These macros are not part of any public or internal API, ideally they
would be defined in the source files. The reason to put them in
bignum_core.h to avoid duplication as macros for this purpose are
needed in both bignum.c and bignum_core.c.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The complexity of having functions whose security properties depend on a
runtime argument can be dangerous. Limit risk by isolating such code in
small functions with limited scope.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The complexity of having functions whose security properties depend on a
runtime argument can be dangerous. Limit misuse by making any such
functions local.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Attempt to partially solve the performance regression in 3.6.0 without
adding too much code size.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Issue #9179 (MBEDTLS_SSL_CID_OUT_LEN_MAX changed to
MBEDTLS_SSL_CID_IN_LEN_MAX in library\ssl.h and library\ssl_tls.c)
Signed-off-by: Sam Berry <sam.berry@arm.com>
This is ok in practice since we don't support 16-bit platforms, but it makes
`arm-none-eabi-gcc-10 -mthumb -Wformat` complain.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
A large block of code is only reachable if MBEDTLS_PK_USE_PSA_EC_DATA is
enabled, i.e. if MBEDTLS_USE_PSA_CRYPTO is enabled with driver-only ECC.
Compilers are likely to figure it out, but still, for clarity and
robustness, do guard that block of code with the appropriate conditional
compilation guard.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It isn't detected on the CI because we only test this with an ancient Clang
that doesn't warn. Old GCC, modern GCC and modern Clang do
warn (-Wunused-but-set-variable).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This should be CRYPTO_CLIENT and not CRYPTO_C as this function
can be used even when CRYPTO_C is not defined.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
A bug existed previously where this guarantee was not met,
causing some issues in multi-threaded code.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
If psa_get_and_lock_key_slot fails, the slot must be wiped.
This fixes a bug where a pointer to some valid key slot can
be incorrectly returned
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
With multipart AEAD, if we attempt to add zero length additional data,
then with the buffer sharing fixes this can now lead to undefined
behaviour when using gcm. Fix this by returning early, as there is
nothing to do if the input length is zero.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
In case of opaque keys skip the check of the supported primary/enrollment
algorithms. Just try to perfom the signature and if the wrapped key
does not support RSA PSS the operation will fail automatically.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
