yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
25743 commits 89 branches 205 tags 114 MiB
Commit graph

11366 commits

Author SHA1 Message Date
Dave Rodgman b19f584f2c Fix for arm64_32 (aka ILP32) on Clang 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-20 23:01:43 +01:00
Gilles Peskine a3a0025e18
Merge pull request #7806 from paul-elliott-arm/fix_32bit_builds 
[Bignum] Fix 32 bit unreachable code build failure
 2023-06-20 22:13:06 +02:00
Gilles Peskine 5faccf038b
Merge pull request #7805 from paul-elliott-arm/fix_retval 
Pacify clang15 warnings about empty \retval
 2023-06-20 22:12:51 +02:00
Paul Elliott 215ed131cf Fix 32 bit unreachable code build failure 
Given the size of ciL is set dependant on MBEDTLS_HAVE_INT32 /
MBEDTLS_HAVE_INT64, clang rightfully reports this as unreachable code in
32 bit builds. Fix this by using #define guards instead.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-20 17:55:15 +01:00
Paul Elliott 458b96b1a7
Merge pull request #7638 from AndrzejKurek/cert-apps-use-ips 
Use better IP parsing in x509 apps
 2023-06-20 17:21:04 +01:00
Demi Marie Obenour 690b8c9ca7 Add a do-while loop around macros 
This is good practice in C.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
 2023-06-20 11:48:04 -04:00
Dave Rodgman b70ea9fb64 Merge remote-tracking branch 'origin/development' into safer-ct5 2023-06-20 16:12:00 +01:00
Paul Elliott 24f4b73ee5 Pacify clang15 warnings about empty /retval 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-20 15:51:46 +01:00
Valerio Setti e1651360c0 pkwrite: fix wrong guard position for pk_get_opaque_ec_family() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti a9aab1a85b pk/psa: use PSA guard for mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_of_psa() 
This allows also to:
- removing the dependency on ECP_C for these functions and only rely
  on PSA symbols
- removing extra header inclusing from crypto_extra.h
- return MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS to
  their original position in pk.h

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti bc2b1d3288 psa: move mbedtls_ecc_group_to_psa() from inline function to standard one 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti 30fdc03819 pk: remove useless internal function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti 81d75127ba library: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti addeee4531 mbedtls_config: add new MBEDTLS_PK_PARSE_EC_COMPRESSED symbol 
This includes also:
- auto enabling ECP_LIGHT when MBEDTLS_PK_PARSE_EC_COMPRESSED is
  defined
- replacing ECP_LIGHT guards with PK_PARSE_EC_COMPRESSED in pkparse
- disabling PK_PARSE_EC_COMPRESSED in tests with accelarated EC curves
  (it get disabled also in the reference components because we want
  to achieve test parity)
- remove skipped checks in analyze_outcomes.py

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 16:03:46 +02:00
Gilles Peskine 5760bf77c7
Merge pull request #7641 from valeriosetti/issue7614 
Define PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy (step 1)
 2023-06-16 16:00:17 +02:00
Minos Galanakis de87461c23 ecp_curves: Updated the optimised reduction function pointer. 
This patch modifies the `mbedtls_mpi_opt_red_struct` to use an
mpi_uint * pointer and size_t limps arguments.

The methods interacting with this pointer have been updated
accordingly:

- mbedtls_mpi_mod_optred_modulus_setup
- mbedtls_ecp_modulus_setup

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis 5c238d80cd bignum_mod: Updated documentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis 65210952ec ecp_curves: Updated mbedtls_ecp_modulus_setup to use optimised reduction. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis 1d3e332986 ecp_curves: Updated input argument for mbedtls_ecp_modulus_setup. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis be1bf15f76 bignum_mod: Updated optred_modulus_setup to use function input. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis c6e68ed85d bignum_mod: Added mbedtls_mpi_opt_red_struct structure. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis 0f718c9ed0 bignum_mod: Fixed code-style 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis f055ad61dc bignum_mod: Added static standard_modulus_setup(). 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis 88e16dfa2a bignum_mod: Refactored mbedtls_mpi_mod_modulus_setup() 
This patch removes the `int_rep` input parameter for modular
setup, aiming to align it with the optred variant.

Test and test-suite helper functions have been updated
accordingly.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis bbe9db4b29 binum_mod: Added mbedtls_mpi_mod_optred_modulus_setup(). 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Paul Elliott 680233dc3f
Merge pull request #7680 from paul-elliott-arm/raw_ecp_mod_p448 
[Bignum] Split out raw ECP mod p448
 2023-06-16 13:46:25 +01:00
Valerio Setti b46217d5c1 tls: never destroy a priavte key that is not owned/created by TLS module 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 13:18:52 +02:00
Valerio Setti 01cc88a46b config_psa: replace USE symbols with BASIC one for all KEY_PAIRs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:27:02 +02:00
Valerio Setti b0d9aaee1c psa: move PSA_WANT checks to check_crypto_config 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
Valerio Setti 8bb5763a85 library: replace deprecated symbols with temporary _LEGACY ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:23:55 +02:00
Valerio Setti 0813b6f28d tls: optimize code in ssl_get_ecdh_params_from_cert() 
When MBEDTLS_PK_USE_PSA_EC_DATA is defined, opaque and non-opaque keys
are basically stored in the same way (only a diffferent ownership for
the key itself), so they should be treated similarly in the code.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:18:53 +02:00
Janos Follath a426dc31cc
Merge pull request #7782 from gilles-peskine-arm/mbedtls_ecp_modulus_type-move 
Move mbedtls_ecp_modulus_type out of the public headers
 2023-06-16 11:12:57 +01:00
Gilles Peskine f45a5a0ddd
Merge pull request #7700 from silabs-Kusumit/PBKDF2_output_bytes 
PBKDF2: Output bytes
 2023-06-16 10:08:02 +02:00
Gilles Peskine 637c049349 Move mbedtls_ecp_modulus_type out of the public headers 
This is an internal detail of the ECC arithmetic implementation, only
exposed for the sake of the unit tests

Mbed TLS 3.4.0 was released with the type mbedtls_ecp_modulus_type defined
in a public header, but without Doxygen documentation, and without any
public function or data structure using it. So removing it is not an API
break.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-15 19:07:41 +02:00
Kusumit Ghoderao 246e51fd0b Add cleanup for intermediate buffer 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-15 22:15:43 +05:30
Paul Elliott a2e48f751b Split out mbedtls_ecp_mod_p448_raw() 
Switch testing over to using the generic raw functions.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-15 17:16:38 +01:00
Paul Elliott b4df176610
Merge pull request #7637 from paul-elliott-arm/fixed_ecp_mod_p448 
[Bignum] Fixed width for ecp mod p448
 2023-06-15 17:12:02 +01:00
Dave Rodgman 2e7d57270e
Merge pull request #7624 from daverodgman/aes-perf 
AES perf improvements
 2023-06-15 12:10:06 +01:00
Tom Cosgrove 6edf8b8c7b
Merge pull request #7451 from yanrayw/7376_aes_128bit_only 
Introduce config option of 128-bit key only in AES calculation
 2023-06-15 10:35:32 +01:00
Kusumit Ghoderao d07761c19c add return statement 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-15 12:11:15 +05:30
Dave Rodgman 28a97acb3c code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-14 20:15:15 +01:00
Paul Elliott bed9ac7b2d Optimise final 2 rounds 
Final two rounds logic could be significantly simplified.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-14 19:20:33 +01:00
Dave Rodgman d05e7f1ab3 Do not use NEON for AES-CBC on aarch64 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-14 18:58:48 +01:00
Dave Rodgman 906c63cf35 Revert "improve cbc encrypt perf" 
This reverts commit f1e396c427.

Performance is slightly better with this reverted, especially
for AES-CBC 192.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-14 17:55:41 +01:00
Paul Elliott b8f7305b02 Replace sizeof(mbedtls_mpi_uint) with ciL define 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-14 17:52:42 +01:00
Andrzej Kurek 15ddda9ff8 Remove PSA_TO_MD_ERR from ssl_tls.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-14 07:37:46 -04:00
Kusumit Ghoderao 257ea00199 Use output block as U_accumulator 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-14 15:55:11 +05:30
Paul Elliott 3646dc78bc Fix coding style issue 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-14 08:51:08 +01:00
Paul Elliott 436f2ad37c Three round solution 
Attempt to fix failing test by dealing with overflow with three rounds,
instead of previous subtract modulus solution. Also optimise out shifts
by using memcpy / memmove instead. Remove final sub to return canonical
result, as this is not required here.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-13 17:39:44 +01:00
Andrzej Kurek a6033ac431 Add missing guards in tls 1.3 
Error translation is only used with these
defines on.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:47 -04:00
Andrzej Kurek 1e4a030b00 Fix wrong array size calculation in error translation code 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:47 -04:00
Andrzej Kurek b22b9778c7 Move the ARRAY_LENGTH definition to common.h 
Reuse it in the library and tests.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:47 -04:00
Andrzej Kurek 1c7a99856f Add missing ifdefs 
Make sure that the error translating functions
are only defined when they're used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:47 -04:00
Andrzej Kurek 0064484a70 Optimize error translation code size 
Introducing an intermediate function
saves code size that's otherwise taken by excessive,
repeated arguments in each place that
was translating errors.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:46 -04:00
Dave Rodgman c216d94560 Merge remote-tracking branch 'origin/development' into safer-ct5 2023-06-13 10:36:37 +01:00
Dave Rodgman f27727b22e Docs update 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-12 18:33:20 +01:00
Dave Rodgman 1ab0b48ac3 Code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-12 18:22:18 +01:00
Dave Rodgman 58c80f4d92 Make mbedtls_ct_zero non-static 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-12 18:19:46 +01:00
Manuel Pégourié-Gonnard 14f65a47c8
Merge pull request #7714 from daverodgman/sha3-update 
SHA-3 update
 2023-06-12 15:13:30 +02:00
Dave Rodgman 5c394ff203 Use a single fast-path in mbedtls_xor, gains around 1% in benchmarks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-09 20:10:36 +01:00
Dave Rodgman 159dc099fd Code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-09 19:46:07 +01:00
Dave Rodgman 360e04f379 Fix AES-XTS perf regression 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-09 17:23:15 +01:00
Dave Rodgman f32176c0e3 Remove unnecessary cast 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-09 16:25:49 +01:00
Tom Cosgrove ef2aa0ecad Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c 
If we're built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a
way to detect the crypto extensions required, the code turns off _IF_PRESENT
and falls back to C only (with a warning). This was done after the attributes
are pushed, and the pop is done only #if defined(xxx_IF_PRESENT), so this
commit fixes that.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-06-09 11:29:50 +01:00
Dave Rodgman 2894d007d3 Strengthen fall-back for mbedtls_ct_compiler_opaque 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-08 18:07:39 +01:00
Dave Rodgman 6d4933e54d Replace use of MBEDTLS_SHA3_C with MBEDTLS_MD_CAN_SHA3_xxx 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-08 16:03:54 +01:00
Kusumit Ghoderao d9ec1afd13 Fix failing Ci 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-08 20:19:51 +05:30
Gilles Peskine e5e8ba654e
Merge pull request #7666 from mprse/ip_info 
OPC UA: parsing IP's in SubjectAltNames & printing info
 2023-06-08 15:23:21 +02:00
Gilles Peskine 95b43a04a9
Merge pull request #7651 from daverodgman/fix-armclang-compile-fail 
Fix armclang compile fail
 2023-06-08 14:36:18 +02:00
Kusumit Ghoderao 109ee3de36 Use size of buffer for mac_size 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-08 16:36:45 +05:30
Kusumit Ghoderao b821a5fd67 Use multipart mac operation for adding salt and counter 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-08 16:35:55 +05:30
Xiaokang Qian fcdd0477b3 Replace loop zeroise with memset 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-06-08 10:03:53 +00:00
Janos Follath 035e5fc885 Add comments to 448 optimised reduction 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-06-08 09:44:30 +00:00
Dave Rodgman ff45d44c02 Replace MBEDTLS_MD_CAN_SHA3 with MBEDTLS_MD_CAN_SHA3_xxx 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-08 10:11:34 +01:00
Dave Rodgman 2c91f4b8b2 Fix for big-endian architectures 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 19:59:05 +01:00
Dave Rodgman 2f0f998ec4 Unify ABSORB and ABSORB8 to fix compile error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 19:12:04 +01:00
Dave Rodgman b61cd1042a Correct minor merge mistakes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 18:14:45 +01:00
Dave Rodgman 05d71ffe5b Merge remote-tracking branch 'origin/development' into sha3-updated 2023-06-07 18:02:04 +01:00
Dave Rodgman f213d0a7b0 Tidy-up 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 17:09:47 +01:00
Dave Rodgman 1b42763516 Remove NULL checks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 17:09:02 +01:00
Dave Rodgman cf4d2bdc09 Spell as SHA-3 not SHA3 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 17:08:09 +01:00
Dave Rodgman 9d7fa93e6c move mbedtls_sha3_family_functions out of public interface 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 16:50:15 +01:00
Dave Rodgman 1789d84282 remove not-needed fields from SHA-3 context 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 16:50:15 +01:00
Dave Rodgman bcfd79c699 Consume input in 8-byte chunks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 16:50:15 +01:00
Dave Rodgman 2070c2074e Avoid possible NEON alignment issue 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 16:38:26 +01:00
Dave Rodgman 9d1635e742 Revert not-useful changes to AES-CBC decrypt 
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
 2023-06-07 16:38:26 +01:00
Dave Rodgman f1e396c427 improve cbc encrypt perf 
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
 2023-06-07 16:38:26 +01:00
Dave Rodgman 3f47b3f7a3 Extend NEON use to 32-bit Arm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-07 16:38:26 +01:00
Andrzej Kurek c40a1b552c Remove references to x509_invasive.h 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-07 08:54:34 -04:00
Andrzej Kurek cd17ecfe85 Use better IP parsing in x509 programs 
Remove unnecessary duplicated code.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-07 08:50:05 -04:00
Gilles Peskine 13230a4ad3
Merge pull request #7349 from mpg/rm-hash-info 
Remove `hash_info` module
 2023-06-06 21:05:13 +02:00
Gilles Peskine d598eaf212
Merge pull request #7106 from davidhorstmann-arm/parse-oid-from-string 
Parse an OID from a string
 2023-06-06 20:57:17 +02:00
Przemek Stekiel 4d3fc216fc Use safe snprintf 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 11:44:25 +02:00
Przemek Stekiel 01cb6eb251 Fix parsing of SAN IP (use mbedtls_snprintf, validate buffer length) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 11:44:25 +02:00
Przemek Stekiel 093c97d492 Add separate case for ip address 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 11:44:25 +02:00
Przemek Stekiel 0ab5b93922 Add support for parsing SAN IP address 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 11:44:25 +02:00
Kusumit Ghoderao f6a0d57e4d Add pbkdf2 function to key_derivation_output_bytes 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-06 15:05:41 +05:30
Kusumit Ghoderao a4346cdc50 Add pbkdf2_generate_block function 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-06 15:05:39 +05:30
Manuel Pégourié-Gonnard cf61a74209 Add static check for macros that should be in sync 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard 28f504e892 Use PSA-neutral function for availability check 
We just want to check if this hash is available, and the check is
present in builds both with PSA and without it. The function we were
using is only present in builds with PSA, so it wasn't appropriate.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00