* restricted/development-restricted: (30 commits)
Tiny fix in ChangeLog pt 2
Tiny fix in ChangeLog
Changelog entry for the RSA memory leak
Edit ChangeLog entry
Update ChangeLog
Add test cases for extKeyUsage
Rationalize extKeyUsage tests
Use P_CLI when O_CLI's status is not reliable
Rationalize keyUsage testing, round 2
Always print detailed cert errors in test programs
Fix 1.3 failure to update flags for (ext)KeyUsage
Rationalize ssl-opt tests for keyUsage
Test cert alert KEY_USAGE -> UNSUPPORTED_CERT
Free allocated memory where methods were returning without freeing
Force MBEDTLS_PSA_HMAC_DRBG_MD_TYPE based on CTR_DRBG
Document that MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not force HMAC
Clean up constant-flow memsan testing
Improve description of who is affected
More diversified sizes in tests
Fix stack buffer overflow in ECDSA signature format conversions
...
We are technically allowed to use all possible values of key slice index
that will fit into the bit width we have allocated, so allow all values.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The persistent key cache slice is the last slice (not the first as
previously stated). Update the numbering-related comments accordingly.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
We shouldn't return PSA_SUCCESS from a function that isn't implemented.
PSA_ERROR_NOT_SUPPORTED seems like the most appropriate return status
for a function that isn't implemented.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Reassure both humans and compilers that the places where we assign an
integer to a smaller type are safe.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add a practical way to fill the dynamic key store by artificially limiting
the slice length through a test hook.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, key slots are now organized in
multiple slices. The slices are allocated on demand, which allows the key
store to grow. The size of slices grows exponentially, which allows reaching
a large number of slots with a small (static) number of slices without too
much overhead.
Maintain a linked list of free slots in each slice. This way, allocating a
slot takes O(1) time unless a slice needs to be allocated.
In this commit, slices are only ever freed when deinitializing the key
store. This should be improved in the future to free empty slices.
To avoid growing the persistent key cache without control, the persistent
key cache has a fixed size (reusing MBEDTLS_PSA_KEY_SLOT_COUNT to avoid
creating yet another option).
When MBEDTLS_PSA_KEY_STORE_DYNAMIC is disabled. no semantic change and
minimal changes to the code.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Place some fields of psa_key_slot_t in a union, to prepare for a new field
in free slots that should not require extra memory.
For occupied slots, place only the registered_readers field in the union,
not other fields, to minimize textual changes. All fields could move to the
union except state (also needed in free slots) and attr (which must stay
first to reduce the code size, because it is accessed at many call sites).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add some abstractions around code that traverses the key store, in
preparation for adding support for MBEDTLS_PSA_KEY_STORE_DYNAMIC.
No intended behavior change. The generated machine code should be
almost the same with an optimizing compiler (in principle, it could be the
same with sufficient constant folding and inlining, but in practice it will
likely be a few byes larger),
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix interference between PSA volatile keys and built-in keys
when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and
MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. This overlap used to make it
possible that a volatile key would receive the identifier of a built-in key,
and is now caught by a static assertion.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Ensure that a key ID can't be in range for more than one of volatile keys,
persistent (i.e. user-chosen) keys or built-in keys.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_psa_register_se_key() is not usable with volatile keys, since there
is no way to return the implementation-chosen key identifier which would be
needed to use the key. Document this limitation. Reject an attempt to create
such an unusable key. Fixes#9253.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
At the top level, the macro would have had to be used without a following
semicolon (except with permissive compilers that accept spurious semicolons
outside of a function), which is confusing to humans and indenters. Fix
that.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove the experimental functions psa_generate_key_ext() and
psa_key_derivation_output_key_ext(), which require a flexible array member
and therefore break C++ code that includes Mbed TLS headers. They have been
replaced by psa_generate_key_custom() and
psa_key_derivation_output_key_custom().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Implement `psa_generate_key_custom()` and
`psa_key_derivation_output_key_custom()`. These functions replace
`psa_generate_key_ext()` and `psa_key_derivation_output_key_ext()`.
They have the same functionality, but a slightly different interface:
the `ext` functions use a structure with a flexible array member to pass
variable-length data, while the `custom` functions use a separate parameter.
Keep the `ext` functions for backward compatibility with Mbed TLS 3.6.0.
But make them a thin wrapper around the new `custom` functions.
Duplicate the test code and data. The test cases have to be duplicated
anyway, and the test functions are individually more readable this way.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
