This commit modifies the typedef of
mbedtls_pk_rsa_alt_sign_func and propagates the
associated changes throughout the codebase.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Run `make generated_files` to generate the automatically generated
C source files and build scripts.
Run `make neat` to remove all automatically generated files, even C
source files and build scripts.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Removes mode parameter from
mbedtls_rsa_rsaes_oaep_encrypt and propagates
changes throughout the codebase.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Removal of mode parameter from
mbedtls_rsa_rsaes_pkcs1_v15_encrypt. This commit
propagates the change to all relevant function calls
and tests.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Removal of the mode parameter from
mbedtls_rsa_pkcs1_encrypt function. This change
is propagated throughout the codebase and to
relevant tests.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
The changed logic is to try a sign-message driver (opaque or transparent);
if there isn't one, fallback to builtin sofware and do the hashing,
then try a sign-hash driver. This will enable to the opaque driver
to fallback to software.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
To avoid code duplication of the old-style SE interface usage
call psa_driver_wrapper_sign/verify_hash function instead of
the direct internal functions.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
Use common funtion for psa_sign_hash and psa_sign_message and one for
psa_verify_hash and psa_verify_message to unify them.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
The reference session cache implementation may end up storing multiple
sessions associated to the same session ID if the set()-call for the
second session finds an outdated cache entry prior to noticing the entry
with the matching session ID. While this logically overwrites the existing
entry since we always search the cache in order, this is at least a waste
of resources.
This commit fixes this by always checking first whether the given ID is
already present in the cache.
It also restructures the code for easier readability.
Fixes#4509.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
The output parameter of mbedtls_sha256_finish_ret and mbedtls_sha256_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-224 hash into a
28-byte buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove a kludge to avoid a warning in GCC 11 when calling
mbedtls_sha512_finish_ret with a 48-byte output buffer. This is correct
since we're calculating SHA-384. When mbedtls_sha512_finish_ret's output
parameter was declared as a 64-byte array, GCC 11 -Wstringop-overflow
emitted a well-meaning, but inaccurate buffer overflow warning, which we
tried to work around (successfully with beta releases but unsuccessfully
with GCC 11.1.0 as released). Now that the output parameter is declared as a
pointer, no workaround is necessary.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
