Home
last modified time | relevance | path

Searched hist:"55 aed7d798f3d48d6aa08d58eb46c4cda318bcfb" (Results 1 – 5 of 5) sorted by relevance

/rk3399_ARM-atf/drivers/auth/mbedtls/
H A Dmbedtls_psa_crypto.c7731465252bd82ce97620a327f3b5d8905f8bdb1 Mon Jun 03 09:16:19 UTC 2024 Manish V Badarkhe <Manish.Badarkhe@arm.com> fix(mbedtls): sign verification issue with invalid Key/Signature

When the verify_signature function is called with the RSASSA_PSS
signature algorithm and a somewhat well-formed public key, invalid
signatures can be incorrectly verified due to this change [1].
This is primarily because of the introduction of the following code,
where a return check is missing before the goto:

if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
rc = pk_bytes_from_subpubkey((unsigned char **) &pk_ptr, &pk_len);
goto end2;
}

This code executes before the call to psa_verify_message. The
unconditional goto end2; branch leads to the immediate return of rc.
If the call to pk_bytes_from_subpubkey succeeds (i.e., the key is
formatted correctly), the signature is verified regardless of its
actual content.

This change [1] was included in the v2.11 release. Therefore, anyone
using this release with the PSA Crypto implementation must apply
this patch to ensure proper signature verification.

[1]: https://review.trustedfirmware.org/plugins/gitiles/TF-A/
trusted-firmware-a/+/55aed7d798f3d48d6aa08d58eb46c4cda318bcfb/drivers/
auth/mbedtls/mbedtls_psa_crypto.c#447

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Reported-by: Ryan Everett <ryan.everett@arm.com>
Change-Id: Ib484d97a04b7a82dd72592c8b5b153d577d01fc9
55aed7d798f3d48d6aa08d58eb46c4cda318bcfb Wed Apr 10 15:20:13 UTC 2024 Jimmy Brisson <jimmy.brisson@arm.com> feat(mbedtls): update config for 3.6.0

Further, remove reliance of mbedtls_md_psa_alg_from_type on
the actual values of the PSA_ALG_... defines.

And work around a prior bug that would try to import a
SubjectPublicKeyInfo into a PSA key. Instead, we import the
SubjectPublicKey itself.

Change-Id: Ib345b0bd4f2994f366629ed162d18814fd05aa2b
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
H A Dmbedtls_crypto.c55aed7d798f3d48d6aa08d58eb46c4cda318bcfb Wed Apr 10 15:20:13 UTC 2024 Jimmy Brisson <jimmy.brisson@arm.com> feat(mbedtls): update config for 3.6.0

Further, remove reliance of mbedtls_md_psa_alg_from_type on
the actual values of the PSA_ALG_... defines.

And work around a prior bug that would try to import a
SubjectPublicKeyInfo into a PSA key. Instead, we import the
SubjectPublicKey itself.

Change-Id: Ib345b0bd4f2994f366629ed162d18814fd05aa2b
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
H A Dmbedtls_common.mk55aed7d798f3d48d6aa08d58eb46c4cda318bcfb Wed Apr 10 15:20:13 UTC 2024 Jimmy Brisson <jimmy.brisson@arm.com> feat(mbedtls): update config for 3.6.0

Further, remove reliance of mbedtls_md_psa_alg_from_type on
the actual values of the PSA_ALG_... defines.

And work around a prior bug that would try to import a
SubjectPublicKeyInfo into a PSA key. Instead, we import the
SubjectPublicKey itself.

Change-Id: Ib345b0bd4f2994f366629ed162d18814fd05aa2b
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
/rk3399_ARM-atf/plat/arm/board/tc/
H A Dplatform_test.mk55aed7d798f3d48d6aa08d58eb46c4cda318bcfb Wed Apr 10 15:20:13 UTC 2024 Jimmy Brisson <jimmy.brisson@arm.com> feat(mbedtls): update config for 3.6.0

Further, remove reliance of mbedtls_md_psa_alg_from_type on
the actual values of the PSA_ALG_... defines.

And work around a prior bug that would try to import a
SubjectPublicKeyInfo into a PSA key. Instead, we import the
SubjectPublicKey itself.

Change-Id: Ib345b0bd4f2994f366629ed162d18814fd05aa2b
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
/rk3399_ARM-atf/docs/getting_started/
H A Dprerequisites.rstd963c6badeecea264ad49e998a111946a1b33ce6 Fri May 10 14:21:23 UTC 2024 Govindraj Raja <govindraj.raja@arm.com> docs(prerequisites): update mbedtls version used

With Commit@55aed7d798f3d48d6aa08d58eb46c4cda318bcfb
we have now updated to use mbedtls 3.6.0.

Update document to reflect the same.

Change-Id: I6bd8fcca795373a05bc6beb2e085d24fdd14932f
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>