Mention that arbitrary overlap is now supported, except whenever
MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
from ssl.h(public) to ssl_misc.h(private) even if
that means we cannot use the enum type for
early_data_state in ssl.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Do not use the return values of
mbedtls_ssl_get_early_data_status()
(MBEDTLS_SSL_EARLY_DATA_STATUS_ macros)
for the state of the negotiation and
transfer of early data during the
handshake.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Specifically:
* Clarify that passing shared buffers is now secure by default (not
newly supported)
* Remove spurious hyphen
* Clarify that we do not guarantee copying, but rather guarantee
protection, allowing us to implement this differently in future if
required.
* Mention both protection of inputs from modification and outputs from
exposure of intermediate results.
* Invert the config option, from an enable-option to a disable-option.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Fix errors in merge conflict resolution - change
psa_generate_random_internal() to return directly rather than jumping to
an exit label and restore the variable psa_status_t status.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Reads and writes of rng_state in psa_crypto_init() and psa_crypto_free()
were already covered by mutex.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Unfortunately this requires holding the mutex for the entire
psa_crypto_init() function, as calling psa_crypto_free() from another
thread should block until init has ended, then run.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Fix mbedtls_pk_copy_from_psa() and mbedtls_pk_copy_public_from_psa() to
still work when the algorithm in the key policy is not an RSA
algorithm (typically PSA_ALG_NONE). Add a dedicated test case and adjust the
test code. Fixes the test case "Copy from PSA: non-exportable -> public, RSA"
when MBEDTLS_PKCS1_V15 is disabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Document and implement mbedtls_pk_copy_public_from_psa() to export the
public key of a PSA key into PK.
Unit-test it alongside mbedtls_pk_copy_from_psa().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Explain why this kind of test is possible for RSA keys, while
it is not possible for EC ones.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The sign/verify functions happily use the wrong algorithm, but the
encrypt/decrypt functions error out if the padding mode specifies V21.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
