL pointer by zero length) when
passing in zero length additional data to multipart AEAD.

2
ChangeLog.d/pk-norsa-warning.txt Normal file
View File

@ -0,0 +1,2 @@
Bugfix
* Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled.

3
ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt Normal file
View File

@ -0,0 +1,3 @@
Bugfix
* Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes
long. Credit to Cryptofuzz. Fixes #9314.

3
ChangeLog.d/remove-via-padlock-support.txt Normal file
View File

@ -0,0 +1,3 @@
Removals
* Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C.
Fixes #5903.

3
ChangeLog.d/tls13-without-tickets.txt Normal file
View File

@ -0,0 +1,3 @@
Bugfix
* Fix TLS 1.3 client build and runtime when support for session tickets is
disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395.

19
Makefile
View File

@ -31,7 +31,10 @@ programs: lib mbedtls_test
lib:
$(MAKE) -C library
tests: lib mbedtls_test
ifndef PSASIM
tests: lib
endif
tests: mbedtls_test
$(MAKE) -C tests
mbedtls_test:
@ -95,8 +98,9 @@ ifndef WINDOWS
install: no_test
mkdir -p $(DESTDIR)/include/mbedtls
cp -rp include/mbedtls $(DESTDIR)/include
cp -rp tf-psa-crypto/drivers/builtin/include/mbedtls $(DESTDIR)/include
mkdir -p $(DESTDIR)/include/psa
cp -rp include/psa $(DESTDIR)/include
cp -rp tf-psa-crypto/include/psa $(DESTDIR)/include
mkdir -p $(DESTDIR)/lib
cp -RP library/libmbedtls.* $(DESTDIR)/lib
@ -167,7 +171,10 @@ else
if exist visualc\VS2017\mbedTLS.sln del /Q /F visualc\VS2017\mbedTLS.sln
endif
check: lib tests
ifndef PSASIM
check: lib
endif
check: tests
$(MAKE) -C tests check
test: check
@ -197,6 +204,8 @@ C_SOURCE_FILES = $(wildcard \
3rdparty/*/*.c 3rdparty/*/*/*.c 3rdparty/*/*/*/*.c 3rdparty/*/*/*/*/*.c \
include/*/*.h \
library/*.[hc] \
tf-psa-crypto/include/*/*.h \
tf-psa-crypto/drivers/builtin/include/*/*.h \
programs/*/*.[hc] \
tests/include/*/*.h tests/include/*/*/*.h \
tests/src/*.c tests/src/*/*.c \
@ -213,5 +222,7 @@ GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)
ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc
cscope: cscope.in.out cscope.po.out cscope.out
cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES)
cscope -bq -u -Iinclude -Ilibrary $(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES)
cscope -bq -u -Iinclude -Ilibrary -Itf-psa-crypto/include \
-Itf-psa-crypto/drivers/builtin/include \
$(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES)
.PHONY: cscope global

2
SECURITY.md
View File

@ -128,7 +128,7 @@ even a remote. The attacks can result in key recovery.
- Turn on hardware acceleration for AES. This is supported only on selected
architectures and currently only available for AES. See configuration options
`MBEDTLS_AESCE_C`, `MBEDTLS_AESNI_C` and `MBEDTLS_PADLOCK_C` for details.
`MBEDTLS_AESCE_C`, `MBEDTLS_AESNI_C` for details.
- Add a secure alternative implementation (typically hardware acceleration) for
the vulnerable cipher. See the [Alternative Implementations
Guide](docs/architecture/alternative-implementations.md) for more information.

16
configs/config-ccm-psk-dtls1_2.h
View File

@ -23,19 +23,20 @@
* See README.txt for usage instructions.
*/
#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-ccm-psk-tls1_2.h"
#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_PSA_CRYPTO_CONFIG
#define MBEDTLS_USE_PSA_CRYPTO
/* System support */
//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */
/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */
/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_CCM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_MD_C
#define MBEDTLS_NET_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_COOKIE_C
#define MBEDTLS_SSL_SRV_C
@ -81,11 +82,6 @@
*/
#define MBEDTLS_ENTROPY_MAX_SOURCES 2
/* These defines are present so that the config modifying scripts can enable
* them during tests/scripts/test-ref-configs.pl */
//#define MBEDTLS_USE_PSA_CRYPTO
//#define MBEDTLS_PSA_CRYPTO_C
/* Error messages and TLS debugging traces
* (huge code size increase, needed for tests/ssl-opt.sh) */
//#define MBEDTLS_DEBUG_C

16
configs/config-ccm-psk-tls1_2.h
View File

@ -22,19 +22,20 @@
* See README.txt for usage instructions.
*/
#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-ccm-psk-tls1_2.h"
#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_PSA_CRYPTO_CONFIG
#define MBEDTLS_USE_PSA_CRYPTO
/* System support */
//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */
/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */
/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_CCM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_MD_C
#define MBEDTLS_NET_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
@ -72,11 +73,6 @@
*/
#define MBEDTLS_ENTROPY_MAX_SOURCES 2
/* These defines are present so that the config modifying scripts can enable
* them during tests/scripts/test-ref-configs.pl */
//#define MBEDTLS_USE_PSA_CRYPTO
//#define MBEDTLS_PSA_CRYPTO_C
/* Error messages and TLS debugging traces
* (huge code size increase, needed for tests/ssl-opt.sh) */
//#define MBEDTLS_DEBUG_C

73
configs/config-no-entropy.h
View File

@ -1,73 +0,0 @@
/**
* \file config-no-entropy.h
*
* \brief Minimal configuration of features that do not require an entropy source
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* Minimal configuration of features that do not require an entropy source
* Distinguishing features:
* - no entropy module
* - no TLS protocol implementation available due to absence of an entropy
* source
*
* See README.txt for usage instructions.
*/
/* System support */
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
/* Mbed TLS feature support */
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_PADDING_PKCS7
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
#define MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_ECDSA_DETERMINISTIC
#define MBEDTLS_PK_RSA_ALT_SUPPORT
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_PKCS1_V21
#define MBEDTLS_SELF_TEST
#define MBEDTLS_VERSION_FEATURES
/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BASE64_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CCM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ERROR_C
#define MBEDTLS_GCM_C
#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PK_WRITE_C
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_RSA_C
/* The library does not currently support enabling SHA-224 without SHA-256.
* A future version of the library will have this option disabled
* by default. */
#define MBEDTLS_SHA224_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA384_C
#define MBEDTLS_SHA512_C
#define MBEDTLS_VERSION_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_CRL_PARSE_C
//#define MBEDTLS_CMAC_C
/* Miscellaneous options */
#define MBEDTLS_AES_ROM_TABLES

24
configs/config-suite-b.h
View File

@ -21,36 +21,29 @@
* See README.txt for usage instructions.
*/
#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-suite-b.h"
#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_PSA_CRYPTO_CONFIG
#define MBEDTLS_USE_PSA_CRYPTO
/* System support */
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
/* Mbed TLS feature support */
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2
/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ECDH_C
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_GCM_C
#define MBEDTLS_MD_C
#define MBEDTLS_NET_C
#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA384_C
#define MBEDTLS_SHA512_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
@ -95,11 +88,6 @@
#define MBEDTLS_SSL_IN_CONTENT_LEN 1024
#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024
/* These defines are present so that the config modifying scripts can enable
* them during tests/scripts/test-ref-configs.pl */
//#define MBEDTLS_USE_PSA_CRYPTO
//#define MBEDTLS_PSA_CRYPTO_C
/* Error messages and TLS debugging traces
* (huge code size increase, needed for tests/ssl-opt.sh) */
//#define MBEDTLS_DEBUG_C

41
configs/config-symmetric-only.h
View File

@ -8,70 +8,43 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-symmetric-only.h"
#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_PSA_CRYPTO_CONFIG
#define MBEDTLS_USE_PSA_CRYPTO
/* System support */
//#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME_DATE
/* Mbed TLS feature support */
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_MODE_CFB
#define MBEDTLS_CIPHER_MODE_CTR
#define MBEDTLS_CIPHER_MODE_OFB
#define MBEDTLS_CIPHER_MODE_XTS
#define MBEDTLS_CIPHER_PADDING_PKCS7
#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
#define MBEDTLS_CIPHER_PADDING_ZEROS
#define MBEDTLS_ERROR_STRERROR_DUMMY
#define MBEDTLS_FS_IO
#define MBEDTLS_ENTROPY_NV_SEED
#define MBEDTLS_SELF_TEST
#define MBEDTLS_USE_PSA_CRYPTO
#define MBEDTLS_VERSION_FEATURES
/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BASE64_C
#define MBEDTLS_CAMELLIA_C
#define MBEDTLS_ARIA_C
#define MBEDTLS_CCM_C
#define MBEDTLS_CHACHA20_C
#define MBEDTLS_CHACHAPOLY_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CMAC_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_DES_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_ERROR_C
#define MBEDTLS_GCM_C
#define MBEDTLS_HKDF_C
#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_NIST_KW_C
#define MBEDTLS_MD_C
#define MBEDTLS_MD5_C
#define MBEDTLS_OID_C
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_PEM_WRITE_C
#define MBEDTLS_PKCS5_C
#define MBEDTLS_PKCS12_C
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_POLY1305_C
#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_PSA_CRYPTO_SE_C
#define MBEDTLS_PSA_CRYPTO_STORAGE_C
#define MBEDTLS_PSA_ITS_FILE_C
#define MBEDTLS_RIPEMD160_C
#define MBEDTLS_SHA1_C
/* The library does not currently support enabling SHA-224 without SHA-256.
* A future version of the library will have this option disabled
* by default. */
#define MBEDTLS_SHA224_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA384_C
#define MBEDTLS_SHA512_C
//#define MBEDTLS_THREADING_C
#define MBEDTLS_TIMING_C
#define MBEDTLS_VERSION_C

21
configs/config-thread.h
View File

@ -17,15 +17,21 @@
* - no X.509
* - support for experimental EC J-PAKE key exchange
*
* To be used in conjunction with configs/crypto-config-thread.h.
* See README.txt for usage instructions.
*/
#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-thread.h"
#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_PSA_CRYPTO_CONFIG
#define MBEDTLS_USE_PSA_CRYPTO
/* System support */
#define MBEDTLS_HAVE_ASM
/* Mbed TLS feature support */
#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
@ -35,23 +41,15 @@
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CCM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_CMAC_C
#define MBEDTLS_ECJPAKE_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_COOKIE_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
@ -69,8 +67,3 @@
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
/* These defines are present so that the config modifying scripts can enable
* them during tests/scripts/test-ref-configs.pl */
//#define MBEDTLS_USE_PSA_CRYPTO
//#define MBEDTLS_PSA_CRYPTO_C

4
configs/crypto-config-ccm-aes-sha256.h
View File

@ -2,7 +2,7 @@
* \file configs/crypto-config-ccm-aes-sha256.h
*
* \brief PSA crypto configuration with only symmetric cryptography: CCM-AES,
* SHA-256, HMAC and key derivation
* SHA-256 and key derivation (uses HMAC).
*/
/*
* Copyright The Mbed TLS Contributors
@ -13,12 +13,10 @@
#define PSA_CRYPTO_CONFIG_H
#define PSA_WANT_ALG_CCM 1
#define PSA_WANT_ALG_HMAC 1
#define PSA_WANT_ALG_SHA_256 1
#define PSA_WANT_ALG_TLS12_PRF 1
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
#define PSA_WANT_KEY_TYPE_DERIVE 1
#define PSA_WANT_KEY_TYPE_HMAC 1
#define PSA_WANT_KEY_TYPE_AES 1
#define PSA_WANT_KEY_TYPE_RAW_DATA 1

25
configs/crypto-config-ccm-psk-tls1_2.h Normal file
View File

@ -0,0 +1,25 @@
/**
* \file crypto-config-ccm-psk-tls1_2.h
*
* \brief Minimal crypto configuration for TLS 1.2 with
* PSK and AES-CCM ciphersuites
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
* To be used in conjunction with configs/config-ccm-psk-tls1_2.h
* or configs/config-ccm-psk-dtls1_2.h. */
#ifndef PSA_CRYPTO_CONFIG_H
#define PSA_CRYPTO_CONFIG_H
#define PSA_WANT_ALG_CCM 1
#define PSA_WANT_ALG_SHA_256 1
#define PSA_WANT_ALG_TLS12_PRF 1
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
#define PSA_WANT_KEY_TYPE_AES 1
#endif /* PSA_CRYPTO_CONFIG_H */

41
configs/crypto-config-suite-b.h Normal file
View File

@ -0,0 +1,41 @@
/**
* \file crypto-config-symmetric-only.h
*
* \brief \brief Minimal crypto configuration for
* TLS NSA Suite B Profile (RFC 6460).
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
* Minimal crypto configuration for TLS NSA Suite B Profile (RFC 6460)
*
* Distinguishing features:
* - no RSA or classic DH, fully based on ECC
* - optimized for low RAM usage
*
* Possible improvements:
* - if 128-bit security is enough, disable secp384r1 and SHA-512
*
* To be used in conjunction with configs/config-suite-b.h. */
#ifndef PSA_CRYPTO_CONFIG_H
#define PSA_CRYPTO_CONFIG_H
#define PSA_WANT_ALG_ECDH 1
#define PSA_WANT_ALG_ECDSA 1
#define PSA_WANT_ALG_GCM 1
#define PSA_WANT_ALG_SHA_256 1
#define PSA_WANT_ALG_SHA_384 1
#define PSA_WANT_ALG_SHA_512 1
#define PSA_WANT_ECC_SECP_R1_256 1
#define PSA_WANT_ECC_SECP_R1_384 1
#define PSA_WANT_ALG_TLS12_PRF 1
#define PSA_WANT_KEY_TYPE_AES 1
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
#endif /* PSA_CRYPTO_CONFIG_H */

58
configs/crypto-config-symmetric-only.h Normal file
View File

@ -0,0 +1,58 @@
/**
* \file crypto-config-symmetric-only.h
*
* \brief Crypto configuration without any asymmetric cryptography.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
* To be used in conjunction with configs/config-symmetric-only.h. */
#ifndef PSA_CRYPTO_CONFIG_H
#define PSA_CRYPTO_CONFIG_H
#define PSA_WANT_ALG_CBC_NO_PADDING 1
#define PSA_WANT_ALG_CBC_PKCS7 1
#define PSA_WANT_ALG_CCM 1
#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
#define PSA_WANT_ALG_CFB 1
#define PSA_WANT_ALG_CHACHA20_POLY1305 1
#define PSA_WANT_ALG_CMAC 1
#define PSA_WANT_ALG_CTR 1
#define PSA_WANT_ALG_ECB_NO_PADDING 1
#define PSA_WANT_ALG_GCM 1
#define PSA_WANT_ALG_HKDF 1
#define PSA_WANT_ALG_HKDF_EXTRACT 1
#define PSA_WANT_ALG_HKDF_EXPAND 1
#define PSA_WANT_ALG_HMAC 1
#define PSA_WANT_ALG_MD5 1
#define PSA_WANT_ALG_OFB 1
#define PSA_WANT_ALG_RIPEMD160 1
#define PSA_WANT_ALG_SHA_1 1
#define PSA_WANT_ALG_STREAM_CIPHER 1
#define PSA_WANT_ALG_SHA_224 1
#define PSA_WANT_ALG_SHA_256 1
#define PSA_WANT_ALG_SHA_384 1
#define PSA_WANT_ALG_SHA_512 1
#define PSA_WANT_ALG_SHA3_224 1
#define PSA_WANT_ALG_SHA3_256 1
#define PSA_WANT_ALG_SHA3_384 1
#define PSA_WANT_ALG_SHA3_512 1
#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
#define PSA_WANT_ALG_TLS12_PRF 1
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
/* XTS is not yet supported via the PSA API in Mbed TLS. */
//#define PSA_WANT_ALG_XTS 1
#define PSA_WANT_KEY_TYPE_AES 1
#define PSA_WANT_KEY_TYPE_ARIA 1
#define PSA_WANT_KEY_TYPE_CAMELLIA 1
#define PSA_WANT_KEY_TYPE_CHACHA20 1
#define PSA_WANT_KEY_TYPE_DES 1
#define PSA_WANT_KEY_TYPE_HMAC 1
#endif /* PSA_CRYPTO_CONFIG_H */

47
configs/crypto-config-thread.h Normal file
View File

@ -0,0 +1,47 @@
/**
* \file crypto-config-thread.h
*
* \brief Minimal crypto configuration for using TLS as part of Thread
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/**
* Minimal crypto configuration for using TLS as part of Thread
* http://threadgroup.org/
*
* Distinguishing features:
* - no RSA or classic DH, fully based on ECC
* - no X.509
* - support for experimental EC J-PAKE key exchange
* - support for PBKDF2-AES-CMAC-PRF-128 password-hashing or key-stretching
* algorithm.
*
* To be used in conjunction with configs/config-thread.h.
* See README.txt for usage instructions.
*/
#ifndef PSA_CRYPTO_CONFIG_H
#define PSA_CRYPTO_CONFIG_H
#define PSA_WANT_ALG_CCM 1
#define PSA_WANT_ALG_ECB_NO_PADDING 1
#define PSA_WANT_ALG_HMAC 1
#define PSA_WANT_ALG_JPAKE 1
#define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1
#define PSA_WANT_ALG_SHA_256 1
#define PSA_WANT_ALG_TLS12_PRF 1
#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
#define PSA_WANT_ECC_SECP_R1_256 1
#define PSA_WANT_KEY_TYPE_AES 1
#define PSA_WANT_KEY_TYPE_DERIVE 1
#define PSA_WANT_KEY_TYPE_HMAC 1
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
#endif /* PSA_CRYPTO_CONFIG_H */

1
configs/ext/tfm_mbedcrypto_config_profile_medium.h
View File

@ -56,7 +56,6 @@
*
* Required by:
* MBEDTLS_AESNI_C
* MBEDTLS_PADLOCK_C
*
* Comment to disable the use of assembly code.
*/

2
docs/architecture/alternative-implementations.md
View File

@ -46,7 +46,7 @@ Generally, alternative implementations can define their context types to any C t
Where a context type needs to have a certain field, the field must have the same type and semantics as in the built-in implementation, but does not need to be at the same position in the structure. Furthermore, unless otherwise indicated, only read access is necessary: the field can be `const`, and modifications to it do not need to be supported. For example, if an alternative implementation of asymmetric cryptography uses a different representation of large integers, it is sufficient to provide a read-only copy of the fields listed here of type `mbedtls_mpi`.
* AES: if `MBEDTLS_AESNI_C` or `MBEDTLS_PADLOCK_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`.
* AES: if `MBEDTLS_AESNI_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`.
* DHM: if `MBEDTLS_DEBUG_C` is enabled, `mbedtls_dhm_context` must have the fields `P`, `Q`, `G`, `GX`, `GY` and `K`.
* ECP: `mbedtls_ecp_group` must have the fields `id`, `P`, `A`, `B`, `G`, `N`, `pbits` and `nbits`.
* If `MBEDTLS_PK_PARSE_EC_EXTENDED` is enabled, those fields must be writable, and `mbedtls_ecp_point_read_binary()` must support a group structure where only `P`, `pbits`, `A` and `B` are set.

8
docs/architecture/psa-crypto-implementation-structure.md
View File

@ -86,7 +86,7 @@ Summary of files to modify when adding a new algorithm or key type:
* [ ] `tests/suites/test_suite_psa_crypto_metadata.data` — [New functions and macros](#new-functions-and-macros)
* (If adding `PSA_IS_xxx`) `tests/suites/test_suite_psa_crypto_metadata.function` — [New functions and macros](#new-functions-and-macros)
* [ ] `tests/suites/test_suite_psa_crypto*.data`, `tests/suites/test_suite_psa_crypto*.function` — [Unit tests](#unit-tests)
* [ ] `scripts/mbedtls_dev/crypto_knowledge.py`, `scripts/mbedtls_dev/asymmetric_key_data.py` — [Unit tests](#unit-tests)
* [ ] `framework/scripts/mbedtls_framework/crypto_knowledge.py`, `framework/scripts/mbedtls_framework/asymmetric_key_data.py` — [Unit tests](#unit-tests)
* [ ] `ChangeLog.d/*.txt` — changelog entry
Summary of files to modify when adding new API functions:
@ -153,7 +153,7 @@ The size of operation structures needs to be known at compile time, since caller
### Unit tests
A number of unit tests are automatically generated by `tests/scripts/generate_psa_tests.py` based on the algorithms and key types declared in `include/psa/crypto_values.h` and `include/psa/crypto_extra.h`:
A number of unit tests are automatically generated by `framework/scripts/generate_psa_tests.py` based on the algorithms and key types declared in `include/psa/crypto_values.h` and `include/psa/crypto_extra.h`:
* Attempt to create a key with a key type that is not supported.
* Attempt to perform an operation with a combination of key type and algorithm that is not valid or not supported.
@ -161,8 +161,8 @@ A number of unit tests are automatically generated by `tests/scripts/generate_ps
When adding a new key type or algorithm:
* `scripts/mbedtls_dev/crypto_knowledge.py` contains knowledge about the compatibility of key types, key sizes and algorithms.
* `scripts/mbedtls_dev/asymmetric_key_data.py` contains valid key data for asymmetric key types.
* `framework/scripts/mbedtls_framework/crypto_knowledge.py` contains knowledge about the compatibility of key types, key sizes and algorithms.
* `framework/scripts/mbedtls_framework/asymmetric_key_data.py` contains valid key data for asymmetric key types.
Other things need to be tested manually, either in `tests/suites/test_sutie_psa_crypto.data` or in another file. For example (this is not an exhaustive list):

2
docs/architecture/psa-migration/outcome-analysis.sh
View File

@ -27,7 +27,7 @@ set -eu
cleanup() {
make clean
git checkout -- include/mbedtls/mbedtls_config.h include/psa/crypto_config.h
git checkout -- include/mbedtls/mbedtls_config.h tf-psa-crypto/include/psa/crypto_config.h
}
record() {

2
docs/architecture/psa-shared-memory.md
View File

@ -663,7 +663,7 @@ psa_status_t mem_poison_psa_aead_update(psa_aead_operation_t *operation,
There now exists a more generic mechanism for making exactly this kind of transformation - the PSA test wrappers, which exist in the files `tests/include/test/psa_test_wrappers.h` and `tests/src/psa_test_wrappers.c`. These are wrappers around all PSA functions that allow testing code to be inserted at the start and end of a PSA function call.
The test wrappers are generated by a script, although they are not automatically generated as part of the build process. Instead, they are checked into source control and must be manually updated when functions change by running `tests/scripts/generate_psa_wrappers.py`.
The test wrappers are generated by a script, although they are not automatically generated as part of the build process. Instead, they are checked into source control and must be manually updated when functions change by running `framework/scripts/generate_psa_wrappers.py`.
Poisoning code is added to these test wrappers where relevant in order to pre-poison and post-unpoison the parameters to the functions.

470
docs/architecture/testing/driver-interface-test-strategy.md
View File

@ -114,7 +114,7 @@ We should have at least one driver that covers the whole interface:
A PKCS#11 driver would be a good candidate. It would be useful as part of our product offering.
## Transparent driver interface testing
## Unified driver interface testing
The [unified driver interface](../../proposed/psa-driver-interface.md) defines interfaces for accelerators.
@ -128,6 +128,470 @@ Every cryptographic mechanism for which a transparent driver interface exists (k
The driver interface includes a fallback mechanism so that a driver can reject a request at runtime and let another driver handle the request. For each entry point, there must be at least three test runs with two or more drivers available with driver A configured to fall back to driver B, with one run where A returns `PSA_SUCCESS`, one where A returns `PSA_ERROR_NOT_SUPPORTED` and B is invoked, and one where A returns a different error and B is not invoked.
## Entropy and randomness interface testing
### Test drivers
TODO
We have test drivers that are enabled by `PSA_CRYPTO_DRIVER_TEST` (not present
in the usual config files, must be defined on the command line or in a custom
config file). Those test drivers are implemented in `tests/src/drivers/*.c`
and their API is declared in `tests/include/test/drivers/*.h`.
We have two test driver registered: `mbedtls_test_opaque_driver` and
`mbedtls_test_transparent_driver`. These are described in
`scripts/data_files/driver_jsons/mbedtls_test_xxx_driver.json` (as much as our
JSON support currently allows). Each of the drivers can potentially implement
support for several mechanism; conversely, each of the file mentioned in the
previous paragraph can potentially contribute to both the opaque and the
transparent test driver.
Each entry point is instrumented to record the number of hits for each part of
the driver (same division as the files) and the status of the last call. It is
also possible to force the next call to return a specified status, and
sometimes more things can be forced: see the various
`mbedtls_test_driver_XXX_hooks_t` structures declared by each driver (and
subsections below).
The drivers can use one of two back-ends:
- internal: this requires the built-in implementation to be present.
- libtestdriver1: this allows the built-in implementation to be omitted from
the build.
Historical note: internal was initially the only back-end; then support for
libtestdriver1 was added gradually. Support for libtestdriver1 is now complete
(see following sub-sections), so we could remove internal now. Note it's
useful to have builds with both a driver and the built-in, in order to test
fallback to built-in, which is currently done only with internal, but this can
be achieved with libtestdriver1 just as well.
Note on instrumentation: originally, when only the internal backend was
available, hits were how we knew that the driver was called, as opposed to
directly calling the built-in code. With libtestdriver1, we can check that by
ensuring that the built-in code is not present, so if the operation gives the
correct result, only a driver call can have calculated that result. So,
nowadays there is low value in checking the hit count. There is still some
value for hit counts, e.g. checking that we don't call a multipart entry point
when we intended to call the one-shot entry point, but it's limited.
Note: our test drivers tend to provide all possible entry points (with a few
exceptions that may not be intentional, see the next sections). However, in
some cases, when an entry point is not available, the core is supposed to
implement it using other entry points, for example:
- `mac_verify` may use `mac_compute` if the driver does no provide verify;
- for things that have both one-shot and multi-part API, the driver can
provide only the multi-part entry points, and the core is supposed to
implement one-shot on top of it (but still call the one-shot entry points when
they're available);
- `sign/verify_message` can be implemented on top of `sign/verify_hash` for
some algorithms;
- (not sure if the list is exhaustive).
Ideally, we'd want build options for the test drivers so that we can test with
different combinations of entry points present, and make sure the core behaves
appropriately when some entry points are absent but other entry points allow
implementing the operation. This will remain hard to test until we have proper
support for JSON-defined drivers with auto-generation of dispatch code.
(The `MBEDTLS_PSA_ACCEL_xxx` macros we currently use are not expressive enough
to specify which entry points are supported for a given mechanism.)
Our implementation of PSA Crypto is structured in a way that the built-in
implementation of each operation follows the driver API, see
[`../architecture/psa-crypto-implementation-structure.md`](../architecture/psa-crypto-implementation-structure.html).
This makes implementing the test drivers very easy: each entry point has a
corresponding `mbedtls_psa_xxx()` function that it can call as its
implementation - with the `libtestdriver1` back-end the function is called
`libtestdriver1_mbedtls_psa_xxx()` instead.
A nice consequence of that strategy is that when an entry point has
test-driver support, most of the time, it automatically works for all
algorithms and key types supported by the library. (The exception being when
the driver needs to call a different function for different key types, as is
the case with some asymmetric key management operations.) (Note: it's still
useful to test drivers in configurations with partial algorithm support, and
that can still be done by configuring libtestdriver1 and the main library as
desired.)
The renaming process for `libtestdriver1` is implemented as a few Perl regexes
applied to a copy of the library code, see the `libtestdriver1.a` target in
`tests/Makefile`. Another modification that's done to this copy is appending
`tests/include/test/drivers/crypto_config_test_driver_extension.h` to
`psa/crypto_config.h`. This file reverses the `ACCEL`/`BUILTIN` macros so that
`libtestdriver1` includes as built-in what the main `libmbedcrypto.a` will
have accelerated; see that file's initial comment for details. See also
`helper_libtestdriver1_` functions and the preceding comment in `all.sh` for
how libtestdriver is used in practice.
This general framework needs specific code for each family of operations. At a
given point in time, not all operations have the same level of support. The
following sub-sections describe the status of the test driver support, mostly
following the structure and order of sections 9.6 and 10.2 to 10.10 of the
[PSA Crypto standard](https://arm-software.github.io/psa-api/crypto/1.1/) as
that is also a natural division for implementing test drivers (that's how the
code is divided into files).
#### Key management
The following entry points are declared in `test/drivers/key_management.h`:
- `"init"` (transparent and opaque)
- `"generate_key"` (transparent and opaque)
- `"export_public_key"` (transparent and opaque)
- `"import_key"` (transparent and opaque)
- `"export_key"` (opaque only)
- `"get_builtin_key"` (opaque only)
- `"copy_key"` (opaque only)
The transparent driver fully implements the declared entry points, and can use
any backend: internal or libtestdriver1.
The opaque's driver implementation status is as follows:
- `"generate_key"`: not implemented, always returns `NOT_SUPPORTED`.
- `"export_public_key"`: implemented only for ECC and RSA keys, both backends.
- `"import_key"`: implemented except for DH keys, both backends.
- `"export_key"`: implemented for built-in keys (ECC and AES), and for
non-builtin keys except DH keys. (Backend not relevant.)
- `"get_builtin_key"`: implemented - provisioned keys: AES-128 and ECC
secp2456r1. (Backend not relevant.)
- `"copy_key"`: implemented - emulates a SE without storage. (Backend not
relevant.)
Note: the `"init"` entry point is not part of the "key management" family, but
listed here as it's declared and implemented in the same file. With the
transparent driver and the libtestdriver1 backend, it calls
`libtestdriver1_psa_crypto_init()`, which partially but not fully ensures
that this entry point is called before other entry points in the test drivers.
With the opaque driver, this entry point just does nothing an returns success.
The following entry points are defined by the driver interface but missing
from our test drivers:
- `"allocate_key"`, `"destroy_key"`: this is for opaque drivers that store the
key material internally.
Note: the instrumentation also allows forcing the output and its length.
#### Message digests (Hashes)
The following entry points are declared (transparent only):
- `"hash_compute"`
- `"hash_setup"`
- `"hash_clone"`
- `"hash_update"`
- `"hash_finish"`
- `"hash_abort"`
The transparent driver fully implements the declared entry points, and can use
any backend: internal or libtestdriver1.
This familly is not part of the opaque driver as it doesn't use keys.
#### Message authentication codes (MAC)
The following entry points are declared (transparent and opaque):
- `"mac_compute"`
- `"mac_sign_setup"`
- `"mac_verify_setup"`
- `"mac_update"`
- `"mac_sign_finish"`
- `"mac_verify_finish"`
- `"mac_abort"`
The transparent driver fully implements the declared entry points, and can use
any backend: internal or libtestdriver1.
The opaque driver only implements the instrumentation but not the actual
operations: entry points will always return `NOT_SUPPORTED`, unless another
status is forced.
The following entry points are not implemented:
- `mac_verify`: this mostly makes sense for opaque drivers; the core will fall
back to using `"mac_compute"` if this is not implemented. So, perhaps
ideally we should test both with `"mac_verify"` implemented and with it not
implemented? Anyway, we have a test gap here.
#### Unauthenticated ciphers
The following entry points are declared (transparent and opaque):
- `"cipher_encrypt"`
- `"cipher_decrypt"`
- `"cipher_encrypt_setup"`
- `"cipher_decrypt_setup"`
- `"cipher_set_iv"`
- `"cipher_update"`
- `"cipher_finish"`
- `"cipher_abort"`
The transparent driver fully implements the declared entry points, and can use
any backend: internal or libtestdriver1.
The opaque driver is not implemented at all, neither instumentation nor the
operation: entry points always return `NOT_SUPPORTED`.
Note: the instrumentation also allows forcing a specific output and output
length.
#### Authenticated encryption with associated data (AEAD)
The following entry points are declared (transparent only):
- `"aead_encrypt"`
- `"aead_decrypt"`
- `"aead_encrypt_setup"`
- `"aead_decrypt_setup"`
- `"aead_set_nonce"`
- `"aead_set_lengths"`
- `"aead_update_ad"`
- `"aead_update"`
- `"aead_finish"`
- `"aead_verify"`
- `"aead_abort"`
The transparent driver fully implements the declared entry points, and can use
any backend: internal or libtestdriver1.
The opaque driver does not implement or even declare entry points for this
family.
Note: the instrumentation records the number of hits per entry point, not just
the total number of hits for this family.
#### Key derivation
Not covered at all by the test drivers.
That's a test gap which reflects a feature gap: the driver interface does
define a key derivation family of entry points, but we don't currently
implement that part of the driver interface, see #5488 and related issues.
#### Asymmetric signature
The following entry points are declared (transparent and opaque):
- `"sign_message"`
- `"verify_message"`
- `"sign_hash"`
- `"verify_hash"`
The transparent driver fully implements the declared entry points, and can use
any backend: internal or libtestdriver1.
The opaque driver is not implemented at all, neither instumentation nor the
operation: entry points always return `NOT_SUPPORTED`.
Note: the instrumentation also allows forcing a specific output and output
length, and has two instance of the hooks structure: one for sign, the other
for verify.
Note: when a driver implements only the `"xxx_hash"` entry points, the core is
supposed to implement the `psa_xxx_message()` functions by computing the hash
itself before calling the `"xxx_hash"` entry point. Since the test driver does
implement the `"xxx_message"` entry point, it's not exercising that part of
the core's expected behaviour.
#### Asymmetric encryption
The following entry points are declared (transparent and opaque):
- `"asymmetric_encrypt"`
- `"asymmetric_decrypt"`
The transparent driver fully implements the declared entry points, and can use
any backend: internal or libtestdriver1.
The opaque driver implements the declared entry points, and can use any
backend: internal or libtestdriver1. However it does not implement the
instrumentation (hits, forced output/status), as this [was not an immediate
priority](https://github.com/Mbed-TLS/mbedtls/pull/8700#issuecomment-1892466159).
Note: the instrumentation also allows forcing a specific output and output
length.
#### Key agreement
The following entry points are declared (transparent and opaque):
- `"key_agreement"`
The transparent driver fully implements the declared entry points, and can use
any backend: internal or libtestdriver1.
The opaque driver is not implemented at all, neither instumentation nor the
operation: entry points always return `NOT_SUPPORTED`.
Note: the instrumentation also allows forcing a specific output and output
length.
#### Other cryptographic services (Random number generation)
Not covered at all by the test drivers.
The driver interface defines a `"get_entropy"` entry point, as well as a
"Random generation" family of entry points. None of those are currently
implemented in the library. Part of it will be planned for 4.0, see #8150.
#### PAKE extension
The following entry points are declared (transparent only):
- `"pake_setup"`
- `"pake_output"`
- `"pake_input"`
- `"pake_get_implicit_key"`
- `"pake_abort"`
Note: the instrumentation records hits per entry point and allows forcing the
output and its length, as well as forcing the status of setup independently
from the others.
The transparent driver fully implements the declared entry points, and can use
any backend: internal or libtestdriver1.
The opaque driver does not implement or even declare entry points for this
family.
### Driver wrapper test suite
We have a test suite dedicated to driver dispatch, which takes advantage of the
instrumentation in the test drivers described in the previous section, in
order to check that drivers are called when they're supposed to, and that the
core behaves as expected when they return errors (in particular, that we fall
back to the built-in implementation when the driver returns `NOT_SUPPORTED`).
This is `test_suite_psa_crypto_driver_wrappers`, which is maintained manually
(that is, the test cases in the `.data` files are not auto-generated). The
entire test suite depends on the test drivers being enabled
(`PSA_CRYPTO_DRIVER_TEST`), which is not the case in the default or full
config.
The test suite is focused on driver usage (mostly by checking the expected
number of hits) but also does some validation of the results: for
deterministic algorithms, known-answers tests are used, and for the rest, some
consistency checks are done (more or less detailled depending on the algorithm
and build configuration).
#### Configurations coverage
The driver wrappers test suite has cases that expect both the driver and the
built-in to be present, and also cases that expect the driver to be present
but not the built-in. As such, it's impossible for a single configuration to
run all test cases, and we need at least two: driver+built-in, and
driver-only.
- The driver+built-in case is covered by `test_psa_crypto_drivers` in `all.sh`.
This covers all areas (key types and algs) at once.
- The driver-only case is split into multiple `all.sh` components whose names
start with `test_psa_crypto_config_accel`; we have one or more component per
area, see below.
Here's a summary of driver-only coverage, grouped by families of key types.
Hash (key types: none)
- `test_psa_crypto_config_accel_hash`: all algs, default config, no parity
testing.
- `test_psa_crypto_config_accel_hash_use_psa`: all algs, full config, with
parity testing.
HMAC (key type: HMAC)
- `test_psa_crypto_config_accel_hmac`: all algs, full config except a few
exclusions (PKCS5, PKCS7, HMAC-DRBG, legacy HKDF, deterministic ECDSA), with
parity testing.
Cipher, AEAD and CMAC (key types: DES, AES, ARIA, CHACHA20, CAMELLIA):
- `test_psa_crypto_config_accel_cipher_aead_cmac`: all key types and algs, full
config with a few exclusions (NIST-KW), with parity testing.
- `test_psa_crypto_config_accel_des`: only DES (with all algs), full
config, no parity testing.
- `test_psa_crypto_config_accel_aead`: only AEAD algs (with all relevant key
types), full config, no parity testing.
Key derivation (key types: `DERIVE`, `RAW_DATA`, `PASSWORD`, `PEPPER`,
`PASSWORD_HASH`):
- No testing as we don't have driver support yet (see previous section).
RSA (key types: `RSA_KEY_PAIR_xxx`, `RSA_PUBLIC_KEY`):
- `test_psa_crypto_config_accel_rsa_crypto`: all 4 algs (encryption &
signature, v1.5 & v2.1), config `crypto_full`, with parity testing excluding
PK.
DH (key types: `DH_KEY_PAIR_xxx`, `DH_PUBLIC_KEY`):
- `test_psa_crypto_config_accel_ffdh`: all key types and algs, full config,
with parity testing.
- `test_psa_crypto_config_accel_ecc_ffdh_no_bignum`: with also bignum removed.
ECC (key types: `ECC_KEY_PAIR_xxx`, `ECC_PUBLIC_KEY`):
- Single algorithm accelerated (both key types, all curves):
- `test_psa_crypto_config_accel_ecdh`: default config, no parity testing.
- `test_psa_crypto_config_accel_ecdsa`: default config, no parity testing.
- `test_psa_crypto_config_accel_pake`: full config, no parity testing.
- All key types, algs and curves accelerated (full config with exceptions,
with parity testing):
- `test_psa_crypto_config_accel_ecc_ecp_light_only`: `ECP_C` mostly disabled
- `test_psa_crypto_config_accel_ecc_no_ecp_at_all`: `ECP_C` fully disabled
- `test_psa_crypto_config_accel_ecc_no_bignum`: `BIGNUM_C` disabled (DH disabled)
- `test_psa_crypto_config_accel_ecc_ffdh_no_bignum`: `BIGNUM_C` disabled (DH accelerated)
- Other - all algs accelerated but only some algs/curves (full config with
exceptions, no parity testing):
- `test_psa_crypto_config_accel_ecc_some_key_types`
- `test_psa_crypto_config_accel_ecc_non_weierstrass_curves`
- `test_psa_crypto_config_accel_ecc_weierstrass_curves`
Note: `analyze_outcomes.py` provides a list of test cases that are not
executed in any configuration tested on the CI. We're missing driver-only HMAC
testing, but no test is flagged as never executed there; this reveals we don't
have "fallback not available" cases for MAC, see #8565.
#### Test case coverage
Since `test_suite_psa_crypto_driver_wrappers.data` is maintained manually,
we need to make sure it exercises all the cases that need to be tested. In the
future, this file should be generated in order to ensure exhaustiveness.
In the meantime, one way to observe (lack of) completeness is to look at line
coverage in test driver implementaitons - this doesn't reveal all gaps, but it
does reveal cases where we thought about something when writing the test
driver, but not when writing test functions/data.
Key management:
- `mbedtls_test_transparent_generate_key()` is not tested with RSA keys.
- `mbedtls_test_transparent_import_key()` is not tested with DH keys.
- `mbedtls_test_opaque_import_key()` is not tested with unstructured keys nor
with RSA keys (nor DH keys since that's not implemented).
- `mbedtls_test_opaque_export_key()` is not tested with non-built-in keys.
- `mbedtls_test_transparent_export_public_key()` is not tested with RSA or DH keys.
- `mbedtls_test_opaque_export_public_key()` is not tested with non-built-in keys.
- `mbedtls_test_opaque_copy_key()` is not tested at all.
Hash:
- `mbedtls_test_transparent_hash_finish()` is not tested with a forced status.
MAC:
- The following are not tested with a forced status:
- `mbedtls_test_transparent_mac_sign_setup()`
- `mbedtls_test_transparent_mac_verify_setup()`
- `mbedtls_test_transparent_mac_update()`
- `mbedtls_test_transparent_mac_verify_finish()`
- `mbedtls_test_transparent_mac_abort()`
- No opaque entry point is tested (they're not implemented either).
Cipher:
- The following are not tested with a forced status nor with a forced output:
- `mbedtls_test_transparent_cipher_encrypt()`
- `mbedtls_test_transparent_cipher_finish()`
- No opaque entry point is tested (they're not implemented either).
AEAD:
- The following are not tested with a forced status:
- `mbedtls_test_transparent_aead_set_nonce()`
- `mbedtls_test_transparent_aead_set_lengths()`
- `mbedtls_test_transparent_aead_update_ad()`
- `mbedtls_test_transparent_aead_update()`
- `mbedtls_test_transparent_aead_finish()`
- `mbedtls_test_transparent_aead_verify()`
- `mbedtls_test_transparent_aead_verify()` is not tested with an invalid tag
(though it might be in another test suite).
Signature:
- `sign_hash()` is not tested with RSA-PSS
- No opaque entry point is tested (they're not implemented either).
Key agreement:
- `mbedtls_test_transparent_key_agreement()` is not tested with FFDH.
- No opaque entry point is tested (they're not implemented either).
PAKE:
- All lines are covered.

5
docs/driver-only-builds.md
View File

@ -277,6 +277,11 @@ The same holds for the associated algorithm:
`[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow builds accelerating FFDH and
removing builtin support (i.e. `MBEDTLS_DHM_C`).
Note that the PSA API only supports FFDH with RFC 7919 groups, whereas the
Mbed TLS legacy API supports custom groups. As a consequence, the TLS layer
of Mbed TLS only supports DHE cipher suites if built-in FFDH
(`MBEDTLS_DHM_C`) is present, even when `MBEDTLS_USE_PSA_CRYPTO` is enabled.
RSA
---

9
docs/use-psa-crypto.md
View File

@ -75,13 +75,8 @@ operations and its public part can be exported.
**Benefits:** isolation of long-term secrets, use of PSA Crypto drivers.
**Limitations:** can only wrap a key pair, can only use it for private key
operations. (That is, signature generation, and for RSA decryption too.)
Note: for ECDSA, currently this uses randomized ECDSA while Mbed TLS uses
deterministic ECDSA by default. The following operations are not supported
with a context set this way, while they would be available with a normal
context: `mbedtls_pk_check_pair()`, `mbedtls_pk_debug()`, all public key
operations.
**Limitations:** please refer to the documentation of `mbedtls_pk_setup_opaque()`
for a full list of supported operations and limitations.
**Use in X.509 and TLS:** opt-in. The application needs to construct the PK context
using the new API in order to get the benefits; it can then pass the

4
doxygen/mbedtls.doxyfile
View File

@ -6,7 +6,7 @@ EXTRACT_ALL = YES
EXTRACT_PRIVATE = YES
EXTRACT_STATIC = YES
CASE_SENSE_NAMES = NO
INPUT = ../include input ../tests/include/alt-dummy
INPUT = ../include ../tf-psa-crypto/include input ../tf-psa-crypto/drivers/builtin/include ../tests/include/alt-dummy
FILE_PATTERNS = *.h
RECURSIVE = YES
EXCLUDE_SYMLINKS = YES
@ -21,7 +21,7 @@ GENERATE_LATEX = NO
GENERATE_XML = YES
MACRO_EXPANSION = YES
EXPAND_ONLY_PREDEF = YES
INCLUDE_PATH = ../include
INCLUDE_PATH = ../include ../tf-psa-crypto/include ../tf-psa-crypto/drivers/builtin/include
EXPAND_AS_DEFINED = MBEDTLS_PRIVATE
CLASS_DIAGRAMS = NO
HAVE_DOT = YES

2
framework

@ -1 +1 @@
Subproject commit 750634d3a51eb9d61b59fd5d801546927c946588
Subproject commit 29e8dce54a1041e22489f713cc8c44f700fafcec

7
include/CMakeLists.txt
View File

@ -3,20 +3,13 @@ option(INSTALL_MBEDTLS_HEADERS "Install Mbed TLS headers." ON)
if(INSTALL_MBEDTLS_HEADERS)
file(GLOB headers "mbedtls/*.h")
file(GLOB psa_headers "psa/*.h")
install(FILES ${headers}
DESTINATION include/mbedtls
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
install(FILES ${psa_headers}
DESTINATION include/psa
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
endif(INSTALL_MBEDTLS_HEADERS)
# Make mbedtls_config.h available in an out-of-source build. ssl-opt.sh requires it.
if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
link_to_source(mbedtls)
link_to_source(psa)
endif()

22
include/mbedtls/build_info.h
View File

@ -101,6 +101,13 @@
#define inline __inline
#endif
#if defined(MBEDTLS_CONFIG_FILES_READ)
#error "Something went wrong: MBEDTLS_CONFIG_FILES_READ defined before reading the config files!"
#endif
#if defined(MBEDTLS_CONFIG_IS_FINALIZED)
#error "Something went wrong: MBEDTLS_CONFIG_IS_FINALIZED defined before reading the config files!"
#endif
/* X.509, TLS and non-PSA crypto configuration */
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/mbedtls_config.h"
@ -135,6 +142,12 @@
#endif
#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
/* Indicate that all configuration files have been read.
* It is now time to adjust the configuration (follow through on dependencies,
* make PSA and legacy crypto consistent, etc.).
*/
#define MBEDTLS_CONFIG_FILES_READ
/* Auto-enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if
* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH and MBEDTLS_CTR_DRBG_C defined
* to ensure a 128-bit key size in CTR_DRBG.
@ -169,8 +182,13 @@
#include "mbedtls/config_adjust_ssl.h"
/* Make sure all configuration symbols are set before including check_config.h,
* even the ones that are calculated programmatically. */
/* Indicate that all configuration symbols are set,
* even the ones that are calculated programmatically.
* It is now safe to query the configuration (to check it, to size buffers,
* etc.).
*/
#define MBEDTLS_CONFIG_IS_FINALIZED
#include "mbedtls/check_config.h"
#endif /* MBEDTLS_BUILD_INFO_H */

14
include/mbedtls/check_config.h
View File

@ -2,6 +2,13 @@
* \file check_config.h
*
* \brief Consistency checks for configuration options
*
* This is an internal header. Do not include it directly.
*
* This header is included automatically by all public Mbed TLS headers
* (via mbedtls/build_info.h). Do not include it directly in a configuration
* file such as mbedtls/mbedtls_config.h or #MBEDTLS_USER_CONFIG_FILE!
* It would run at the wrong time due to missing derived symbols.
*/
/*
* Copyright The Mbed TLS Contributors
@ -12,6 +19,13 @@
#define MBEDTLS_CHECK_CONFIG_H
/* *INDENT-OFF* */
#if !defined(MBEDTLS_CONFIG_IS_FINALIZED)
#warning "Do not include mbedtls/check_config.h manually! " \
"This may cause spurious errors. " \
"It is included automatically at the right point since Mbed TLS 3.0."
#endif /* !MBEDTLS_CONFIG_IS_FINALIZED */
/*
* We assume CHAR_BIT is 8 in many places. In practice, this is true on our
* target platforms, so not an issue, but let's just be extra sure.

21
include/mbedtls/config_adjust_legacy_crypto.h
View File

@ -2,6 +2,8 @@
* \file mbedtls/config_adjust_legacy_crypto.h
* \brief Adjust legacy configuration configuration
*
* This is an internal header. Do not include it directly.
*
* Automatically enable certain dependencies. Generally, MBEDLTS_xxx
* configurations need to be explicitly enabled by the user: enabling
* MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
@ -22,6 +24,14 @@
#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
#if !defined(MBEDTLS_CONFIG_FILES_READ)
#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
"up to and including runtime errors such as buffer overflows. " \
"If you're trying to fix a complaint from check_config.h, just remove " \
"it from your configuration file: since Mbed TLS 3.0, it is included " \
"automatically at the right point."
#endif /* */
/* Ideally, we'd set those as defaults in mbedtls_config.h, but
* putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py.
*
@ -48,7 +58,8 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG))
defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC))
#define MBEDTLS_CIPHER_C
#endif
@ -293,6 +304,14 @@
#define MBEDTLS_ECP_LIGHT
#endif
/* Backward compatibility: after #8740 the RSA module offers functions to parse
* and write RSA private/public keys without relying on the PK one. Of course
* this needs ASN1 support to do so, so we enable it here. */
#if defined(MBEDTLS_RSA_C)
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#endif
/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in Mbed TLS version 3.5, while
* in previous version compressed points were automatically supported as long
* as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward

10
include/mbedtls/config_adjust_psa_from_legacy.h
View File

@ -2,6 +2,8 @@
* \file mbedtls/config_adjust_psa_from_legacy.h
* \brief Adjust PSA configuration: construct PSA configuration from legacy
*
* This is an internal header. Do not include it directly.
*
* When MBEDTLS_PSA_CRYPTO_CONFIG is disabled, we automatically enable
* cryptographic mechanisms through the PSA interface when the corresponding
* legacy mechanism is enabled. In many cases, this just enables the PSA
@ -18,6 +20,14 @@
#ifndef MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H
#define MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H
#if !defined(MBEDTLS_CONFIG_FILES_READ)
#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
"up to and including runtime errors such as buffer overflows. " \
"If you're trying to fix a complaint from check_config.h, just remove " \
"it from your configuration file: since Mbed TLS 3.0, it is included " \
"automatically at the right point."
#endif /* */
/*
* Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG
* is not defined

10
include/mbedtls/config_adjust_ssl.h
View File

@ -2,6 +2,8 @@
* \file mbedtls/config_adjust_ssl.h
* \brief Adjust TLS configuration
*
* This is an internal header. Do not include it directly.
*
* Automatically enable certain dependencies. Generally, MBEDLTS_xxx
* configurations need to be explicitly enabled by the user: enabling
* MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
@ -22,6 +24,14 @@
#ifndef MBEDTLS_CONFIG_ADJUST_SSL_H
#define MBEDTLS_CONFIG_ADJUST_SSL_H
#if !defined(MBEDTLS_CONFIG_FILES_READ)
#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
"up to and including runtime errors such as buffer overflows. " \
"If you're trying to fix a complaint from check_config.h, just remove " \
"it from your configuration file: since Mbed TLS 3.0, it is included " \
"automatically at the right point."
#endif /* */
/* The following blocks make it easier to disable all of TLS,
* or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
* key exchanges, options and extensions related to them. */

10
include/mbedtls/config_adjust_x509.h
View File

@ -2,6 +2,8 @@
* \file mbedtls/config_adjust_x509.h
* \brief Adjust X.509 configuration
*
* This is an internal header. Do not include it directly.
*
* Automatically enable certain dependencies. Generally, MBEDLTS_xxx
* configurations need to be explicitly enabled by the user: enabling
* MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
@ -22,4 +24,12 @@
#ifndef MBEDTLS_CONFIG_ADJUST_X509_H
#define MBEDTLS_CONFIG_ADJUST_X509_H
#if !defined(MBEDTLS_CONFIG_FILES_READ)
#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
"up to and including runtime errors such as buffer overflows. " \
"If you're trying to fix a complaint from check_config.h, just remove " \
"it from your configuration file: since Mbed TLS 3.0, it is included " \
"automatically at the right point."
#endif /* */
#endif /* MBEDTLS_CONFIG_ADJUST_X509_H */

16
include/mbedtls/mbedtls_config.h
View File

@ -40,12 +40,10 @@
* library/aria.c
* library/bn_mul.h
* library/constant_time.c
* library/padlock.h
*
* Required by:
* MBEDTLS_AESCE_C
* MBEDTLS_AESNI_C (on some platforms)
* MBEDTLS_PADLOCK_C
*
* Comment to disable the use of assembly code.
*/
@ -3010,20 +3008,6 @@
*/
#define MBEDTLS_OID_C
/**
* \def MBEDTLS_PADLOCK_C
*
* Enable VIA Padlock support on x86.
*
* Module: library/padlock.c
* Caller: library/aes.c
*
* Requires: MBEDTLS_HAVE_ASM
*
* This modules adds support for the VIA PadLock on x86.
*/
#define MBEDTLS_PADLOCK_C
/**
* \def MBEDTLS_PEM_PARSE_C
*

60
include/mbedtls/ssl.h
View File

@ -644,7 +644,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_GCM) && \
defined(MBEDTLS_MD_CAN_SHA384)
defined(PSA_WANT_ALG_SHA_384)
#define MBEDTLS_PSK_MAX_LEN 48 /* 384 bits */
#else
#define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */
@ -1156,7 +1156,7 @@ typedef void mbedtls_ssl_async_cancel_t(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_MD_CAN_SHA256)
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32
#elif defined(MBEDTLS_MD_CAN_SHA384)
#elif defined(PSA_WANT_ALG_SHA_384)
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 48
#elif defined(MBEDTLS_MD_CAN_SHA1)
@ -2364,7 +2364,7 @@ int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl,
*/
int mbedtls_ssl_get_own_cid(mbedtls_ssl_context *ssl,
int *enabled,
unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX],
size_t *own_cid_len);
/**
@ -3216,16 +3216,16 @@ void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf,
* a full handshake.
*
* \note This function can handle a variety of mechanisms for session
* resumption: For TLS 1.2, both session ID-based resumption and
* ticket-based resumption will be considered. For TLS 1.3,
* once implemented, sessions equate to tickets, and loading
* one or more sessions via this call will lead to their
* corresponding tickets being advertised as resumption PSKs
* by the client.
*
* \note Calling this function multiple times will only be useful
* once TLS 1.3 is supported. For TLS 1.2 connections, this
* function should be called at most once.
* resumption: For TLS 1.2, both session ID-based resumption
* and ticket-based resumption will be considered. For TLS 1.3,
* sessions equate to tickets, and loading one session by
* calling this function will lead to its corresponding ticket
* being advertised as resumption PSK by the client. This
* depends on session tickets being enabled (see
* #MBEDTLS_SSL_SESSION_TICKETS configuration option) though.
* If session tickets are disabled, a call to this function
* with a TLS 1.3 session, will not have any effect on the next
* handshake for the SSL context \p ssl.
*
* \param ssl The SSL context representing the connection which should
* be attempted to be setup using session resumption. This
@ -3240,9 +3240,10 @@ void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf,
*
* \return \c 0 if successful.
* \return \c MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session
* could not be loaded because of an implementation limitation.
* This error is non-fatal, and has no observable effect on
* the SSL context or the session that was attempted to be loaded.
* could not be loaded because one session has already been
* loaded. This error is non-fatal, and has no observable
* effect on the SSL context or the session that was attempted
* to be loaded.
* \return Another negative error code on other kinds of failure.
*
* \sa mbedtls_ssl_get_session()
@ -3309,8 +3310,16 @@ int mbedtls_ssl_session_load(mbedtls_ssl_session *session,
* to determine the necessary size by calling this function
* with \p buf set to \c NULL and \p buf_len to \c 0.
*
* \note For TLS 1.3 sessions, this feature is supported only if the
* MBEDTLS_SSL_SESSION_TICKETS configuration option is enabled,
* as in TLS 1.3 session resumption is possible only with
* tickets.
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
* \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the
* MBEDTLS_SSL_SESSION_TICKETS configuration option is disabled
* and the session is a TLS 1.3 session.
*/
int mbedtls_ssl_session_save(const mbedtls_ssl_session *session,
unsigned char *buf,
@ -4837,23 +4846,16 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl
* \note This function can handle a variety of mechanisms for session
* resumption: For TLS 1.2, both session ID-based resumption and
* ticket-based resumption will be considered. For TLS 1.3,
* once implemented, sessions equate to tickets, and calling
* this function multiple times will export the available
* tickets one a time until no further tickets are available,
* in which case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE will
* be returned.
*
* \note Calling this function multiple times will only be useful
* once TLS 1.3 is supported. For TLS 1.2 connections, this
* function should be called at most once.
* sessions equate to tickets, and if session tickets are
* enabled (see #MBEDTLS_SSL_SESSION_TICKETS configuration
* option), this function exports the last received ticket and
* the exported session may be used to resume the TLS 1.3
* session. If session tickets are disabled, exported sessions
* cannot be used to resume a TLS 1.3 session.
*
* \return \c 0 if successful. In this case, \p session can be used for
* session resumption by passing it to mbedtls_ssl_set_session(),
* and serialized for storage via mbedtls_ssl_session_save().
* \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no further session
* is available for export.
* This error is a non-fatal, and has no observable effect on
* the SSL context or the destination session.
* \return Another negative error code on other kinds of failure.
*
* \sa mbedtls_ssl_set_session()

24
library/CMakeLists.txt
View File

@ -53,7 +53,6 @@ set(src_crypto
memory_buffer_alloc.c
nist_kw.c
oid.c
padlock.c
pem.c
pk.c
pk_ecc.c
@ -130,19 +129,22 @@ set(src_tls
if(GEN_FILES)
find_package(Perl REQUIRED)
file(GLOB error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h)
file(GLOB crypto_error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/include/mbedtls/*.h)
file(GLOB tls_error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h)
add_custom_command(
OUTPUT
${CMAKE_CURRENT_BINARY_DIR}/error.c
COMMAND
${PERL_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/include/mbedtls
${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
${CMAKE_CURRENT_BINARY_DIR}/error.c
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
${error_headers}
${crypto_error_headers}
${tls_error_headers}
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/error.fmt
)
@ -171,7 +173,7 @@ if(GEN_FILES)
${CMAKE_CURRENT_BINARY_DIR}
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_ssl_debug_helpers.py
${error_headers}
${tls_error_headers}
)
add_custom_command(
@ -220,11 +222,13 @@ if(WIN32)
set(libs ${libs} ws2_32 bcrypt)
endif(WIN32)
if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
SET(CMAKE_C_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
SET(CMAKE_CXX_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
SET(CMAKE_C_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
SET(CMAKE_CXX_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
if(CMAKE_C_COMPILER_ID MATCHES "AppleClang")
set(CMAKE_C_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
set(CMAKE_C_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
endif()
if(CMAKE_CXX_COMPILER_ID MATCHES "AppleClang")
set(CMAKE_CXX_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
set(CMAKE_CXX_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
endif()
if(HAIKU)
@ -327,6 +331,8 @@ foreach(target IN LISTS target_libraries)
# of /library (which currently means: under /3rdparty).
target_include_directories(${target}
PUBLIC $<BUILD_INTERFACE:${MBEDTLS_DIR}/include/>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/include/>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/include/>
$<INSTALL_INTERFACE:include/>
PRIVATE ${MBEDTLS_DIR}/library/
# Needed to include psa_crypto_driver_wrappers.h

11
library/Makefile
View File

@ -28,11 +28,13 @@ CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
LDFLAGS ?=
# Include ../include for public headers and . for private headers.
# Note that . needs to be included explicitly for the sake of library
# files that are not in the /library directory (which currently means
# Include ../include, ../tf-psa-crypto/include and
# ../tf-psa-crypto/drivers/builtin/include for public headers and . for
# private headers. Note that . needs to be included explicitly for the sake of
# library files that are not in the /library directory (which currently means
# under /3rdparty).
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -D_FILE_OFFSET_BITS=64
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -I../tf-psa-crypto/include \
-I../tf-psa-crypto/drivers/builtin/include -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS =
ifdef DEBUG
@ -145,7 +147,6 @@ OBJS_CRYPTO= \
memory_buffer_alloc.o \
nist_kw.o \
oid.o \
padlock.o \
pem.o \
pk.o \
pk_ecc.o \

70
library/aes.c
View File

@ -30,21 +30,6 @@
#endif
#endif
#if defined(MBEDTLS_ARCH_IS_X86)
#if defined(MBEDTLS_PADLOCK_C)
#if !defined(MBEDTLS_HAVE_ASM)
#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
#error "MBEDTLS_AES_USE_HARDWARE_ONLY cannot be defined when " \
"MBEDTLS_PADLOCK_C is set"
#endif
#endif
#endif
#if defined(MBEDTLS_PADLOCK_C)
#include "padlock.h"
#endif
#if defined(MBEDTLS_AESNI_C)
#include "aesni.h"
#endif
@ -67,10 +52,6 @@
#if !defined(MBEDTLS_AES_ALT)
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
static int aes_padlock_ace = -1;
#endif
#if defined(MBEDTLS_AES_ROM_TABLES)
/*
* Forward S-box
@ -527,8 +508,7 @@ void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx)
* Note that the offset is in units of elements of buf, i.e. 32-bit words,
* i.e. an offset of 1 means 4 bytes and so on.
*/
#if (defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)) || \
(defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2)
#if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2
#define MAY_NEED_TO_ALIGN
#endif
@ -537,15 +517,6 @@ MBEDTLS_MAYBE_UNUSED static unsigned mbedtls_aes_rk_offset(uint32_t *buf)
#if defined(MAY_NEED_TO_ALIGN)
int align_16_bytes = 0;
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
if (aes_padlock_ace == -1) {
aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
}
if (aes_padlock_ace) {
align_16_bytes = 1;
}
#endif
#if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
align_16_bytes = 1;
@ -1000,13 +971,15 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
}
#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
/* VIA Padlock and our intrinsics-based implementation of AESNI require
* the round keys to be aligned on a 16-byte boundary. We take care of this
* before creating them, but the AES context may have moved (this can happen
* if the library is called from a language with managed memory), and in later
* calls it might have a different alignment with respect to 16-byte memory.
* So we may need to realign.
/*
* Our intrinsics-based implementation of AESNI requires the round keys to be
* aligned on a 16-byte boundary. We take care of this before creating them,
* but the AES context may have moved (this can happen if the library is
* called from a language with managed memory), and in later calls it might
* have a different alignment with respect to 16-byte memory. So we may need
* to realign.
*/
#if defined(MAY_NEED_TO_ALIGN)
MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx)
{
unsigned new_offset = mbedtls_aes_rk_offset(ctx->buf);
@ -1017,7 +990,7 @@ MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx)
ctx->rk_offset = new_offset;
}
}
#endif /* MAY_NEED_TO_ALIGN */
/*
* AES-ECB block encryption/decryption
*/
@ -1046,12 +1019,6 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
}
#endif
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
if (aes_padlock_ace > 0) {
return mbedtls_padlock_xcryptecb(ctx, mode, input, output);
}
#endif
#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
if (mode == MBEDTLS_AES_DECRYPT) {
@ -1092,18 +1059,6 @@ int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
}
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
if (aes_padlock_ace > 0) {
if (mbedtls_padlock_xcryptcbc(ctx, mode, length, iv, input, output) == 0) {
return 0;
}
// If padlock data misaligned, we just fall back to
// unaccelerated mode
//
}
#endif
const unsigned char *ivp = iv;
if (mode == MBEDTLS_AES_DECRYPT) {
@ -1860,11 +1815,6 @@ int mbedtls_aes_self_test(int verbose)
mbedtls_printf(" AES note: using AESNI.\n");
} else
#endif
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
if (mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE)) {
mbedtls_printf(" AES note: using VIA Padlock.\n");
} else
#endif
#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
mbedtls_printf(" AES note: using AESCE.\n");

4
library/block_cipher.c
View File

@ -51,6 +51,10 @@ static int mbedtls_cipher_error_from_psa(psa_status_t status)
void mbedtls_block_cipher_free(mbedtls_block_cipher_context_t *ctx)
{
if (ctx == NULL) {
return;
}
#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA)
if (ctx->engine == MBEDTLS_BLOCK_CIPHER_ENGINE_PSA) {
psa_destroy_key(ctx->psa_key_id);

3
library/cipher.c
View File

@ -849,6 +849,9 @@ static int get_pkcs_padding(unsigned char *input, size_t input_len,
}
padding_len = input[input_len - 1];
if (padding_len == 0 || padding_len > input_len) {
return MBEDTLS_ERR_CIPHER_INVALID_PADDING;
}
*data_len = input_len - padding_len;
mbedtls_ct_condition_t bad = mbedtls_ct_uint_gt(padding_len, input_len);

4
library/entropy.c
View File

@ -61,6 +61,10 @@ void mbedtls_entropy_init(mbedtls_entropy_context *ctx)
void mbedtls_entropy_free(mbedtls_entropy_context *ctx)
{
if (ctx == NULL) {
return;
}
/* If the context was already free, don't call free() again.
* This is important for mutexes which don't allow double-free. */
if (ctx->accumulator_started == -1) {

4
library/entropy_poll.c
View File

@ -5,10 +5,12 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#if defined(__linux__) || defined(__midipix__) && !defined(_GNU_SOURCE)
#if defined(__linux__) || defined(__midipix__)
/* Ensure that syscall() is available even when compiling with -std=c99 */
#if !defined(_GNU_SOURCE)
#define _GNU_SOURCE
#endif
#endif
#include "common.h"

8
library/lmots.c
View File

@ -387,6 +387,10 @@ void mbedtls_lmots_public_init(mbedtls_lmots_public_t *ctx)
void mbedtls_lmots_public_free(mbedtls_lmots_public_t *ctx)
{
if (ctx == NULL) {
return;
}
mbedtls_platform_zeroize(ctx, sizeof(*ctx));
}
@ -556,6 +560,10 @@ void mbedtls_lmots_private_init(mbedtls_lmots_private_t *ctx)
void mbedtls_lmots_private_free(mbedtls_lmots_private_t *ctx)
{
if (ctx == NULL) {
return;
}
mbedtls_platform_zeroize(ctx,
sizeof(*ctx));
}

8
library/lms.c
View File

@ -229,6 +229,10 @@ void mbedtls_lms_public_init(mbedtls_lms_public_t *ctx)
void mbedtls_lms_public_free(mbedtls_lms_public_t *ctx)
{
if (ctx == NULL) {
return;
}
mbedtls_platform_zeroize(ctx, sizeof(*ctx));
}
@ -528,6 +532,10 @@ void mbedtls_lms_private_init(mbedtls_lms_private_t *ctx)
void mbedtls_lms_private_free(mbedtls_lms_private_t *ctx)
{
if (ctx == NULL) {
return;
}
unsigned int idx;
if (ctx->have_private_key) {

38
library/md.c
View File

@ -41,7 +41,7 @@
#include "mbedtls/sha512.h"
#include "mbedtls/sha3.h"
#if defined(MBEDTLS_PSA_CRYPTO_C)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#include <psa/crypto.h>
#include "md_psa.h"
#include "psa_util_internal.h"
@ -76,7 +76,7 @@ static const mbedtls_md_info_t mbedtls_md5_info = {
};
#endif
#if defined(MBEDTLS_MD_CAN_RIPEMD160)
#if defined(PSA_WANT_ALG_RIPEMD160)
static const mbedtls_md_info_t mbedtls_ripemd160_info = {
MD_INFO(MBEDTLS_MD_RIPEMD160, 20, 64)
};
@ -88,7 +88,7 @@ static const mbedtls_md_info_t mbedtls_sha1_info = {
};
#endif
#if defined(MBEDTLS_MD_CAN_SHA224)
#if defined(PSA_WANT_ALG_SHA_224)
static const mbedtls_md_info_t mbedtls_sha224_info = {
MD_INFO(MBEDTLS_MD_SHA224, 28, 64)
};
@ -100,7 +100,7 @@ static const mbedtls_md_info_t mbedtls_sha256_info = {
};
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
static const mbedtls_md_info_t mbedtls_sha384_info = {
MD_INFO(MBEDTLS_MD_SHA384, 48, 128)
};
@ -130,7 +130,7 @@ static const mbedtls_md_info_t mbedtls_sha3_384_info = {
};
#endif
#if defined(MBEDTLS_MD_CAN_SHA3_512)
#if defined(PSA_WANT_ALG_SHA3_512)
static const mbedtls_md_info_t mbedtls_sha3_512_info = {
MD_INFO(MBEDTLS_MD_SHA3_512, 64, 72)
};
@ -143,7 +143,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type)
case MBEDTLS_MD_MD5:
return &mbedtls_md5_info;
#endif
#if defined(MBEDTLS_MD_CAN_RIPEMD160)
#if defined(PSA_WANT_ALG_RIPEMD160)
case MBEDTLS_MD_RIPEMD160:
return &mbedtls_ripemd160_info;
#endif
@ -151,7 +151,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type)
case MBEDTLS_MD_SHA1:
return &mbedtls_sha1_info;
#endif
#if defined(MBEDTLS_MD_CAN_SHA224)
#if defined(PSA_WANT_ALG_SHA_224)
case MBEDTLS_MD_SHA224:
return &mbedtls_sha224_info;
#endif
@ -159,7 +159,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type)
case MBEDTLS_MD_SHA256:
return &mbedtls_sha256_info;
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_MD_SHA384:
return &mbedtls_sha384_info;
#endif
@ -179,7 +179,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type)
case MBEDTLS_MD_SHA3_384:
return &mbedtls_sha3_384_info;
#endif
#if defined(MBEDTLS_MD_CAN_SHA3_512)
#if defined(PSA_WANT_ALG_SHA3_512)
case MBEDTLS_MD_SHA3_512:
return &mbedtls_sha3_512_info;
#endif
@ -761,13 +761,13 @@ mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info)
return md_info->type;
}
#if defined(MBEDTLS_PSA_CRYPTO_C)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
int mbedtls_md_error_from_psa(psa_status_t status)
{
return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors,
psa_generic_status_to_mbedtls);
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/************************************************************************
@ -785,14 +785,14 @@ static const int supported_digests[] = {
MBEDTLS_MD_SHA512,
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_MD_SHA384,
#endif
#if defined(MBEDTLS_MD_CAN_SHA256)
MBEDTLS_MD_SHA256,
#endif
#if defined(MBEDTLS_MD_CAN_SHA224)
#if defined(PSA_WANT_ALG_SHA_224)
MBEDTLS_MD_SHA224,
#endif
@ -800,7 +800,7 @@ static const int supported_digests[] = {
MBEDTLS_MD_SHA1,
#endif
#if defined(MBEDTLS_MD_CAN_RIPEMD160)
#if defined(PSA_WANT_ALG_RIPEMD160)
MBEDTLS_MD_RIPEMD160,
#endif
@ -820,7 +820,7 @@ static const int supported_digests[] = {
MBEDTLS_MD_SHA3_384,
#endif
#if defined(MBEDTLS_MD_CAN_SHA3_512)
#if defined(PSA_WANT_ALG_SHA3_512)
MBEDTLS_MD_SHA3_512,
#endif
@ -841,20 +841,20 @@ static const md_name_entry md_names[] = {
#if defined(MBEDTLS_MD_CAN_MD5)
{ "MD5", MBEDTLS_MD_MD5 },
#endif
#if defined(MBEDTLS_MD_CAN_RIPEMD160)
#if defined(PSA_WANT_ALG_RIPEMD160)
{ "RIPEMD160", MBEDTLS_MD_RIPEMD160 },
#endif
#if defined(MBEDTLS_MD_CAN_SHA1)
{ "SHA1", MBEDTLS_MD_SHA1 },
{ "SHA", MBEDTLS_MD_SHA1 }, // compatibility fallback
#endif
#if defined(MBEDTLS_MD_CAN_SHA224)
#if defined(PSA_WANT_ALG_SHA_224)
{ "SHA224", MBEDTLS_MD_SHA224 },
#endif
#if defined(MBEDTLS_MD_CAN_SHA256)
{ "SHA256", MBEDTLS_MD_SHA256 },
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ "SHA384", MBEDTLS_MD_SHA384 },
#endif
#if defined(MBEDTLS_MD_CAN_SHA512)
@ -869,7 +869,7 @@ static const md_name_entry md_names[] = {
#if defined(MBEDTLS_MD_CAN_SHA3_384)
{ "SHA3-384", MBEDTLS_MD_SHA3_384 },
#endif
#if defined(MBEDTLS_MD_CAN_SHA3_512)
#if defined(PSA_WANT_ALG_SHA3_512)
{ "SHA3-512", MBEDTLS_MD_SHA3_512 },
#endif
{ NULL, MBEDTLS_MD_NONE },

2
library/net_sockets.c
View File

@ -683,7 +683,7 @@ void mbedtls_net_close(mbedtls_net_context *ctx)
*/
void mbedtls_net_free(mbedtls_net_context *ctx)
{
if (ctx->fd == -1) {
if (ctx == NULL || ctx->fd == -1) {
return;
}

4
library/nist_kw.c
View File

@ -102,6 +102,10 @@ int mbedtls_nist_kw_setkey(mbedtls_nist_kw_context *ctx,
*/
void mbedtls_nist_kw_free(mbedtls_nist_kw_context *ctx)
{
if (ctx == NULL) {
return;
}
mbedtls_cipher_free(&ctx->cipher_ctx);
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_nist_kw_context));
}

38
library/oid.c
View File

@ -391,13 +391,13 @@ static const oid_sig_alg_t oid_sig_alg[] =
MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_MD_CAN_SHA1 */
#if defined(MBEDTLS_MD_CAN_SHA224)
#if defined(PSA_WANT_ALG_SHA_224)
{
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption",
"RSA with SHA-224"),
MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_MD_CAN_SHA224 */
#endif /* PSA_WANT_ALG_SHA_224 */
#if defined(MBEDTLS_MD_CAN_SHA256)
{
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption",
@ -405,13 +405,13 @@ static const oid_sig_alg_t oid_sig_alg[] =
MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption",
"RSA with SHA-384"),
MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA512)
{
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption",
@ -433,7 +433,7 @@ static const oid_sig_alg_t oid_sig_alg[] =
MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA,
},
#endif /* MBEDTLS_MD_CAN_SHA1 */
#if defined(MBEDTLS_MD_CAN_SHA224)
#if defined(PSA_WANT_ALG_SHA_224)
{
OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224"),
MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA,
@ -445,12 +445,12 @@ static const oid_sig_alg_t oid_sig_alg[] =
MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA,
},
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{
OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384"),
MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA,
},
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA512)
{
OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512"),
@ -731,7 +731,7 @@ static const oid_md_alg_t oid_md_alg[] =
MBEDTLS_MD_SHA1,
},
#endif
#if defined(MBEDTLS_MD_CAN_SHA224)
#if defined(PSA_WANT_ALG_SHA_224)
{
OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA224, "id-sha224", "SHA-224"),
MBEDTLS_MD_SHA224,
@ -743,7 +743,7 @@ static const oid_md_alg_t oid_md_alg[] =
MBEDTLS_MD_SHA256,
},
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{
OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA384, "id-sha384", "SHA-384"),
MBEDTLS_MD_SHA384,
@ -755,7 +755,7 @@ static const oid_md_alg_t oid_md_alg[] =
MBEDTLS_MD_SHA512,
},
#endif
#if defined(MBEDTLS_MD_CAN_RIPEMD160)
#if defined(PSA_WANT_ALG_RIPEMD160)
{
OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160"),
MBEDTLS_MD_RIPEMD160,
@ -779,7 +779,7 @@ static const oid_md_alg_t oid_md_alg[] =
MBEDTLS_MD_SHA3_384,
},
#endif
#if defined(MBEDTLS_MD_CAN_SHA3_512)
#if defined(PSA_WANT_ALG_SHA3_512)
{
OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_512, "id-sha3-512", "SHA-3-512"),
MBEDTLS_MD_SHA3_512,
@ -815,24 +815,24 @@ static const oid_md_hmac_t oid_md_hmac[] =
MBEDTLS_MD_SHA1,
},
#endif /* MBEDTLS_MD_CAN_SHA1 */
#if defined(MBEDTLS_MD_CAN_SHA224)
#if defined(PSA_WANT_ALG_SHA_224)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224"),
MBEDTLS_MD_SHA224,
},
#endif /* MBEDTLS_MD_CAN_SHA224 */
#endif /* PSA_WANT_ALG_SHA_224 */
#if defined(MBEDTLS_MD_CAN_SHA256)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256"),
MBEDTLS_MD_SHA256,
},
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA384, "hmacSHA384", "HMAC-SHA-384"),
MBEDTLS_MD_SHA384,
},
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA512)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA512, "hmacSHA512", "HMAC-SHA-512"),
@ -857,18 +857,18 @@ static const oid_md_hmac_t oid_md_hmac[] =
MBEDTLS_MD_SHA3_384,
},
#endif /* MBEDTLS_MD_CAN_SHA3_384 */
#if defined(MBEDTLS_MD_CAN_SHA3_512)
#if defined(PSA_WANT_ALG_SHA3_512)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_512, "hmacSHA3-512", "HMAC-SHA3-512"),
MBEDTLS_MD_SHA3_512,
},
#endif /* MBEDTLS_MD_CAN_SHA3_512 */
#if defined(MBEDTLS_MD_CAN_RIPEMD160)
#endif /* PSA_WANT_ALG_SHA3_512 */
#if defined(PSA_WANT_ALG_RIPEMD160)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_RIPEMD160, "hmacRIPEMD160", "HMAC-RIPEMD160"),
MBEDTLS_MD_RIPEMD160,
},
#endif /* MBEDTLS_MD_CAN_RIPEMD160 */
#endif /* PSA_WANT_ALG_RIPEMD160 */
{
NULL_OID_DESCRIPTOR,
MBEDTLS_MD_NONE,

157
library/padlock.c
View File

@ -1,157 +0,0 @@
/*
* VIA PadLock support functions
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* This implementation is based on the VIA PadLock Programming Guide:
*
* http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/
* programming_guide.pdf
*/
#include "common.h"
#if defined(MBEDTLS_PADLOCK_C)
#include "padlock.h"
#include <string.h>
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
/*
* PadLock detection routine
*/
int mbedtls_padlock_has_support(int feature)
{
static int flags = -1;
int ebx = 0, edx = 0;
if (flags == -1) {
asm ("movl %%ebx, %0 \n\t"
"movl $0xC0000000, %%eax \n\t"
"cpuid \n\t"
"cmpl $0xC0000001, %%eax \n\t"
"movl $0, %%edx \n\t"
"jb 1f \n\t"
"movl $0xC0000001, %%eax \n\t"
"cpuid \n\t"
"1: \n\t"
"movl %%edx, %1 \n\t"
"movl %2, %%ebx \n\t"
: "=m" (ebx), "=m" (edx)
: "m" (ebx)
: "eax", "ecx", "edx");
flags = edx;
}
return flags & feature;
}
/*
* PadLock AES-ECB block en(de)cryption
*/
int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16])
{
int ebx = 0;
uint32_t *rk;
uint32_t *blk;
uint32_t *ctrl;
unsigned char buf[256];
rk = ctx->buf + ctx->rk_offset;
if (((long) rk & 15) != 0) {
return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED;
}
blk = MBEDTLS_PADLOCK_ALIGN16(buf);
memcpy(blk, input, 16);
ctrl = blk + 4;
*ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode^1) - 10) << 9);
asm ("pushfl \n\t"
"popfl \n\t"
"movl %%ebx, %0 \n\t"
"movl $1, %%ecx \n\t"
"movl %2, %%edx \n\t"
"movl %3, %%ebx \n\t"
"movl %4, %%esi \n\t"
"movl %4, %%edi \n\t"
".byte 0xf3,0x0f,0xa7,0xc8 \n\t"
"movl %1, %%ebx \n\t"
: "=m" (ebx)
: "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk)
: "memory", "ecx", "edx", "esi", "edi");
memcpy(output, blk, 16);
return 0;
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* PadLock AES-CBC buffer en(de)cryption
*/
int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output)
{
int ebx = 0;
size_t count;
uint32_t *rk;
uint32_t *iw;
uint32_t *ctrl;
unsigned char buf[256];
rk = ctx->buf + ctx->rk_offset;
if (((long) input & 15) != 0 ||
((long) output & 15) != 0 ||
((long) rk & 15) != 0) {
return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED;
}
iw = MBEDTLS_PADLOCK_ALIGN16(buf);
memcpy(iw, iv, 16);
ctrl = iw + 4;
*ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode ^ 1) - 10) << 9);
count = (length + 15) >> 4;
asm ("pushfl \n\t"
"popfl \n\t"
"movl %%ebx, %0 \n\t"
"movl %2, %%ecx \n\t"
"movl %3, %%edx \n\t"
"movl %4, %%ebx \n\t"
"movl %5, %%esi \n\t"
"movl %6, %%edi \n\t"
"movl %7, %%eax \n\t"
".byte 0xf3,0x0f,0xa7,0xd0 \n\t"
"movl %1, %%ebx \n\t"
: "=m" (ebx)
: "m" (ebx), "m" (count), "m" (ctrl),
"m" (rk), "m" (input), "m" (output), "m" (iw)
: "memory", "eax", "ecx", "edx", "esi", "edi");
memcpy(iv, iw, 16);
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_VIA_PADLOCK_HAVE_CODE */
#endif /* MBEDTLS_PADLOCK_C */

111
library/padlock.h
View File

@ -1,111 +0,0 @@
/**
* \file padlock.h
*
* \brief VIA PadLock ACE for HW encryption/decryption supported by some
* processors
*
* \warning These functions are only for internal use by other library
* functions; you must not call them directly.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PADLOCK_H
#define MBEDTLS_PADLOCK_H
#include "mbedtls/build_info.h"
#include "mbedtls/aes.h"
#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */
#if defined(__has_feature)
#if __has_feature(address_sanitizer)
#define MBEDTLS_HAVE_ASAN
#endif
#endif
/*
* - `padlock` is implements with GNUC assembly for x86 target.
* - Some versions of ASan result in errors about not enough registers.
*/
#if defined(MBEDTLS_PADLOCK_C) && \
defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X86) && \
defined(MBEDTLS_HAVE_ASM) && \
!defined(MBEDTLS_HAVE_ASAN)
#define MBEDTLS_VIA_PADLOCK_HAVE_CODE
#include <stdint.h>
#define MBEDTLS_PADLOCK_RNG 0x000C
#define MBEDTLS_PADLOCK_ACE 0x00C0
#define MBEDTLS_PADLOCK_PHE 0x0C00
#define MBEDTLS_PADLOCK_PMM 0x3000
#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) (x) & ~15))
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Internal PadLock detection routine
*
* \note This function is only for internal use by other library
* functions; you must not call it directly.
*
* \param feature The feature to detect
*
* \return non-zero if CPU has support for the feature, 0 otherwise
*/
int mbedtls_padlock_has_support(int feature);
/**
* \brief Internal PadLock AES-ECB block en(de)cryption
*
* \note This function is only for internal use by other library
* functions; you must not call it directly.
*
* \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
* \param input 16-byte input block
* \param output 16-byte output block
*
* \return 0 if success, 1 if operation failed
*/
int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16]);
/**
* \brief Internal PadLock AES-CBC buffer en(de)cryption
*
* \note This function is only for internal use by other library
* functions; you must not call it directly.
*
* \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
* \param length length of the input data
* \param iv initialization vector (updated after use)
* \param input buffer holding the input data
* \param output buffer holding the output data
*
* \return 0 if success, 1 if operation failed
*/
int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output);
#ifdef __cplusplus
}
#endif
#endif /* HAVE_X86 */
#endif /* padlock.h */

4
library/pem.c
View File

@ -481,6 +481,10 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const
void mbedtls_pem_free(mbedtls_pem_context *ctx)
{
if (ctx == NULL) {
return;
}
if (ctx->buf != NULL) {
mbedtls_zeroize_and_free(ctx->buf, ctx->buflen);
}

46
library/pk.c
View File

@ -868,7 +868,6 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id,
psa_status_t status;
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type;
psa_algorithm_t alg_type;
size_t key_bits;
/* Use a buffer size large enough to contain either a key pair or public key. */
unsigned char exp_key[PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE];
@ -899,7 +898,6 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id,
key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(key_type);
}
key_bits = psa_get_key_bits(&key_attr);
alg_type = psa_get_key_algorithm(&key_attr);
#if defined(MBEDTLS_RSA_C)
if ((key_type == PSA_KEY_TYPE_RSA_KEY_PAIR) ||
@ -919,6 +917,7 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id,
goto exit;
}
psa_algorithm_t alg_type = psa_get_key_algorithm(&key_attr);
mbedtls_md_type_t md_type = MBEDTLS_MD_NONE;
if (PSA_ALG_GET_HASH(alg_type) != PSA_ALG_ANY_HASH) {
md_type = mbedtls_md_type_from_psa_alg(alg_type);
@ -968,6 +967,7 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id,
} else
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
{
(void) key_bits;
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
@ -1327,43 +1327,19 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type,
}
if (mbedtls_pk_get_type(ctx) == MBEDTLS_PK_OPAQUE) {
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t psa_alg, sign_alg;
#if defined(MBEDTLS_PSA_CRYPTO_C)
psa_algorithm_t psa_enrollment_alg;
#endif /* MBEDTLS_PSA_CRYPTO_C */
psa_status_t status;
status = psa_get_key_attributes(ctx->priv_id, &key_attr);
if (status != PSA_SUCCESS) {
return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
}
psa_alg = psa_get_key_algorithm(&key_attr);
#if defined(MBEDTLS_PSA_CRYPTO_C)
psa_enrollment_alg = psa_get_key_enrollment_algorithm(&key_attr);
#endif /* MBEDTLS_PSA_CRYPTO_C */
psa_reset_key_attributes(&key_attr);
/* Since we're PK type is MBEDTLS_PK_RSASSA_PSS at least one between
* alg and enrollment alg should be of type RSA_PSS. */
if (PSA_ALG_IS_RSA_PSS(psa_alg)) {
sign_alg = psa_alg;
}
#if defined(MBEDTLS_PSA_CRYPTO_C)
else if (PSA_ALG_IS_RSA_PSS(psa_enrollment_alg)) {
sign_alg = psa_enrollment_alg;
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
else {
/* The opaque key has no RSA PSS algorithm associated. */
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
/* Adjust the hashing algorithm. */
sign_alg = (sign_alg & ~PSA_ALG_HASH_MASK) | PSA_ALG_GET_HASH(psa_md_alg);
status = psa_sign_hash(ctx->priv_id, sign_alg,
/* PSA_ALG_RSA_PSS() behaves the same as PSA_ALG_RSA_PSS_ANY_SALT() when
* performing a signature, but they are encoded differently. Instead of
* extracting the proper one from the wrapped key policy, just try both. */
status = psa_sign_hash(ctx->priv_id, PSA_ALG_RSA_PSS(psa_md_alg),
hash, hash_len,
sig, sig_size, sig_len);
if (status == PSA_ERROR_NOT_PERMITTED) {
status = psa_sign_hash(ctx->priv_id, PSA_ALG_RSA_PSS_ANY_SALT(psa_md_alg),
hash, hash_len,
sig, sig_size, sig_len);
}
return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
}

15
library/psa_crypto.c
View File

@ -1835,6 +1835,9 @@ static psa_status_t psa_start_key_creation(
status = psa_copy_key_material_into_slot(
slot, (uint8_t *) (&slot_number), sizeof(slot_number));
if (status != PSA_SUCCESS) {
return status;
}
}
if (*p_drv == NULL && method == PSA_KEY_CREATION_REGISTER) {
@ -4628,11 +4631,7 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
goto exit;
}
if (alg == PSA_ALG_CCM_STAR_NO_TAG &&
input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH(slot->attr.type)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
} else if (input_length < PSA_CIPHER_IV_LENGTH(slot->attr.type, alg)) {
if (input_length < PSA_CIPHER_IV_LENGTH(slot->attr.type, alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
@ -5194,6 +5193,12 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
goto exit;
}
/* No input to add (zero length), nothing to do. */
if (input_length == 0) {
status = PSA_SUCCESS;
goto exit;
}
if (operation->lengths_set) {
if (operation->ad_remaining < input_length) {
status = PSA_ERROR_INVALID_ARGUMENT;

2
library/psa_crypto_cipher.c
View File

@ -263,7 +263,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
{
mbedtls_cipher_mode_t mode;
psa_status_t status;
mbedtls_cipher_id_t cipher_id_tmp;
mbedtls_cipher_id_t cipher_id_tmp = MBEDTLS_CIPHER_ID_NONE;
status = mbedtls_cipher_values_from_psa(alg, key_type, &key_bits, &mode, &cipher_id_tmp);
if (status != PSA_SUCCESS) {

5
library/psa_crypto_slot_management.c
View File

@ -424,6 +424,8 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key,
if (status != PSA_SUCCESS) {
psa_wipe_key_slot(*p_slot);
/* If the key does not exist, we need to return
* PSA_ERROR_INVALID_HANDLE. */
if (status == PSA_ERROR_DOES_NOT_EXIST) {
status = PSA_ERROR_INVALID_HANDLE;
}
@ -440,6 +442,9 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key,
status = PSA_ERROR_INVALID_HANDLE;
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
if (status != PSA_SUCCESS) {
*p_slot = NULL;
}
#if defined(MBEDTLS_THREADING_C)
PSA_THREADING_CHK_RET(mbedtls_mutex_unlock(
&mbedtls_threading_key_slot_mutex));

3
library/psa_crypto_slot_management.h
View File

@ -58,6 +58,9 @@ static inline int psa_key_id_is_volatile(psa_key_id_t key_id)
* It is the responsibility of the caller to call psa_unregister_read(slot)
* when they have finished reading the contents of the slot.
*
* On failure, `*p_slot` is set to NULL. This ensures that it is always valid
* to call psa_unregister_read on the returned slot.
*
* \param key Key identifier to query.
* \param[out] p_slot On success, `*p_slot` contains a pointer to the
* key slot containing the description of the key

2
library/sha256.c
View File

@ -44,7 +44,9 @@
#endif /* defined(__clang__) && (__clang_major__ >= 4) */
/* Ensure that SIG_SETMASK is defined when -std=c99 is used. */
#if !defined(_GNU_SOURCE)
#define _GNU_SOURCE
#endif
#include "common.h"

178
library/ssl_ciphersuites.c
View File

@ -282,13 +282,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_HAVE_AES)
#if defined(MBEDTLS_SSL_HAVE_GCM)
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
0,
MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
@ -410,7 +410,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
@ -423,7 +423,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_SSL_HAVE_CCM)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
@ -453,13 +453,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_CBC */
#if defined(MBEDTLS_SSL_HAVE_GCM)
@ -470,13 +470,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@ -518,7 +518,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
@ -531,7 +531,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_AES */
#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
@ -543,13 +543,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
"TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_CBC */
#if defined(MBEDTLS_SSL_HAVE_GCM)
@ -560,13 +560,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
"TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@ -582,13 +582,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
#if defined(MBEDTLS_SSL_HAVE_AES)
#if defined(MBEDTLS_MD_CAN_SHA384) && \
#if defined(PSA_WANT_ALG_SHA_384) && \
defined(MBEDTLS_SSL_HAVE_GCM)
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */
#endif /* PSA_WANT_ALG_SHA_384 && MBEDTLS_SSL_HAVE_GCM */
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(MBEDTLS_SSL_HAVE_GCM)
@ -678,12 +678,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@ -691,13 +691,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
#if defined(MBEDTLS_SSL_HAVE_AES)
#if defined(MBEDTLS_MD_CAN_SHA384) && \
#if defined(PSA_WANT_ALG_SHA_384) && \
defined(MBEDTLS_SSL_HAVE_GCM)
{ MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */
#endif /* PSA_WANT_ALG_SHA_384 && MBEDTLS_SSL_HAVE_GCM */
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(MBEDTLS_SSL_HAVE_GCM)
@ -788,12 +788,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@ -827,7 +827,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
@ -840,7 +840,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_AES */
#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
@ -852,13 +852,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
"TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_CBC */
#if defined(MBEDTLS_SSL_HAVE_GCM)
@ -869,13 +869,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
"TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@ -917,7 +917,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
@ -930,7 +930,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_AES */
#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
@ -942,13 +942,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_CBC */
#if defined(MBEDTLS_SSL_HAVE_GCM)
@ -959,13 +959,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@ -989,12 +989,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#if defined(MBEDTLS_SSL_HAVE_CBC)
@ -1005,12 +1005,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA1)
{ MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
@ -1053,12 +1053,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_CBC */
#if defined(MBEDTLS_SSL_HAVE_GCM)
@ -1069,12 +1069,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@ -1090,12 +1090,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#if defined(MBEDTLS_SSL_HAVE_CBC)
@ -1106,12 +1106,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA1)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
@ -1154,12 +1154,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_CBC */
#if defined(MBEDTLS_SSL_HAVE_GCM)
@ -1170,12 +1170,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@ -1192,12 +1192,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA1)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
@ -1223,13 +1223,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
"TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_CBC */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@ -1245,12 +1245,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#if defined(MBEDTLS_SSL_HAVE_CBC)
@ -1261,12 +1261,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA1)
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
@ -1291,12 +1291,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_CBC */
#if defined(MBEDTLS_SSL_HAVE_GCM)
@ -1307,12 +1307,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@ -1368,12 +1368,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_CIPHERSUITE_WEAK,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
@ -1391,12 +1391,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_CIPHERSUITE_WEAK,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
@ -1414,12 +1414,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
MBEDTLS_CIPHERSUITE_WEAK,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
@ -1437,12 +1437,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
MBEDTLS_CIPHERSUITE_WEAK,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
@ -1450,7 +1450,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
@ -1458,7 +1458,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
@ -1485,7 +1485,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
@ -1493,7 +1493,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
@ -1520,7 +1520,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
@ -1528,7 +1528,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
@ -1555,7 +1555,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
@ -1563,7 +1563,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
@ -1590,7 +1590,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
@ -1598,7 +1598,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
@ -1626,7 +1626,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
@ -1646,7 +1646,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
@ -1654,7 +1654,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
@ -1681,7 +1681,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
@ -1689,7 +1689,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
@ -1716,7 +1716,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
@ -1724,7 +1724,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
@ -1751,7 +1751,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
@ -1759,7 +1759,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
defined(MBEDTLS_MD_CAN_SHA384))
defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,

6
library/ssl_cookie.c
View File

@ -44,7 +44,7 @@ static int local_err_translation(psa_status_t status)
#define COOKIE_MD MBEDTLS_MD_SHA256
#define COOKIE_MD_OUTLEN 32
#define COOKIE_HMAC_LEN 28
#elif defined(MBEDTLS_MD_CAN_SHA384)
#elif defined(PSA_WANT_ALG_SHA_384)
#define COOKIE_MD MBEDTLS_MD_SHA384
#define COOKIE_MD_OUTLEN 48
#define COOKIE_HMAC_LEN 28
@ -84,6 +84,10 @@ void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long d
void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx)
{
if (ctx == NULL) {
return;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key(ctx->psa_hmac_key);
#else

16
library/ssl_misc.h
View File

@ -288,7 +288,7 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type);
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
/* Ciphersuites using HMAC */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
#elif defined(MBEDTLS_MD_CAN_SHA256)
#define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
@ -929,7 +929,7 @@ struct mbedtls_ssl_handshake_params {
mbedtls_md_context_t fin_sha256;
#endif
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_operation_t fin_sha384_psa;
#else
@ -2433,10 +2433,10 @@ static inline int mbedtls_ssl_tls13_sig_alg_is_supported(
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
break;
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
break;
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA512)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
break;
@ -2489,12 +2489,12 @@ static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
*pk_type = MBEDTLS_PK_RSASSA_PSS;
break;
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
*md_alg = MBEDTLS_MD_SHA384;
*pk_type = MBEDTLS_PK_RSASSA_PSS;
break;
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA512)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
*md_alg = MBEDTLS_MD_SHA512;
@ -2527,7 +2527,7 @@ static inline int mbedtls_ssl_tls12_sig_alg_is_supported(
break;
#endif
#if defined(MBEDTLS_MD_CAN_SHA224)
#if defined(PSA_WANT_ALG_SHA_224)
case MBEDTLS_SSL_HASH_SHA224:
break;
#endif
@ -2537,7 +2537,7 @@ static inline int mbedtls_ssl_tls12_sig_alg_is_supported(
break;
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_SSL_HASH_SHA384:
break;
#endif

33
library/ssl_msg.c
View File

@ -5570,9 +5570,9 @@ static int ssl_check_ctr_renegotiate(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
#if defined(MBEDTLS_SSL_CLI_C)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_new_session_ticket(mbedtls_ssl_context *ssl)
static int ssl_tls13_is_new_session_ticket(mbedtls_ssl_context *ssl)
{
if ((ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl)) ||
@ -5580,15 +5580,9 @@ static int ssl_tls13_check_new_session_ticket(mbedtls_ssl_context *ssl)
return 0;
}
ssl->keep_current_message = 1;
MBEDTLS_SSL_DEBUG_MSG(3, ("NewSessionTicket received"));
mbedtls_ssl_handshake_set_state(ssl,
MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
return MBEDTLS_ERR_SSL_WANT_READ;
return 1;
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#endif /* MBEDTLS_SSL_CLI_C */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl)
@ -5596,14 +5590,23 @@ static int ssl_tls13_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_DEBUG_MSG(3, ("received post-handshake message"));
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
#if defined(MBEDTLS_SSL_CLI_C)
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
int ret = ssl_tls13_check_new_session_ticket(ssl);
if (ret != 0) {
return ret;
if (ssl_tls13_is_new_session_ticket(ssl)) {
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_SSL_DEBUG_MSG(3, ("NewSessionTicket received"));
ssl->keep_current_message = 1;
mbedtls_ssl_handshake_set_state(ssl,
MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
return MBEDTLS_ERR_SSL_WANT_READ;
#else
MBEDTLS_SSL_DEBUG_MSG(3, ("Ignore NewSessionTicket, not supported."));
return 0;
#endif
}
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#endif /* MBEDTLS_SSL_CLI_C */
/* Fail in all other cases. */
return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;

4
library/ssl_ticket.c
View File

@ -534,6 +534,10 @@ cleanup:
*/
void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx)
{
if (ctx == NULL) {
return;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key(ctx->keys[0].key);
psa_destroy_key(ctx->keys[1].key);

114
library/ssl_tls.c
View File

@ -132,7 +132,7 @@ int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl,
int mbedtls_ssl_get_own_cid(mbedtls_ssl_context *ssl,
int *enabled,
unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX],
size_t *own_cid_len)
{
*enabled = MBEDTLS_SSL_CID_DISABLED;
@ -436,7 +436,7 @@ static int ssl_calc_finished_tls_sha256(mbedtls_ssl_context *, unsigned char *,
#endif /* MBEDTLS_MD_CAN_SHA256*/
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_sha384(const unsigned char *secret, size_t slen,
const char *label,
@ -445,7 +445,7 @@ static int tls_prf_sha384(const unsigned char *secret, size_t slen,
static int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *, unsigned char *, size_t *);
static int ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int);
#endif /* MBEDTLS_MD_CAN_SHA384*/
#endif /* PSA_WANT_ALG_SHA_384*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls12_session_load(mbedtls_ssl_session *session,
@ -459,9 +459,9 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *, const unsigned char
static int ssl_update_checksum_sha256(mbedtls_ssl_context *, const unsigned char *, size_t);
#endif /* MBEDTLS_MD_CAN_SHA256*/
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
static int ssl_update_checksum_sha384(mbedtls_ssl_context *, const unsigned char *, size_t);
#endif /* MBEDTLS_MD_CAN_SHA384*/
#endif /* PSA_WANT_ALG_SHA_384*/
int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
const unsigned char *secret, size_t slen,
@ -473,11 +473,11 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
switch (prf) {
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_SSL_TLS_PRF_SHA384:
tls_prf = tls_prf_sha384;
break;
#endif /* MBEDTLS_MD_CAN_SHA384*/
#endif /* PSA_WANT_ALG_SHA_384*/
#if defined(MBEDTLS_MD_CAN_SHA256)
case MBEDTLS_SSL_TLS_PRF_SHA256:
tls_prf = tls_prf_sha256;
@ -784,7 +784,7 @@ void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl,
{
((void) ciphersuite_info);
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
ssl->handshake->update_checksum = ssl_update_checksum_sha384;
} else
@ -831,7 +831,7 @@ int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl,
int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_MD_CAN_SHA256) || \
defined(MBEDTLS_MD_CAN_SHA384)
defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
#else
@ -865,7 +865,7 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
}
#endif
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_abort(&ssl->handshake->fin_sha384_psa);
if (status != PSA_SUCCESS) {
@ -896,7 +896,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len)
{
#if defined(MBEDTLS_MD_CAN_SHA256) || \
defined(MBEDTLS_MD_CAN_SHA384)
defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
#else
@ -920,7 +920,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl,
}
#endif
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
if (status != PSA_SUCCESS) {
@ -949,7 +949,7 @@ static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl,
}
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len)
{
@ -973,7 +973,7 @@ static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake)
mbedtls_md_init(&handshake->fin_sha256);
#endif
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->fin_sha384_psa = psa_hash_operation_init();
#else
@ -1760,6 +1760,7 @@ int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
mbedtls_ssl_ciphersuite_from_id(session->ciphersuite);
@ -1770,6 +1771,14 @@ int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session
session->ciphersuite));
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
#else
/*
* If session tickets are not enabled, it is not possible to resume a
* TLS 1.3 session, thus do not make any change to the SSL context in
* the first place.
*/
return 0;
#endif
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
@ -2234,6 +2243,7 @@ static void ssl_remove_psk(mbedtls_ssl_context *ssl)
mbedtls_zeroize_and_free(ssl->handshake->psk,
ssl->handshake->psk_len);
ssl->handshake->psk_len = 0;
ssl->handshake->psk = NULL;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
@ -4049,7 +4059,7 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session,
}
static int ssl_tls13_session_load(const mbedtls_ssl_session *session,
unsigned char *buf,
const unsigned char *buf,
size_t buf_len)
{
((void) session);
@ -4792,7 +4802,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
mbedtls_md_free(&handshake->fin_sha256);
#endif
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&handshake->fin_sha384_psa);
#else
@ -5661,7 +5671,7 @@ static const uint16_t ssl_preset_default_sig_algs[] = {
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA384) && \
defined(PSA_WANT_ALG_SHA_384) && \
defined(PSA_WANT_ECC_SECP_R1_384)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
// == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384)
@ -5678,7 +5688,7 @@ static const uint16_t ssl_preset_default_sig_algs[] = {
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512,
#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_MD_CAN_SHA384)
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384,
#endif
@ -5690,9 +5700,9 @@ static const uint16_t ssl_preset_default_sig_algs[] = {
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512,
#endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA512 */
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA384)
#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384,
#endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA384 */
#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256)
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
@ -5717,7 +5727,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = {
#endif
#endif /* MBEDTLS_MD_CAN_SHA512 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
#endif
@ -5727,7 +5737,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = {
#if defined(MBEDTLS_RSA_C)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384),
#endif
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
@ -5756,7 +5766,7 @@ static const uint16_t ssl_preset_suiteb_sig_algs[] = {
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA384) && \
defined(PSA_WANT_ALG_SHA_384) && \
defined(MBEDTLS_ECP_HAVE_SECP384R1)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
// == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384)
@ -5775,11 +5785,11 @@ static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
#endif
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
#endif
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
MBEDTLS_TLS_SIG_NONE
};
@ -6030,6 +6040,10 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
*/
void mbedtls_ssl_config_free(mbedtls_ssl_config *conf)
{
if (conf == NULL) {
return;
}
#if defined(MBEDTLS_DHM_C)
mbedtls_mpi_free(&conf->dhm_P);
mbedtls_mpi_free(&conf->dhm_G);
@ -6126,7 +6140,7 @@ mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash)
case MBEDTLS_SSL_HASH_SHA1:
return MBEDTLS_MD_SHA1;
#endif
#if defined(MBEDTLS_MD_CAN_SHA224)
#if defined(PSA_WANT_ALG_SHA_224)
case MBEDTLS_SSL_HASH_SHA224:
return MBEDTLS_MD_SHA224;
#endif
@ -6134,7 +6148,7 @@ mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash)
case MBEDTLS_SSL_HASH_SHA256:
return MBEDTLS_MD_SHA256;
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_SSL_HASH_SHA384:
return MBEDTLS_MD_SHA384;
#endif
@ -6161,7 +6175,7 @@ unsigned char mbedtls_ssl_hash_from_md_alg(int md)
case MBEDTLS_MD_SHA1:
return MBEDTLS_SSL_HASH_SHA1;
#endif
#if defined(MBEDTLS_MD_CAN_SHA224)
#if defined(PSA_WANT_ALG_SHA_224)
case MBEDTLS_MD_SHA224:
return MBEDTLS_SSL_HASH_SHA224;
#endif
@ -6169,7 +6183,7 @@ unsigned char mbedtls_ssl_hash_from_md_alg(int md)
case MBEDTLS_MD_SHA256:
return MBEDTLS_SSL_HASH_SHA256;
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_MD_SHA384:
return MBEDTLS_SSL_HASH_SHA384;
#endif
@ -6423,7 +6437,7 @@ int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
*olen = 0;
switch (md) {
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_MD_SHA384:
hash_operation_to_clone = &ssl->handshake->fin_sha384_psa;
break;
@ -6450,7 +6464,7 @@ int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
}
exit:
#if !defined(MBEDTLS_MD_CAN_SHA384) && \
#if !defined(PSA_WANT_ALG_SHA_384) && \
!defined(MBEDTLS_MD_CAN_SHA256)
(void) ssl;
#endif
@ -6458,7 +6472,7 @@ exit:
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl,
unsigned char *dst,
@ -6494,7 +6508,7 @@ exit:
mbedtls_md_free(&sha384);
return ret;
}
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA256)
MBEDTLS_CHECK_RETURN_CRITICAL
@ -6542,10 +6556,10 @@ int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
{
switch (md) {
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_MD_SHA384:
return ssl_get_handshake_transcript_sha384(ssl, dst, dst_len, olen);
#endif /* MBEDTLS_MD_CAN_SHA384*/
#endif /* PSA_WANT_ALG_SHA_384*/
#if defined(MBEDTLS_MD_CAN_SHA256)
case MBEDTLS_MD_SHA256:
@ -6553,7 +6567,7 @@ int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_MD_CAN_SHA256*/
default:
#if !defined(MBEDTLS_MD_CAN_SHA384) && \
#if !defined(PSA_WANT_ALG_SHA_384) && \
!defined(MBEDTLS_MD_CAN_SHA256)
(void) ssl;
(void) dst;
@ -6821,7 +6835,7 @@ static int tls_prf_generic(mbedtls_md_type_t md_type,
#if defined(MBEDTLS_MD_C) && \
(defined(MBEDTLS_MD_CAN_SHA256) || \
defined(MBEDTLS_MD_CAN_SHA384))
defined(PSA_WANT_ALG_SHA_384))
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_generic(mbedtls_md_type_t md_type,
const unsigned char *secret, size_t slen,
@ -6925,7 +6939,7 @@ exit:
return ret;
}
#endif /* MBEDTLS_MD_C && ( MBEDTLS_MD_CAN_SHA256 || MBEDTLS_MD_CAN_SHA384 ) */
#endif /* MBEDTLS_MD_C && ( MBEDTLS_MD_CAN_SHA256 || PSA_WANT_ALG_SHA_384 ) */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_MD_CAN_SHA256)
@ -6940,7 +6954,7 @@ static int tls_prf_sha256(const unsigned char *secret, size_t slen,
}
#endif /* MBEDTLS_MD_CAN_SHA256*/
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_sha384(const unsigned char *secret, size_t slen,
const char *label,
@ -6950,7 +6964,7 @@ static int tls_prf_sha384(const unsigned char *secret, size_t slen,
return tls_prf_generic(MBEDTLS_MD_SHA384, secret, slen,
label, random, rlen, dstbuf, dlen);
}
#endif /* MBEDTLS_MD_CAN_SHA384*/
#endif /* PSA_WANT_ALG_SHA_384*/
/*
* Set appropriate PRF function and other SSL / TLS1.2 functions
@ -6965,7 +6979,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_set_handshake_prfs(mbedtls_ssl_handshake_params *handshake,
mbedtls_md_type_t hash)
{
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
if (hash == MBEDTLS_MD_SHA384) {
handshake->tls_prf = tls_prf_sha384;
handshake->calc_verify = ssl_calc_verify_tls_sha384;
@ -7262,7 +7276,7 @@ int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl)
int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md)
{
switch (md) {
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_SSL_HASH_SHA384:
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
break;
@ -7275,7 +7289,7 @@ int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md)
default:
return -1;
}
#if !defined(MBEDTLS_MD_CAN_SHA384) && \
#if !defined(PSA_WANT_ALG_SHA_384) && \
!defined(MBEDTLS_MD_CAN_SHA256)
(void) ssl;
#endif
@ -7369,7 +7383,7 @@ int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl,
}
#endif /* MBEDTLS_MD_CAN_SHA256 */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl,
unsigned char *hash,
size_t *hlen)
@ -7382,7 +7396,7 @@ int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl,
hash, hlen);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
@ -8421,7 +8435,7 @@ static int ssl_calc_finished_tls_sha256(
#endif /* MBEDTLS_MD_CAN_SHA256*/
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
static int ssl_calc_finished_tls_sha384(
mbedtls_ssl_context *ssl, unsigned char *buf, int from)
{
@ -8435,7 +8449,7 @@ static int ssl_calc_finished_tls_sha384(
padbuf, sizeof(padbuf),
buf, from);
}
#endif /* MBEDTLS_MD_CAN_SHA384*/
#endif /* PSA_WANT_ALG_SHA_384*/
void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl)
{
@ -8728,7 +8742,7 @@ static tls_prf_fn ssl_tls12prf_from_cs(int ciphersuite_id)
{
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
if (ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
return tls_prf_sha384;
} else
@ -8740,7 +8754,7 @@ static tls_prf_fn ssl_tls12prf_from_cs(int ciphersuite_id)
}
}
#endif
#if !defined(MBEDTLS_MD_CAN_SHA384) && \
#if !defined(PSA_WANT_ALG_SHA_384) && \
!defined(MBEDTLS_MD_CAN_SHA256)
(void) ciphersuite_info;
#endif
@ -8752,7 +8766,7 @@ static tls_prf_fn ssl_tls12prf_from_cs(int ciphersuite_id)
static mbedtls_tls_prf_types tls_prf_get_type(mbedtls_ssl_tls_prf_cb *tls_prf)
{
((void) tls_prf);
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
if (tls_prf == tls_prf_sha384) {
return MBEDTLS_SSL_TLS_PRF_SHA384;
} else

21
library/ssl_tls12_server.c
View File

@ -2631,13 +2631,8 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes);
ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes);
if (pk_type == MBEDTLS_PK_OPAQUE) {
/* Opaque key is created by the user (externally from Mbed TLS)
* so we assume it already has the right algorithm and flags
* set. Just copy its ID as reference. */
ssl->handshake->xxdh_psa_privkey = pk->priv_id;
ssl->handshake->xxdh_psa_privkey_is_external = 1;
} else {
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
if (pk_type != MBEDTLS_PK_OPAQUE) {
/* PK_ECKEY[_DH] and PK_ECDSA instead as parsed from the PK
* module and only have ECDSA capabilities. Since we need
* them for ECDH later, we export and then re-import them with
@ -2665,10 +2660,20 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
/* Set this key as owned by the TLS library: it will be its duty
* to clear it exit. */
ssl->handshake->xxdh_psa_privkey_is_external = 0;
}
ret = 0;
break;
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
/* Opaque key is created by the user (externally from Mbed TLS)
* so we assume it already has the right algorithm and flags
* set. Just copy its ID as reference. */
ssl->handshake->xxdh_psa_privkey = pk->priv_id;
ssl->handshake->xxdh_psa_privkey_is_external = 1;
ret = 0;
break;
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:

2
library/ssl_tls13_client.c
View File

@ -666,6 +666,7 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext(mbedtls_ssl_context *ssl,
return 0;
}
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg(int ciphersuite)
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL;
@ -678,7 +679,6 @@ static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg(int ciphersuite)
return PSA_ALG_NONE;
}
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
static int ssl_tls13_has_configured_ticket(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_session *session = ssl->session_negotiate;

14
library/ssl_tls13_generic.c
View File

@ -193,10 +193,12 @@ static void ssl_tls13_create_verify_structure(const unsigned char *transcript_ha
idx = 64;
if (from == MBEDTLS_SSL_IS_CLIENT) {
memcpy(verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(client_cv));
memcpy(verify_buffer + idx, mbedtls_ssl_tls13_labels.client_cv,
MBEDTLS_SSL_TLS1_3_LBL_LEN(client_cv));
idx += MBEDTLS_SSL_TLS1_3_LBL_LEN(client_cv);
} else { /* from == MBEDTLS_SSL_IS_SERVER */
memcpy(verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(server_cv));
memcpy(verify_buffer + idx, mbedtls_ssl_tls13_labels.server_cv,
MBEDTLS_SSL_TLS1_3_LBL_LEN(server_cv));
idx += MBEDTLS_SSL_TLS1_3_LBL_LEN(server_cv);
}
@ -1482,9 +1484,11 @@ int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl,
ssl->total_early_data_size)) {
MBEDTLS_SSL_DEBUG_MSG(
2, ("EarlyData: Too much early data received, %u + %" MBEDTLS_PRINTF_SIZET " > %u",
ssl->total_early_data_size, early_data_len,
ssl->session_negotiate->max_early_data_size));
2, ("EarlyData: Too much early data received, "
"%lu + %" MBEDTLS_PRINTF_SIZET " > %lu",
(unsigned long) ssl->total_early_data_size,
early_data_len,
(unsigned long) ssl->session_negotiate->max_early_data_size));
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,

11
library/ssl_tls13_server.c
View File

@ -92,8 +92,9 @@ static void ssl_tls13_select_ciphersuite(
return;
}
MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite, psk_ciphersuite_id=%x, psk_hash_alg=%x",
(unsigned) psk_ciphersuite_id, psk_hash_alg));
MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite, psk_ciphersuite_id=%x, psk_hash_alg=%lx",
(unsigned) psk_ciphersuite_id,
(unsigned long) psk_hash_alg));
}
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
@ -172,12 +173,12 @@ static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl,
#define SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE 1
#define SSL_TLS1_3_PSK_IDENTITY_MATCH 0
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_offered_psks_check_identity_match_ticket(
mbedtls_ssl_context *ssl,
@ -575,10 +576,8 @@ static int ssl_tls13_parse_pre_shared_key_ext(
psa_algorithm_t psk_hash_alg;
int allowed_key_exchange_modes;
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_session session;
mbedtls_ssl_session_init(&session);
#endif
MBEDTLS_SSL_CHK_BUF_READ_PTR(p_identity_len, identities_end, 2 + 1 + 4);
identity_len = MBEDTLS_GET_UINT16_BE(p_identity_len, 0);
@ -3109,6 +3108,7 @@ static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl)
return 0;
}
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
/*
* Handler for MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET
*/
@ -3138,7 +3138,6 @@ static int ssl_tls13_write_new_session_ticket_coordinate(mbedtls_ssl_context *ss
return SSL_NEW_SESSION_TICKET_WRITE;
}
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl,
unsigned char *ticket_nonce,

6
library/x509.c
View File

@ -137,7 +137,7 @@ static inline const char *md_type_to_string(mbedtls_md_type_t md_alg)
case MBEDTLS_MD_SHA1:
return "SHA1";
#endif
#if defined(MBEDTLS_MD_CAN_SHA224)
#if defined(PSA_WANT_ALG_SHA_224)
case MBEDTLS_MD_SHA224:
return "SHA224";
#endif
@ -145,7 +145,7 @@ static inline const char *md_type_to_string(mbedtls_md_type_t md_alg)
case MBEDTLS_MD_SHA256:
return "SHA256";
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_MD_SHA384:
return "SHA384";
#endif
@ -153,7 +153,7 @@ static inline const char *md_type_to_string(mbedtls_md_type_t md_alg)
case MBEDTLS_MD_SHA512:
return "SHA512";
#endif
#if defined(MBEDTLS_MD_CAN_RIPEMD160)
#if defined(PSA_WANT_ALG_RIPEMD160)
case MBEDTLS_MD_RIPEMD160:
return "RIPEMD160";
#endif

4
library/x509write_crt.c
View File

@ -46,6 +46,10 @@ void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx)
{
if (ctx == NULL) {
return;
}
mbedtls_asn1_free_named_data_list(&ctx->subject);
mbedtls_asn1_free_named_data_list(&ctx->issuer);
mbedtls_asn1_free_named_data_list(&ctx->extensions);

4
library/x509write_csr.c
View File

@ -43,6 +43,10 @@ void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx)
void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx)
{
if (ctx == NULL) {
return;
}
mbedtls_asn1_free_named_data_list(&ctx->subject);
mbedtls_asn1_free_named_data_list(&ctx->extensions);

2
pkgconfig/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
Makefile
*.pc

4
programs/Makefile
View File

@ -127,8 +127,8 @@ GENERATED_FILES = psa/psa_constant_names_generated.c test/query_config.c
generated_files: $(GENERATED_FILES)
psa/psa_constant_names_generated.c: $(gen_file_dep) ../scripts/generate_psa_constants.py
psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_values.h
psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_extra.h
psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_values.h
psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_extra.h
psa/psa_constant_names_generated.c: $(gen_file_dep) ../tests/suites/test_suite_psa_crypto_metadata.data
psa/psa_constant_names_generated.c:
echo " Gen $@"

4
programs/fuzz/fuzz_dtlsserver.c
View File

@ -14,7 +14,7 @@
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C) && \
defined(MBEDTLS_TIMING_C) && \
(defined(MBEDTLS_MD_CAN_SHA384) || \
(defined(PSA_WANT_ALG_SHA_384) || \
defined(MBEDTLS_MD_CAN_SHA256))
const char *pers = "fuzz_dtlsserver";
const unsigned char client_ip[4] = { 0x7F, 0, 0, 1 };
@ -33,7 +33,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C) && \
defined(MBEDTLS_TIMING_C) && \
(defined(MBEDTLS_MD_CAN_SHA384) || \
(defined(PSA_WANT_ALG_SHA_384) || \
defined(MBEDTLS_MD_CAN_SHA256))
int ret;
size_t len;

4
programs/psa/CMakeLists.txt
View File

@ -19,8 +19,8 @@ if(GEN_FILES)
${CMAKE_CURRENT_SOURCE_DIR}/../..
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_psa_constants.py
${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_values.h
${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_extra.h
${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_values.h
${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_extra.h
)
else()
link_to_source(psa_constant_names_generated.c)

4
programs/ssl/ssl_client2.c
View File

@ -1527,11 +1527,11 @@ usage:
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
if (opt.psk_opaque != 0) {
/* Determine KDF algorithm the opaque PSK will be used in. */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
} else
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */

27
programs/ssl/ssl_mail_client.c
View File

@ -727,7 +727,11 @@ usage:
mbedtls_printf(" > Write MAIL FROM to server:");
fflush(stdout);
len = sprintf((char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from);
len = mbedtls_snprintf((char *) buf, sizeof(buf), "MAIL FROM:<%s>\r\n", opt.mail_from);
if (len < 0 || (size_t) len >= sizeof(buf)) {
mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n");
goto exit;
}
ret = write_ssl_and_get_response(&ssl, buf, len);
if (ret < 200 || ret > 299) {
mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
@ -739,7 +743,11 @@ usage:
mbedtls_printf(" > Write RCPT TO to server:");
fflush(stdout);
len = sprintf((char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to);
len = mbedtls_snprintf((char *) buf, sizeof(buf), "RCPT TO:<%s>\r\n", opt.mail_to);
if (len < 0 || (size_t) len >= sizeof(buf)) {
mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n");
goto exit;
}
ret = write_ssl_and_get_response(&ssl, buf, len);
if (ret < 200 || ret > 299) {
mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
@ -763,11 +771,16 @@ usage:
mbedtls_printf(" > Write content to server:");
fflush(stdout);
len = sprintf((char *) buf, "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n"
"This is a simple test mail from the "
"Mbed TLS mail client example.\r\n"
"\r\n"
"Enjoy!", opt.mail_from);
len = mbedtls_snprintf((char *) buf, sizeof(buf),
"From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n"
"This is a simple test mail from the "
"Mbed TLS mail client example.\r\n"
"\r\n"
"Enjoy!", opt.mail_from);
if (len < 0 || (size_t) len >= sizeof(buf)) {
mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n");
goto exit;
}
ret = write_ssl_data(&ssl, buf, len);
len = sprintf((char *) buf, "\r\n.\r\n");

4
programs/ssl/ssl_server2.c
View File

@ -2403,11 +2403,11 @@ usage:
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) {
/* Determine KDF algorithm the opaque PSK will be used in. */
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
} else
#endif /* MBEDTLS_MD_CAN_SHA384 */
#endif /* PSA_WANT_ALG_SHA_384 */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */

4
programs/ssl/ssl_test_common_source.c
View File

@ -295,13 +295,13 @@ uint16_t ssl_sig_algs_for_test[] = {
#if defined(MBEDTLS_MD_CAN_SHA512)
MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA512)
#endif
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA384)
#endif
#if defined(MBEDTLS_MD_CAN_SHA256)
MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA256)
#endif
#if defined(MBEDTLS_MD_CAN_SHA224)
#if defined(PSA_WANT_ALG_SHA_224)
MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA224)
#endif
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256)

14
programs/test/CMakeLists.txt
View File

@ -25,14 +25,20 @@ if(TEST_CPP)
WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
)
add_executable(cpp_dummy_build "${cpp_dummy_build_cpp}")
target_include_directories(cpp_dummy_build PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include)
target_include_directories(cpp_dummy_build
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include)
target_link_libraries(cpp_dummy_build ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
endif()
if(USE_SHARED_MBEDTLS_LIBRARY AND
NOT ${CMAKE_SYSTEM_NAME} MATCHES "[Ww][Ii][Nn]")
add_executable(dlopen "dlopen.c")
target_include_directories(dlopen PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include)
target_include_directories(dlopen
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include)
target_link_libraries(dlopen ${CMAKE_DL_LIBS})
endif()
@ -46,13 +52,13 @@ if(GEN_FILES)
${PERL}
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
${CMAKE_CURRENT_BINARY_DIR}/query_config.c
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
)
# this file will also be used in another directory, so create a target, see

1
programs/test/cmake_package/.gitignore vendored
View File

@ -1,3 +1,4 @@
build
Makefile
cmake_package
mbedtls

1
programs/test/cmake_package_install/.gitignore vendored
View File

@ -1,3 +1,4 @@
build
Makefile
cmake_package_install
mbedtls

17
programs/test/generate_cpp_dummy_build.sh
View File

@ -37,10 +37,23 @@ print_cpp () {
EOF
for header in include/mbedtls/*.h include/psa/*.h; do
for header in include/mbedtls/*.h; do
case ${header#include/} in
mbedtls/mbedtls_config.h) :;; # not meant for direct inclusion
mbedtls/config_*.h) :;; # not meant for direct inclusion
*) echo "#include \"${header#include/}\"";;
esac
done
for header in tf-psa-crypto/drivers/builtin/include/mbedtls/*.h; do
case ${header#tf-psa-crypto/drivers/builtin/include/} in
mbedtls/config_*.h) :;; # not meant for direct inclusion
*) echo "#include \"${header#tf-psa-crypto/drivers/builtin/include/}\"";;
esac
done
for header in tf-psa-crypto/include/psa/*.h; do
case ${header#tf-psa-crypto/include/} in
psa/crypto_config.h) :;; # not meant for direct inclusion
psa/crypto_ajdust_config*.h) :;; # not meant for direct inclusion
# Some of the psa/crypto_*.h headers are not meant to be included
@ -48,7 +61,7 @@ EOF
# psa/crypto.h has been included before. Since psa/crypto.h comes
# before psa/crypto_*.h in the wildcard enumeration, we don't need
# to skip those headers.
*) echo "#include \"${header#include/}\"";;
*) echo "#include \"${header#tf-psa-crypto/include/}\"";;
esac
done

Some files were not shown because too many files have changed in this diff Show More