As the definition of psa_pake_operation_s has
been moved the "xyt_t" structure types can not
be used anymore (defined later).
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In crypto_extra.h, move PAKE size calculation macros,
the definition of psa_pake_cipher_suite_s and
psa_pake_operation_s just after PAKE type and values
definitions.
This aligns with the order of crypto header inclusions
in crypto.h: crypto_types.h, then crypto_values.h,
then crypto_sizes.h, and then crypto_struct.h.
Take care of keeping them outside of the pake Doxygen
group as they used to be.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
That way when API are declared, the types they use are defined.
This should resolve the issues related to psa_xyz_init functions
returning a structure described in #7087.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Since Mbed TLS 3.0, blinding is no longer optional in ECDSA.
`mbedtls_ecdsa_write_signature()` and
`mbedtls_ecdsa_write_signature_restartable()` error out if
`f_rng == NULL`. We forgot to update the function documentation.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In public functions that take `f_rng, p_rng` callbacks, link to the
documentation of the callback which is attached to the type name
`mbedtls_f_rng_t`.
Resolves#5868.
```
grep -l -w 'f_rng)' include | xargs perl -i -pe 's/\Qint (*f_rng)(void *, unsigned char *, size_t)\E/mbedtls_f_rng_t *f_rng/g'
```
and include `platform_util.h` where needed.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now programs/x509/cert_write san="DN:CN=#0000;DN:CN=#0000" is no longer
crashing with use-after-free, instead it's now failing cleanly:
failed
! mbedtls_x509_string_to_names returned -0x2800 - X509 - Input invalid
That's better of course but still not great, will be fixed by future
commits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
HKDF-Expand can produce at most 255 * hash_size bytes of key material,
so this limit applies to the TLS 1.3 key material exporter.
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Add the option MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to mbedtls_config.h
to control if the function mbedtls_ssl_export_keying_material() should
be available. By default, the option is disabled.
This is because the exporter for TLS 1.2 requires client_random and
server_random need to be stored after the handshake is complete.
Signed-off-by: Max Fillinger <max@max-fillinger.net>
The TLS-Exporter in TLS 1.2 requires client_random and server_random.
Unless MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined, these aren't stored
after the handshake is completed.
Therefore, mbedtls_ssl_export_keying_material() exists only if either
MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined or MBEDTLS_SSL_PROTO_TLS1_2
is *not* defined.
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
