Merge pull request #9566 from gilles-peskine-arm/error-codes-4.0-enforce-add-macro
Error codes: enforce add macro
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8372905..561498c 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -243,7 +243,15 @@
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
- set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
+ # Old GCC versions hit a performance problem with test_suite_pkwrite
+ # "Private keey write check EC" tests when building with Asan+UBSan
+ # and -O3: those tests take more than 100x time than normal, with
+ # test_suite_pkwrite taking >3h on the CI. Observed with GCC 5.4 on
+ # Ubuntu 16.04 x86_64 and GCC 6.5 on Ubuntu 18.04 x86_64.
+ # GCC 7.5 and above on Ubuntu 18.04 appear fine.
+ # To avoid the performance problem, we use -O2 here. It doesn't slow
+ # down much even with modern compiler versions.
+ set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O2")
set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3")
set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
diff --git a/ChangeLog.d/9690.txt b/ChangeLog.d/9690.txt
new file mode 100644
index 0000000..d00eb16
--- /dev/null
+++ b/ChangeLog.d/9690.txt
@@ -0,0 +1,8 @@
+Security
+ * Fix a buffer underrun in mbedtls_pk_write_key_der() when
+ called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled,
+ and the output buffer is smaller than the actual output.
+ Fix a related buffer underrun in mbedtls_pk_write_key_pem()
+ when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled
+ and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key.
+ CVE-2024-49195
diff --git a/docs/architecture/psa-keystore-design.md b/docs/architecture/psa-keystore-design.md
index cdd2cac..be082a8 100644
--- a/docs/architecture/psa-keystore-design.md
+++ b/docs/architecture/psa-keystore-design.md
@@ -67,7 +67,7 @@
There are three variants of the key store implementation, responding to different needs.
* Hybrid key store ([static key slots](#static-key-store) with dynamic key data): the key store is a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. Key material is allocated on the heap. This is the historical implementation. It remains the default in the Mbed TLS 3.6 long-time support (LTS) branch when using a handwritten `mbedtls_config.h`, as is common on resource-constrained platforms, because the alternatives have tradeoffs (key size limit and larger RAM usage at rest for the static key store, larger code size and more risk due to code complexity for the dynamic key store).
-* Fully [static key store](#static-key-store) (since Mbed TLS 3.6.2): the key store is a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. Each key slot contains the key representation directly, and the key representation must be no more than `MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE` bytes. This is intended for very constrained devices that do not have a heap.
+* Fully [static key store](#static-key-store) (since Mbed TLS 3.6.3): the key store is a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. Each key slot contains the key representation directly, and the key representation must be no more than `MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE` bytes. This is intended for very constrained devices that do not have a heap.
* [Dynamic key store](#dynamic-key-store) (since Mbed TLS 3.6.1): the key store is dynamically allocated as multiple slices on the heap, with a size that adjusts to the application's usage. Key material is allocated on the heap. Compared to the hybrid key store, the code size and RAM consumption are larger. This is intended for higher-end devices where applications are not expected to have a highly predicatable resource usage. This is the default implementation when using the default `mbedtls_config.h` file, as is common on platforms such as Linux, starting with Mbed TLS 3.6.1.
#### Future improvement: merging the key store variants
@@ -95,7 +95,7 @@
The static key store is the historical implementation. The key store is a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. This value is an upper bound for the total number of volatile keys plus loaded keys.
-Since Mbed TLS 3.6.2, there are two variants for the static key store: a hybrid variant (default), and a fully-static variant enabled by the configuration option `MBEDTLS_PSA_STATIC_KEY_SLOTS`. The two variants have the same key store management: the only difference is in how the memory for key data is managed. With fully static key slots, the key data is directly inside the slot, and limited to `MBEDTLS_PSA_KEY_SLOT_BUFFER_SIZE` bytes. With the hybrid key store, the slot contains a pointer to the key data, which is allocated on the heap.
+Since Mbed TLS 3.6.3, there are two variants for the static key store: a hybrid variant (default), and a fully-static variant enabled by the configuration option `MBEDTLS_PSA_STATIC_KEY_SLOTS`. The two variants have the same key store management: the only difference is in how the memory for key data is managed. With fully static key slots, the key data is directly inside the slot, and limited to `MBEDTLS_PSA_KEY_SLOT_BUFFER_SIZE` bytes. With the hybrid key store, the slot contains a pointer to the key data, which is allocated on the heap.
#### Volatile key identifiers in the static key store
diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h
index f40f838..e543297 100644
--- a/tests/configs/user-config-for-test.h
+++ b/tests/configs/user-config-for-test.h
@@ -10,108 +10,6 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#if defined(PSA_CRYPTO_DRIVER_TEST_ALL)
-/* PSA_CRYPTO_DRIVER_TEST_ALL activates test drivers while keeping the
- * built-in implementations active. Normally setting MBEDTLS_PSA_ACCEL_xxx
- * would disable MBEDTLS_PSA_BUILTIN_xxx unless fallback is activated, but
- * here we arrange to have both active so that psa_crypto_*.c includes
- * the built-in implementations and the driver code can call the built-in
- * implementations.
- *
- * The point of this test mode is to verify that the
- * driver entry points are called when they should be in a lightweight
- * way, without requiring an actual driver. This is different from builds
- * with libtestdriver1, where we make a copy of the library source code
- * and use that as an external driver.
- */
-
-/* Enable the use of the test driver in the library, and build the generic
- * part of the test driver. */
-#define PSA_CRYPTO_DRIVER_TEST
-
-/* With MBEDTLS_PSA_CRYPTO_CONFIG, if we set up the acceleration, the
- * built-in implementations won't be enabled. */
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#error \
- "PSA_CRYPTO_DRIVER_TEST_ALL sets up a nonstandard configuration that is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG"
-#endif
-
-/* Use the accelerator driver for all cryptographic mechanisms for which
- * the test driver is implemented. This is copied from psa/crypto_config.h
- * with the parts not implemented by the test driver commented out. */
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD_HASH
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE
-//#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY
-
-#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING
-#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7
-#define MBEDTLS_PSA_ACCEL_ALG_CCM
-#define MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG
-#define MBEDTLS_PSA_ACCEL_ALG_CMAC
-#define MBEDTLS_PSA_ACCEL_ALG_CFB
-#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305
-#define MBEDTLS_PSA_ACCEL_ALG_CTR
-#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA
-#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING
-#define MBEDTLS_PSA_ACCEL_ALG_ECDH
-#define MBEDTLS_PSA_ACCEL_ALG_FFDH
-#define MBEDTLS_PSA_ACCEL_ALG_ECDSA
-#define MBEDTLS_PSA_ACCEL_ALG_JPAKE
-#define MBEDTLS_PSA_ACCEL_ALG_GCM
-//#define MBEDTLS_PSA_ACCEL_ALG_HKDF
-//#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT
-//#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND
-#define MBEDTLS_PSA_ACCEL_ALG_HMAC
-#define MBEDTLS_PSA_ACCEL_ALG_MD5
-#define MBEDTLS_PSA_ACCEL_ALG_OFB
-//#define MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC
-//#define MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128
-#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160
-#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP
-#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT
-#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN
-#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_1
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_224
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_256
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_384
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_512
-#define MBEDTLS_PSA_ACCEL_ALG_SHA3_224
-#define MBEDTLS_PSA_ACCEL_ALG_SHA3_256
-#define MBEDTLS_PSA_ACCEL_ALG_SHA3_384
-#define MBEDTLS_PSA_ACCEL_ALG_SHA3_512
-#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER
-//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF
-//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS
-//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS
-
-#endif /* PSA_CRYPTO_DRIVER_TEST_ALL */
-
-
-
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform
* functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 74ebb79..de8ab2d 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -2671,12 +2671,19 @@
}
component_test_psa_crypto_drivers () {
+ # Test dispatch to drivers and fallbacks with
+ # test_suite_psa_crypto_driver_wrappers test suite. The test drivers that
+ # are wrappers around the builtin drivers are activated by
+ # PSA_CRYPTO_DRIVER_TEST.
+ #
+ # For the time being, some test cases in test_suite_block_cipher and
+ # test_suite_md.psa rely on this component to be run at least once by the
+ # CI. This should disappear as we progress the 4.x work. See
+ # config_adjust_test_accelerators.h for more information.
msg "build: full + test drivers dispatching to builtins"
scripts/config.py full
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
- loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
- loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
- loc_cflags="${loc_cflags} -I../tests/include -O2"
+ loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS"
+ loc_cflags="${loc_cflags} -I../tests/include"
make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h
new file mode 100644
index 0000000..7d93042
--- /dev/null
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_test_accelerators.h
@@ -0,0 +1,121 @@
+/*
+ * \file mbedtls/config_adjust_test_accelerators.h
+ * \brief Declare the transparent test drivers as accelerators
+ *
+ * This is an internal header for test purposes only. Do not include it directly.
+ *
+ * As part of the transition to MBEDTLS_PSA_CRYPTO_CONFIG always on, the
+ * purpose of this header is to keep executing as long as necessary some
+ * driver-only related unit test cases when running the test_psa_crypto_drivers
+ * all.sh component (namely test cases in test_suite_block_cipher and
+ * test_suite_md.psa). It is expected that as the 4.x work progress these test
+ * cases will not be necessary anymore and:
+ * . test_psa_crypto_drivers scope is restricted to running the
+ * test_suite_psa_crypto_driver_wrappers test suite: test of the dispatch to
+ * drivers and fallbacks.
+ * . this file can be removed.
+ *
+ * This header is used as part of a build containing all the built-in drivers
+ * and all the transparent test drivers as wrappers around the built-in
+ * drivers. All the built-in drivers and the transparent test drivers are
+ * included in the build by starting from a full configuration (config.py full)
+ * and defining PSA_CRYPTO_DRIVER_TEST when building
+ * (make CFLAGS="-DPSA_CRYPTO_DRIVER_TEST ...").
+ *
+ * The purpose of this header is to declare the transparent test drivers as
+ * accelerators just after infering the built-in drivers
+ * (config_adjust_legacy_from_psa.h). Not before the inclusion
+ * of config_adjust_legacy_from_psa.h in the build_info.h sequence of header
+ * inclusions as this would remove the built-in drivers. Just after to set up
+ * properly the internal macros introduced as part of the driver only work
+ * (mainly if not only in config_adjust_legacy_crypto.h).
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H
+#define MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H
+
+#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
+ "up to and including runtime errors such as buffer overflows. " \
+ "If you're trying to fix a complaint from check_config.h, just remove " \
+ "it from your configuration file: since Mbed TLS 3.0, it is included " \
+ "automatically at the right point."
+#endif
+
+/* Declare the accelerator driver for all cryptographic mechanisms for which
+ * the test driver is implemented. This is copied from psa/crypto_config.h
+ * with the parts not implemented by the test driver commented out. */
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE //no-check-names
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD //no-check-names
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD_HASH //no-check-names
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC //no-check-names
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE
+//#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA //no-check-names
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY
+
+#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING
+#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7
+#define MBEDTLS_PSA_ACCEL_ALG_CCM
+#define MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG
+#define MBEDTLS_PSA_ACCEL_ALG_CMAC
+#define MBEDTLS_PSA_ACCEL_ALG_CFB
+#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305
+#define MBEDTLS_PSA_ACCEL_ALG_CTR
+#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA
+#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING
+#define MBEDTLS_PSA_ACCEL_ALG_ECDH
+#define MBEDTLS_PSA_ACCEL_ALG_FFDH
+#define MBEDTLS_PSA_ACCEL_ALG_ECDSA
+#define MBEDTLS_PSA_ACCEL_ALG_JPAKE
+#define MBEDTLS_PSA_ACCEL_ALG_GCM
+//#define MBEDTLS_PSA_ACCEL_ALG_HKDF
+//#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT
+//#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND
+#define MBEDTLS_PSA_ACCEL_ALG_HMAC
+#define MBEDTLS_PSA_ACCEL_ALG_MD5
+#define MBEDTLS_PSA_ACCEL_ALG_OFB
+//#define MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC
+//#define MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128
+#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160
+#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP
+#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT
+#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN
+#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_1
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_224
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_256
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_384
+#define MBEDTLS_PSA_ACCEL_ALG_SHA_512
+#define MBEDTLS_PSA_ACCEL_ALG_SHA3_224
+#define MBEDTLS_PSA_ACCEL_ALG_SHA3_256
+#define MBEDTLS_PSA_ACCEL_ALG_SHA3_384
+#define MBEDTLS_PSA_ACCEL_ALG_SHA3_512
+#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER
+//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF
+//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS
+//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS
+
+#endif /* MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H */
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h
index 2520a9a..86bcc80 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h
@@ -38,7 +38,10 @@
/* If we are implementing PSA crypto ourselves, then we want to enable the
* required built-ins. Otherwise, PSA features will be provided by the server. */
#include "mbedtls/config_adjust_legacy_from_psa.h"
+#if defined(MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS) //no-check-names
+#include "mbedtls/config_adjust_test_accelerators.h"
#endif
+#endif /* MBEDTLS_PSA_CRYPTO_C */
#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
diff --git a/tf-psa-crypto/drivers/builtin/src/pkwrite.c b/tf-psa-crypto/drivers/builtin/src/pkwrite.c
index 8c01b44..0b57995 100644
--- a/tf-psa-crypto/drivers/builtin/src/pkwrite.c
+++ b/tf-psa-crypto/drivers/builtin/src/pkwrite.c
@@ -65,17 +65,21 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
uint8_t tmp[PSA_EXPORT_KEY_PAIR_MAX_SIZE];
- size_t len = 0, tmp_len = 0;
+ size_t tmp_len = 0;
if (psa_export_key(pk->priv_id, tmp, sizeof(tmp), &tmp_len) != PSA_SUCCESS) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
+ /* Ensure there's enough space in the provided buffer before copying data into it. */
+ if (tmp_len > (size_t) (*p - buf)) {
+ mbedtls_platform_zeroize(tmp, sizeof(tmp));
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*p -= tmp_len;
memcpy(*p, tmp, tmp_len);
- len += tmp_len;
mbedtls_platform_zeroize(tmp, sizeof(tmp));
- return (int) len;
+ return (int) tmp_len;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
return mbedtls_rsa_write_key(mbedtls_pk_rsa(*pk), buf, p);
@@ -125,6 +129,10 @@
if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
+ /* Ensure there's enough space in the provided buffer before copying data into it. */
+ if (len > (size_t) (*p - start)) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*p -= len;
memcpy(*p, buf, len);
return (int) len;
diff --git a/tf-psa-crypto/tests/suites/test_suite_pkwrite.data b/tf-psa-crypto/tests/suites/test_suite_pkwrite.data
index 67a846b..d895d39 100644
--- a/tf-psa-crypto/tests/suites/test_suite_pkwrite.data
+++ b/tf-psa-crypto/tests/suites/test_suite_pkwrite.data
@@ -30,13 +30,16 @@
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_521
pk_write_pubkey_check:"../../framework/data_files/ec_521_pub.der":TEST_DER
-Public key write check EC Brainpool 512 bits
-depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512
-pk_write_pubkey_check:"../../framework/data_files/ec_bp512_pub.pem":TEST_PEM
+## The pk_write_pubkey_check sometimes take ~3 hours to run with
+## GCC+Asan on the CI in the full config. Comment out the slowest
+## ones while we investigate and release 3.6.2.
+# Public key write check EC Brainpool 512 bits
+# depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512
+# pk_write_pubkey_check:"../../framework/data_files/ec_bp512_pub.pem":TEST_PEM
-Public key write check EC Brainpool 512 bits (DER)
-depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_512
-pk_write_pubkey_check:"../../framework/data_files/ec_bp512_pub.der":TEST_DER
+# Public key write check EC Brainpool 512 bits (DER)
+# depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_512
+# pk_write_pubkey_check:"../../framework/data_files/ec_bp512_pub.der":TEST_DER
Public key write check EC X25519
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255
diff --git a/tf-psa-crypto/tests/suites/test_suite_pkwrite.function b/tf-psa-crypto/tests/suites/test_suite_pkwrite.function
index 735c125..491bc48 100644
--- a/tf-psa-crypto/tests/suites/test_suite_pkwrite.function
+++ b/tf-psa-crypto/tests/suites/test_suite_pkwrite.function
@@ -2,6 +2,7 @@
#include "pk_internal.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
+#include "mbedtls/base64.h"
#include "psa/crypto_sizes.h"
typedef enum {
@@ -73,6 +74,7 @@
unsigned char *check_buf = NULL;
unsigned char *start_buf;
size_t buf_len, check_buf_len;
+ int expected_result;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t opaque_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
@@ -109,6 +111,17 @@
start_buf = buf;
buf_len = check_buf_len;
+ if (is_der) {
+ expected_result = MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ } else {
+ expected_result = MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
+ }
+ /* Intentionally pass a wrong size for the provided output buffer and check
+ * that the writing functions fails as expected. */
+ for (size_t i = 1; i < buf_len; i++) {
+ TEST_EQUAL(pk_write_any_key(&key, &start_buf, &i, is_public_key,
+ is_der), expected_result);
+ }
TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key,
is_der), 0);
@@ -127,6 +140,12 @@
TEST_EQUAL(mbedtls_pk_setup_opaque(&key, opaque_id), 0);
start_buf = buf;
buf_len = check_buf_len;
+ /* Intentionally pass a wrong size for the provided output buffer and check
+ * that the writing functions fails as expected. */
+ for (size_t i = 1; i < buf_len; i++) {
+ TEST_EQUAL(pk_write_any_key(&key, &start_buf, &i, is_public_key,
+ is_der), expected_result);
+ }
TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key,
is_der), 0);